Information Medium Verbose Java error output has been detected. Data in this output could reveal sensitive information about the application that could aid more complex attacks. The error itself may be indicative of a security vulnerability. The administrator should configure a custom error page for production servers, with detailed error output being logged elsewhere. The nature of the error should be investigated. Many application servers can send verbose error output to clients, and some do this by default. This verbose error output can include stack traces and other detailed, sensitive information. This could be used by attackers to identify patchlevels, filesystem layout, configuration settings, or internal details about the application or database. Such output should never be sent to remote clients from production servers. Securing Tomcat (OWASP) Information Leakage (OWASP) Information Leakage (WASC)