Skip to content

Server Error

Description

Internal server errors can indicate underlying vulnerabilities and misconfigurations that malicious actors can exploit. Persistent occurrences of such errors can also undermine user trust in the platform's security and stability.

Remediation

To fix this issue, you should check the logs and fix the handler that caused the error. Make sure you also refer to the query we sent to the server to reproduce the issue.

GraphQL Specific

Apollo To address server errors in the Apollo framework engine, ensure that your resolvers are correctly implemented and handle exceptions properly. Use try-catch blocks to catch unexpected errors and return user-friendly error messages. Additionally, validate input data to prevent invalid queries from causing errors. Monitor your server's performance and logs to identify and fix issues promptly. Keep the Apollo server and its dependencies up to date with the latest security patches and performance improvements.
Yoga To address the 'Server Error' in the Yoga framework engine, ensure that the server-side code is properly handling exceptions and providing meaningful error messages. Check the server logs for detailed error information, verify the configurations, and ensure all dependencies are correctly installed and up-to-date. If the error persists, consider reaching out to the Yoga framework community or consulting the documentation for specific guidance related to the error encountered.
Awsappsync To address a server error in the AWS AppSync framework engine, ensure that your GraphQL schema is correctly defined and that the resolvers are properly configured. Check the CloudWatch logs for any specific error messages and take corrective actions based on the logs. Additionally, confirm that your AWS IAM roles and permissions are set up correctly to allow AppSync to access the necessary resources. If the issue persists, consider increasing the memory or timeout settings for your Lambda functions if they are part of the data source. Lastly, consult the AWS AppSync documentation for troubleshooting guidance or reach out to AWS support for further assistance.
Graphqlgo To address server errors in a GraphQL Go framework engine, ensure that your resolvers handle errors gracefully and return meaningful error messages to the client. Implement proper error logging to monitor and troubleshoot issues. Use middleware for error handling to catch and format errors consistently. Additionally, validate and sanitize all inputs to prevent injection attacks, and consider using a well-maintained library to help manage these concerns.
Graphqlruby Ensure that the GraphQL Ruby framework is updated to the latest version to address any known vulnerabilities. Implement proper error handling to avoid exposing stack traces or sensitive information to the client. Use parameterized queries to prevent injection attacks, and consider implementing rate limiting and authentication to protect against abusive requests. Regularly review your schema and resolvers for security best practices.
Hasura To address server errors in the Hasura framework, ensure that your GraphQL queries are correctly structured and that the Hasura engine has the appropriate permissions to access the underlying database. Check the error logs for specific messages and consider increasing logging levels for more detailed information. Verify that all required services and dependencies are running and properly configured. If the issue persists, consult the Hasura documentation and community forums for troubleshooting guidance or consider reaching out to Hasura support for professional assistance.
Agoo Ensure proper error handling and logging in the Agoo framework to prevent exposure of sensitive information and improve debugging.
Ariadne Ensure proper exception handling and logging in the Ariadne framework to prevent exposure of sensitive information and improve debugging.
Caliban Ensure proper error handling and logging in the Caliban framework to prevent exposure of sensitive information and improve debugging efficiency.
