PCI-DSS 4.0 6.5.5

Improper error handling

UnveilScan findings mapped to this control

The scanner emits 1 distinct finding on this control. Click "Scan a domain" below to see which of them currently apply to your site, with copy-paste remediation snippets (nginx, Apache, DNS BIND, web-server config).

web.debug_error_messages ⏱ 1h

WEB — Debug error messages

Risk if ignored: Stack traces and framework debug output tell an attacker the exact runtime + version + relative paths of the codebase, accelerating CVE-matching and pinpointing exploitable endpoints. Many real-world breaches start with a leaked traceback confirming a framework is in scope for a known deserialization or templating CVE.

security operational

Also maps to 3 other controls

ANSSI Hygiène R19 — Désactiver les services non nécessaires (mode debug en production)
ISO 27001:2022 A.8.9 — Configuration management
NIS 2 Art. 21.2(d) — Supply-chain security