A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.
Extended Description
N/A
ThreatScore
Threat Mapped score: 0.0
Industry: Finiancial
Threat priority: Unclassified
Observed Examples (CVEs)
No observed examples available.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
Phase
Note
Implementation
N/A
Common Consequences
Impact: Read Application Data — Notes: The error message may contain the location of the file in which the offending function is located. This may disclose the web root's absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.
Potential Mitigations
None listed.
Applicable Platforms
None listed.
Demonstrative Examples
Intro: The following servlet code does not catch runtime exceptions, meaning that if such an exception were to occur, the container may display potentially dangerous information (such as a full stack trace).
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); // May cause unchecked NullPointerException. if (username.length() < 10) { ... } }