Detailed error messages

Detailed error messages can include overly informative descriptions, stack traces, variable values, and other
debugging data. Often, they are more likely to be generated when a system or application is in debug mode
or when debugging features are enabled. When debug mode is active, the software or system provides
extensive diagnostic information to help developers identify and resolve issues efficiently. However, it should
not be enabled for production environments.
We identified that the server sent the client detailed error messages with the various deployment system
information, as the following screenshots demonstrate:

3.3.2 Implication and Impact

Detailed error messages might disclose information about the application and its architecture or
infrastructure, which an attacker could utilize to generate precise attacks.

3.3.3 Affected resources
• https://XXX.com

3.3.4 Recommendations
Consider disabling the development mode and ensure that the web application does not disclose sensitive
information, such as detailed error messages.

Screenshot of a Tridion Sites error page showing 'Invalid query parameters' with a detailed error message and stack trace highlighted in red.

Screenshot of a request and response in a debugging tool showing a detailed error message and stack trace related to deserialization issues, with specific parameters and values visible.

Brian Wang

Tridion Ideas > Tridion Sites Ideas

Detailed error messages