CWE-536: Servlet Runtime Error Message Containing Sensitive Information

Export to Word

Description

A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.

Extended Description

N/A


ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified


Observed Examples (CVEs)

Related Attack Patterns (CAPEC)

N/A


Attack TTPs

N/A

Modes of Introduction

Phase Note
Implementation N/A

Common Consequences

Potential Mitigations

Applicable Platforms


Demonstrative Examples

Intro: The following servlet code does not catch runtime exceptions, meaning that if such an exception were to occur, the container may display potentially dangerous information (such as a full stack trace).

public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); // May cause unchecked NullPointerException. if (username.length() < 10) { ... } }

Notes

← Back to CWE list