• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 75
  • Last Modified:

vulnerability

I am running a test in SpIDER WEB and it returns the following error message , How can I fix the error to avoid vulnerability
FireShot-Capture-1---Vulnerability-R.png
FireShot-Capture-4---Vulnerability-R.png
0
erikTsomik
Asked:
erikTsomik
4 Solutions
 
_agx_Commented:
We need to see the error message and associated code.
0
 
masnrockCommented:
A lot of buffer overflows comes down to input validation, assuming this is based on form input. Bounds checking becomes a key point in this. As for the integer one, you might want to analyze your code and see exactly what type of operation is being done. You're probably performing some math operation that returns an integer. Casting or other data checking is going to be a necessary part of fixing this.
1
 
_agx_Commented:
In addition to what masnrock said, that kind of detailed error information shouldn't be returned to users . The less information potential attackers have, the better.
0
Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
btanExec ConsultantCommented:
Integer overflow - Likely there are arithmetic operations that cause a number to either grow too large to be represented in the number of bits allocated to it (data type assigned), or too small. You should provide in the codes a safe object wrappers for numerical data types, just as it does for other generic data types such as phone numbers and email addresses. Secure coding requires perform overflow/underflow checks first before moving to the next line of code. In short code changes are needed.

Buffer overflow -  Target to corrupt the execution stack of a web application.Normally, wWriting data to particular memory addresses
or having the operating system mishandle data types (as earlier mentioned) will leads to this findings. A number of general techniques to prevent buffer overflows include:  
  1. Code auditing (automated or manual)
  2. Developer training – bounds checking, use of unsafe functions, and group standards
  3. Non-executable stacks – many operating systems have at least some support for this
  4. Compiler tools – StackShield, StackGuard, and Libsafe, among others
  5. Safe functions – use strncat instead of strcat, strncpy instead of strcpy, etc
  6. Patches – Keep your web and application servers fully patched. Stay aware of bug reports relating to your applications used libraries too.
  7. Continue to conduct regular scan of your application as you done for any major codes changes.
1
 
erikTsomikSystem Architect, CF programmer Author Commented:
the error message are provided in the attachment
0
 
_agx_Commented:
No, the images only show the standard header blurb

             "Error occurred while processing request".  

The actual error message follows that header. For example:

The following information is meant for the website developer for debugging purposes.

Error Occurred While Processing Request
                                                                                    <=============== Actual error message starts here
Division by zero.  
Division by zero is not allowed.
 
The error occurred in C:/ColdFusion/cfusion/wwwroot/test.cfm: line 1

1 : <cfset a = 1/0>

2 :
0
 
masnrockCommented:
Answered
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now