STIGQter: STIG Summary: EDB Postgres Advanced Server Security Technical Implementation Guide Version: 2 Release: 1 Benchmark Date: 23 Oct 2020:

The EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

SV-213612r508024_rule

Vulnerability Number

V-213612

Group Title

SRG-APP-000267-DB-000163

Rule Version

PPS9-00-006600

Severity

CAT II

CCI(s)

CCI-001314 - The information system reveals error messages only to organization-defined personnel or roles.

Weight

Fix Recommendation

Configure custom database code and associated application code not to display detailed error messages to those not authorized to view them.

Check Contents

Check custom database code to determine if detailed error messages are ever displayed to unauthorized individuals.

If detailed error messages are displayed to individuals not authorized to view them, this is a finding.

Vulnerability Number

V-213612

Documentable

False

Rule Version

PPS9-00-006600

Severity Override Guidance

Check Content Reference

Target Key

3988

The EDB Postgres Advanced Server must reveal detailed error messages only to the ISSO, ISSM, SA and DBA.

DISA Rule

Vulnerability Number

Group Title

Rule Version

Severity

CCI(s)

Weight

Fix Recommendation

Check Contents

Vulnerability Number

Documentable

Rule Version

Severity Override Guidance

Check Content Reference

Target Key

Comments