The application server must identify potentially security-relevant error conditions.

From Application Server Security Requirements Guide

Associated with: CCI-001312

SV-71843r2_rule The application server must identify potentially security-relevant error conditions.

Vulnerability discussion

The structure and content of error messages need to be carefully considered by the organization and development team. Any application providing too much information in error logs and in administrative messages to the screen risks compromising the data and security of the application and system. The extent to which the application server is able to identify and handle error conditions is guided by organizational policy and operational requirements. Adequate logging levels and system performance capabilities need to be balanced with data protection requirements.The structure and content of error messages needs to be carefully considered by the organization and development team.Application servers must have the capability to log at various levels which can provide log entries for potential security-related error events.An example is the capability for the application server to assign a criticality level to a failed logon attempt error message, a security-related error message being of a higher criticality.

Check content

Review the application server configuration to determine if the system identifies potentially security-relevant error conditions on the server. If this function is not performed, this is a finding.

Fix text

Configure the application server to identify potentially security-relevant error conditions on the server.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.