Dgraph Ensure proper schema validation and error handling in Dgraph queries to prevent unexpected server errors.
Dianajl Ensure the DianaJL framework engine is updated to the latest version to patch known vulnerabilities and review server configurations to prevent misconfigurations that could lead to internal server errors.
Directus Ensure proper error handling and logging in the Directus framework to prevent exposure of sensitive information and to aid in diagnosing and resolving server errors efficiently.
Flutter Regularly update the Flutter framework and engine to the latest stable version to ensure security patches and performance improvements are applied.
Graphene Ensure proper error handling and logging in the Graphene framework to prevent exposure of sensitive information and improve debugging.
Graphqlapiforwp Regularly update the GraphQL API for WordPress framework to the latest version to ensure all security patches are applied and review API configurations to prevent exposure of sensitive data.
Graphqlgophergo Implement input validation and schema validation to ensure that all GraphQL queries and mutations are properly structured and adhere to the defined schema, reducing the risk of injection attacks and other vulnerabilities in the GopherJS framework.
Graphqljava Implement input validation and schema validation to prevent malicious queries in the GraphQL Java framework.
Graphqlphp Ensure proper validation and sanitization of inputs in the GraphQLPHP framework to prevent injection attacks and improve error handling to provide meaningful feedback without exposing sensitive information.
Graphqlyoga Ensure proper error handling and logging in the GraphQL Yoga framework to prevent exposure of sensitive information and improve debugging.
Hypergraphql Ensure proper exception handling and logging in the HyperGraphQL framework to identify and address underlying issues causing server errors.
Jaal Regularly update the Jaal framework engine to the latest version to ensure all security patches and improvements are applied.
Juniper Ensure proper configuration and regular updates of the Juniper framework engine to prevent internal server errors and enhance system security.
Lacinia Ensure proper exception handling and logging in the Lacinia framework to prevent exposure of sensitive information and improve debugging.
Lighthouse Ensure proper configuration and regular updates of the Lighthouse framework engine to prevent security vulnerabilities and maintain optimal performance.
Mercurius Ensure proper error handling and logging in the Mercurius framework to prevent exposure of sensitive information and improve debugging.
Morpheusgraphql Implement comprehensive error logging and monitoring to quickly identify and address internal server errors in the MorpheusGraphQL framework engine.
Qglgen Ensure proper error handling and logging in the gqlgen framework to prevent exposure of sensitive information and improve debugging.
Sangria Ensure proper exception handling and logging in the Sangria framework to prevent exposure of sensitive information and improve debugging.
Shopify Ensure proper error handling and logging in the Shopify framework to identify and address underlying vulnerabilities and misconfigurations that may lead to server errors.
Stepzen Ensure proper error handling and logging in the StepZen framework to identify and address underlying issues causing server errors.
Strawberry Ensure proper error handling and logging in the Strawberry Framework engine to prevent exposure of sensitive information and improve system stability.
Tartiflette Ensure proper error handling and logging in the Tartiflette framework to prevent exposure of sensitive information and to aid in diagnosing and fixing server errors.
Wpgraphql Ensure proper authentication and authorization checks are implemented for all GraphQL queries and mutations in the WPGraphQL framework to prevent unauthorized data access and manipulation.

