REG: Application error disclosure

Dharini n

unread,

Feb 3, 2023, 2:29:49 AM2/3/23

to OWASP ZAP Developer Group

Hai everyone,

In my application am getting application error disclosure security issue using owasp zap tool.

I have implemented the custom errors in my application based on references. but still am getting this error in default dll and script files.

Owasp Zap tool identify the any error related words like (Internal error, ‘this._Items[…].0’ is null or not an object) from .js script and default dll files.

Any solution for this please suggest me.

psiinon

unread,

Feb 3, 2023, 4:12:51 AM2/3/23

to OWASP ZAP Developer Group

Are these errors from a ZAP rule or one of your own?

Either way, as per your other post - we need details.

We're not telepathic :)

Cheers,

Simon

Dharini n

unread,

Feb 3, 2023, 5:30:57 AM2/3/23

to OWASP ZAP Developer Group

Getting error from Zap tool

I have attached the image for your references.

chrome_Y2jv9O9L1V.png

psiinon

unread,

Feb 6, 2023, 5:15:34 AM2/6/23

to OWASP ZAP Developer Group

OK, this is also a false positive, and in this case I think we could improve ZAP.

I think we should only raise alerts like this on JS / CSS pages at a low threshold.

I've raised this bug: https://github.com/zaproxy/zaproxy/issues/7724

Cheers,

Simon

Reply all

Reply to author

Forward