Posted: 18 Oct 2016 5:46 EDT Last activity: 7 May 2017 21:45 EDT
Java Run time error while accessing : https://< HostName >/prweb/PRRestService
While accessing, following URL, Pega throws run time exception error as shown in the attachment.
My Security testing team says this is a vulnerability as exceptions are not handled properly and recommends - 'Use generic error pages and error handling logic to inform end users of potential problems. Do not provide system information or other data that could be used by an attacker when orchestrating an attack.'
For example, If I access the following URL, I get a proper error message : 'Request URI must contain service package, class, and method keys'
Can you check this out ?
***Updated by Moderator: Marissa to add tag SR Created, added SR details***