[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Open
  • Priority: High
  • Security: Public
  • Views: 43
  • Last Modified:

vulnerability

I am running a test in SpIDER WEB and it returns the following error message , How can I fix the error to avoid vulnerability
FireShot-Capture-1---Vulnerability-R.png
FireShot-Capture-4---Vulnerability-R.png
0
erikTsomik
Asked:
erikTsomik
6 Comments
 
_agx_Commented:
We need to see the error message and associated code.
0
 
masnrockCommented:
A lot of buffer overflows comes down to input validation, assuming this is based on form input. Bounds checking becomes a key point in this. As for the integer one, you might want to analyze your code and see exactly what type of operation is being done. You're probably performing some math operation that returns an integer. Casting or other data checking is going to be a necessary part of fixing this.
1
 
_agx_Commented:
In addition to what masnrock said, that kind of detailed error information shouldn't be returned to users . The less information potential attackers have, the better.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
btanExec ConsultantCommented:
Integer overflow - Likely there are arithmetic operations that cause a number to either grow too large to be represented in the number of bits allocated to it (data type assigned), or too small. You should provide in the codes a safe object wrappers for numerical data types, just as it does for other generic data types such as phone numbers and email addresses. Secure coding requires perform overflow/underflow checks first before moving to the next line of code. In short code changes are needed.

Buffer overflow -  Target to corrupt the execution stack of a web application.Normally, wWriting data to particular memory addresses
or having the operating system mishandle data types (as earlier mentioned) will leads to this findings. A number of general techniques to prevent buffer overflows include:  
  1. Code auditing (automated or manual)
  2. Developer training – bounds checking, use of unsafe functions, and group standards
  3. Non-executable stacks – many operating systems have at least some support for this
  4. Compiler tools – StackShield, StackGuard, and Libsafe, among others
  5. Safe functions – use strncat instead of strcat, strncpy instead of strcpy, etc
  6. Patches – Keep your web and application servers fully patched. Stay aware of bug reports relating to your applications used libraries too.
  7. Continue to conduct regular scan of your application as you done for any major codes changes.
1
 
erikTsomikSystem Architect, CF programmer Author Commented:
the error message are provided in the attachment
0
 
_agx_Commented:
No, the images only show the standard header blurb

             "Error occurred while processing request".  

The actual error message follows that header. For example:

The following information is meant for the website developer for debugging purposes.

Error Occurred While Processing Request
                                                                                    <=============== Actual error message starts here
Division by zero.  
Division by zero is not allowed.
 
The error occurred in C:/ColdFusion/cfusion/wwwroot/test.cfm: line 1

1 : <cfset a = 1/0>

2 :
0

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now