VariantIncomplete

CWE-536Servlet Runtime Error Message Containing Sensitive Information

Category: data-exposure

Description

A servlet error message indicates that there exists an unhandled exception in the web application code and may provide useful information to an attacker.

Common consequences· 1

  • Confidentiality — Read Application Data
    The error message may contain the location of the file in which the offending function is located. This may disclose the web root's absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.

References

  1. https://cwe.mitre.org/data/definitions/536.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Java Runtime Error Message Containing Sensitive Information
CWE
Uncaught Exception in Servlet
CWE
Server-generated Error Message Containing Sensitive Information
CWE
Exposure of Information Through Shell Error Message
CWE
J2EE Misconfiguration: Missing Custom Error Page
CWE
Use of HTTP Request With Sensitive Query String
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.