Error Message (MySQL)

  • PCI 3.2-6.5.5
  • OWASP 2013-A5

Application error or warning messages may expose sensitive information about an application's internal workings to an attacker. The message may also contain the location of the file that produced an unhandled exception.

Remediation

Verify that this page is disclosing error or warning messages and properly configure the application to log errors to a file instead of displaying the error to the user.

References