REST Specific

Asp_net Ensure that all exception handling in the ASP.NET application is robust, logging detailed error information to a secure location while presenting generic error messages to users. Regularly review logs to identify and address underlying issues. Update the web.config file to disable detailed error messages to users and enable custom error pages. Additionally, conduct thorough testing and code reviews to prevent common vulnerabilities that may lead to internal server errors.
Ruby_on_rails Ensure that the Ruby on Rails application is running the latest stable version to benefit from security patches. Regularly update all dependencies, and employ comprehensive error handling to prevent detailed error messages from being displayed to users. Utilize Rails' built-in security features such as Active Record validations and strong parameters to mitigate risks of SQL injection and other vulnerabilities.
Next_js Ensure that your Next.js application is running on the latest stable version to benefit from security patches and performance improvements. Regularly update dependencies, and use error handling middleware to catch and address internal server errors. Implement comprehensive logging to monitor and quickly respond to any unexpected behavior or errors.
Laravel Ensure that Laravel's environment configuration files are correctly set up to handle errors and exceptions. Utilize the built-in logging features to monitor and record issues. Regularly update the Laravel framework and all dependencies to their latest versions to patch known vulnerabilities. Implement thorough testing of all routes and middleware to catch potential errors in the development stage. Additionally, consider setting up a custom error page to handle 500 Internal Server Errors gracefully, informing users that the issue is being addressed.
Express_js Ensure that all routes in the Express.js application have proper error handling. Use middleware for catching and logging errors and for sending appropriate error responses to the client. Regularly update the Express.js framework and all dependencies to their latest secure versions to mitigate known vulnerabilities. Additionally, implement rate limiting and input validation to protect against common attack vectors.
Django Ensure Django settings are configured correctly, particularly DEBUG mode, which should be set to False in production to prevent sensitive data exposure. Regularly update Django to the latest version to patch known vulnerabilities. Use Django's built-in logging to monitor and record server errors for timely investigation and resolution.
Symfony Ensure that the Symfony framework and all associated bundles are up to date with the latest security patches. Utilize Symfony's built-in functions to handle exceptions and log errors for further analysis. Regularly review and audit the code to identify potential security issues. Implement proper error handling to prevent information leakage and configure the server to display generic error messages to users while detailed logs are kept secure on the server.
Spring_boot Ensure that the Spring Boot application is using the latest stable version with security patches applied. Regularly review and update dependencies to mitigate known vulnerabilities. Implement comprehensive error handling to prevent detailed error messages from being displayed to users, and log errors internally for analysis. Configure a custom error page to handle internal server errors gracefully.
Flask Ensure that Flask applications are running in a production-ready environment with a proper WSGI server, such as Gunicorn, and are behind a reverse proxy like Nginx. Implement comprehensive error handling to catch exceptions and log errors without exposing sensitive information to the users. Regularly update Flask and its dependencies to mitigate known vulnerabilities.
Nuxt Ensure that all dependencies are up-to-date and that the Nuxt.js configuration is properly set to handle exceptions and errors gracefully. Implement comprehensive logging to track down the source of internal server errors and address them promptly. Regularly review and test the application for potential vulnerabilities and performance bottlenecks.
Fastapi For FastAPI applications, ensure that exception handling is properly implemented to catch and log errors without exposing sensitive information. Use FastAPI's built-in RequestValidationError for input validation and HTTPException for standard error responses. Regularly review and update dependencies to mitigate known vulnerabilities.
Frappe Ensure proper error handling and logging in the Frappe framework to identify and address underlying issues causing server errors.
Genzio Ensure proper exception handling and logging in the Genzio framework engine to identify and address the root causes of server errors.
Gin Ensure proper error handling and logging in the Gin framework to prevent exposure of sensitive information and to aid in diagnosing server errors.
Gorilla Ensure proper error handling and logging in the Gorilla framework to identify and address root causes of server errors.
Hapi Ensure proper error handling and logging in the Hapi framework by using the 'onPreResponse' extension to manage server errors and provide user-friendly messages while logging detailed error information for developers.
Hono Ensure proper exception handling and logging in the Hono framework engine to identify and address the root causes of server errors, enhancing system stability and security.
Jersey Ensure proper exception handling and logging in the Jersey framework to prevent exposure of sensitive information and improve debugging.
Koa Ensure proper error handling middleware is implemented to catch and log errors without exposing sensitive information to users.
Ktor Ensure proper exception handling and logging in the Ktor framework to identify and address the root causes of server errors, and regularly update dependencies to patch known vulnerabilities.
Leptos Ensure proper error handling and logging in the Leptos framework to prevent exposure of sensitive information and improve debugging efficiency.
Macaron Ensure proper error handling and logging in the Macaron framework to prevent exposure of sensitive information and improve debugging.
Phoenix Ensure proper error handling and logging in the Phoenix framework to prevent information leakage and improve system stability.
Redwoodjs Ensure proper error handling and logging in RedwoodJS by using the built-in error boundaries and logging mechanisms to capture and address server errors effectively.
Rocket Ensure proper error handling and logging in Rocket framework to prevent exposure of sensitive information and improve debugging.
Sveltekit Ensure proper error handling and logging in SvelteKit by using try-catch blocks and SvelteKit's built-in error handling mechanisms to prevent sensitive information from being exposed in server error messages.

Configuration

Identifier: protocol/server_error

Examples

Ignore this check

checks:
  protocol/server_error:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API5:2023
  • OWASP LLM: LLM04:2023
  • pci: 6.5.5
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-95
  • iso27001: A.12.6
  • nist: SP800-53
  • fedramp: AC-2

Classification

  • CWE: 20

Score

  • CVSS_VECTOR: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:H/RL:O/RC:C
  • CVSS_SCORE: 8.7