Verbose Error Messages :
Description: Developers commonly include verbose error messages in the development of software applications. When software behaves unexpectedly, it generates messages that contain detailed information about how and where an error occurred. These messages are useful within the web development life cycle (since the application is often executed in a remote multi-tiered environment), but these verbose error messages often contain environment variables, path disclosure, and other platform information used to aid in debugging. This information is a valued resource to an attacker attempting to penetrate a system.
HTML Comments :
Description: HTML comments are commonly placed within the source code of a web page. Web site developers often mark portions of their pages with comments which are not normally viewable by the a web site visitor. These comments may contain sensitive information about the structure of the web site, or information intended only for the system owners or developers. These comments can provide an attacker with information about your system, network, or application behavior which may be useful in future attacks.
Known Directory :
Description: A Known Directory vulnerability indicates that a web server directory not intended for public viewing has a name that can easily be guessed, and thus can also be accessed. This directory may contain files with sensitive data or functionality for configuring the web server.
