2

Recently I coincidentally have discovered that an api endpoint of an insurance company is sending a StackTrace of a JSON parser as response to a http POST message with bad formatted JSON in the content field.

The url of the endpoint is indicating that it has the job to save data which is sent by a client. The stacktrace looks like this:

JSON parse error: Unrecognized token 'nul': was expecting 'null', 'true', 'false' or NaN;
nested exception is com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'nul': 
was expecting 'null', 'true', 'false' or NaN\n at [Source: 
java.io.PushbackInputStream@5f81c2d8; line: 1, column: 10]"

How big of a risk is this?

Matthias Herrmann
  • 123
  • 6

1 Answers1

2

By itself, it does not represent a particularly large vulnerability. It does, however have the potential to disclose information about the system which can make it easier to attack. For example, with the stack trace you've given us, we can see that the system is running fasterxml. A quick google search led me to the following list of vulnerabilities: https://www.cvedetails.com/vulnerability-list/vendor_id-15866/product_id-34008/Fasterxml-Jackson.html. The system may or may not have one of those vulnerabilities.

Assuming the system is vulnerable to one of the listed vulnerabilities, we could still exploit the vulnerability, even if we were not shown the error message. Hiding the stacktrace would not solve the underlying issue. It would however, make it more difficult to detect.

Dan Landberg
  • 3,312
  • 12
  • 17