|
| 1 | +--- |
| 2 | +id: MCP_UNHANDLED_ERROR_DISCLOSURE_MALFORMED_JSONRPC |
| 3 | +info: |
| 4 | + name: Unhandled Error Disclosure by Passing malformed JSON RPC payload |
| 5 | + description: | |
| 6 | + This test checks whether the MCP server discloses raw stack traces or internal error messages |
| 7 | + (e.g., `SyntaxError`, `body-parser`, `raw-body`, `express` stack frames) directly to the MCP client. |
| 8 | + Such disclosures may reveal sensitive implementation details that can be exploited for further attacks. |
| 9 | + details: | |
| 10 | + The test sends malformed JSON payloads to the MCP server. |
| 11 | + If the response contains detailed stack traces, internal library names, or error messages, |
| 12 | + it indicates that the MCP server does not sanitize error responses before returning them to clients. |
| 13 | + Attackers can use this information to craft targeted exploits. |
| 14 | + impact: | |
| 15 | + Attackers gain knowledge of the underlying frameworks (`express`, `body-parser`, `raw-body`), |
| 16 | + precise file paths, and error handling flaws. |
| 17 | + This increases the risk of injection, DoS, or targeted exploitation of known vulnerabilities in exposed components. |
| 18 | + category: |
| 19 | + name: MCP |
| 20 | + shortName: MCP |
| 21 | + displayName: Model Context Protocol (MCP) Security |
| 22 | + subCategory: MCP_UNHANDLED_ERROR_DISCLOSURE_MALFORMED_JSONRPC |
| 23 | + severity: MEDIUM |
| 24 | + tags: |
| 25 | + - information_disclosure |
| 26 | + - error_handling |
| 27 | + - stack_trace |
| 28 | + - mcp_security |
| 29 | + references: |
| 30 | + - https://owasp.org/www-community/Improper_Error_Handling |
| 31 | + - https://cwe.mitre.org/data/definitions/209.html |
| 32 | + - https://portswigger.net/kb/issues/00600400_server-errors |
| 33 | + cwe: |
| 34 | + - CWE-209 |
| 35 | + cve: [] |
| 36 | +attributes: |
| 37 | + nature: NON_INTRUSIVE |
| 38 | + plan: PRO |
| 39 | + duration: FAST |
| 40 | +api_selection_filters: |
| 41 | + response_code: |
| 42 | + gte: 200 |
| 43 | + lt: 300 |
| 44 | + method: |
| 45 | + eq: POST |
| 46 | + request_payload: |
| 47 | + contains_all: |
| 48 | + - method |
| 49 | + - id |
| 50 | + - jsonrpc |
| 51 | + for_one: |
| 52 | + extract: requestBody |
| 53 | +wordLists: |
| 54 | + malformedPayload: |
| 55 | + - "{" |
| 56 | +execute: |
| 57 | + type: single |
| 58 | + requests: |
| 59 | + - req: |
| 60 | + replace_body: "${malformedPayload}${requestBody}" |
| 61 | +validate: |
| 62 | + response_payload: |
| 63 | + - magic_validate: "Analyze the response to determine if it exposes stack traces, codebase file paths, dependency versions, underlying libraries, library-related errors, or any low-level system/debug errors not intended for external exposure. If none of these are present and the error is generic, do not flag as vulnerable." |
0 commit comments