The CA API Gateway must generate error messages that provide the information necessary for corrective actions without revealing information that could be exploited by adversaries.

Description

<VulnDiscussion>Providing too much information in error messages risks compromising the data and security of the application and system. Organizations must carefully consider the structure/content of error messages. The required information within error messages will vary based on the protocol and error condition. Information that could be exploited by adversaries includes, for example, ICMP messages that reveal the use of firewalls or access-control lists. The CA API Gateway must include within the Registered Services Policies customized error responses revealing only the necessary information as required by the organization.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>