Revealing system data or debugging information helps an adversary learn about the system and form a plan of attack.
An information leak occurs when system data or debugging information leaves the program through an output stream or logging function.
This parameter tells Apache Axis 2 to send fault messages to clients. Fault messages contain stack traces and in some cases the error message tells the attacker precisely what sort of an attack the system is vulnerable to. For example, a database error message can reveal that the application is vulnerable to a SQL injection attack. Other error messages can reveal more oblique clues about the system.
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A10 Insecure Configuration Management
[2] Standards Mapping - OWASP Top 10 2007 - (OWASP 2007) A6 Information Leakage and Improper Error Handling
[3] Standards Mapping - OWASP Top 10 2010 - (OWASP 2010) A6 Security Misconfiguration
[4] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3620 CAT II
[5] Standards Mapping - FIPS200 - (FISMA) CM
[6] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 497
[7] How to stop Axis2 sending stack traces in case of a fault? WSO2
[8] Standards Mapping - Web Application Security Consortium 24 + 2 - (WASC 24 + 2) Information Leakage
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.10
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 - (PCI 2.0) Requirement 6.5.5
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.2 - (PCI 1.2) Requirement 6.5.6