vulnerability

I am running a test in SpIDER WEB and it returns the following error message , How can I fix the error to avoid vulnerability
FireShot-Capture-1---Vulnerability-R.png
FireShot-Capture-4---Vulnerability-R.png
LVL 19
erikTsomikSystem Architect, CF programmer Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

_agx_Commented:
We need to see the error message and associated code.
0
masnrockCommented:
A lot of buffer overflows comes down to input validation, assuming this is based on form input. Bounds checking becomes a key point in this. As for the integer one, you might want to analyze your code and see exactly what type of operation is being done. You're probably performing some math operation that returns an integer. Casting or other data checking is going to be a necessary part of fixing this.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
_agx_Commented:
In addition to what masnrock said, that kind of detailed error information shouldn't be returned to users . The less information potential attackers have, the better.
0
Newly released Acronis True Image 2019

In announcing the release of the 15th Anniversary Edition of Acronis True Image 2019, the company revealed that its artificial intelligence-based anti-ransomware technology – stopped more than 200,000 ransomware attacks on 150,000 customers last year.

btanExec ConsultantCommented:
Integer overflow - Likely there are arithmetic operations that cause a number to either grow too large to be represented in the number of bits allocated to it (data type assigned), or too small. You should provide in the codes a safe object wrappers for numerical data types, just as it does for other generic data types such as phone numbers and email addresses. Secure coding requires perform overflow/underflow checks first before moving to the next line of code. In short code changes are needed.

Buffer overflow -  Target to corrupt the execution stack of a web application.Normally, wWriting data to particular memory addresses
or having the operating system mishandle data types (as earlier mentioned) will leads to this findings. A number of general techniques to prevent buffer overflows include:  
  1. Code auditing (automated or manual)
  2. Developer training – bounds checking, use of unsafe functions, and group standards
  3. Non-executable stacks – many operating systems have at least some support for this
  4. Compiler tools – StackShield, StackGuard, and Libsafe, among others
  5. Safe functions – use strncat instead of strcat, strncpy instead of strcpy, etc
  6. Patches – Keep your web and application servers fully patched. Stay aware of bug reports relating to your applications used libraries too.
  7. Continue to conduct regular scan of your application as you done for any major codes changes.
1
erikTsomikSystem Architect, CF programmer Author Commented:
the error message are provided in the attachment
0
_agx_Commented:
No, the images only show the standard header blurb

             "Error occurred while processing request".  

The actual error message follows that header. For example:

The following information is meant for the website developer for debugging purposes.

Error Occurred While Processing Request
                                                                                    <=============== Actual error message starts here
Division by zero.  
Division by zero is not allowed.
 
The error occurred in C:/ColdFusion/cfusion/wwwroot/test.cfm: line 1

1 : <cfset a = 1/0>

2 :
0
masnrockCommented:
Answered
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.