VariantIncomplete

CWE-537Java Runtime Error Message Containing Sensitive Information

Category: data-exposure

Description

In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 1

  • [Implementation]Do not expose sensitive error information to the user.

References

  1. https://cwe.mitre.org/data/definitions/537.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Servlet Runtime Error Message Containing Sensitive Information
CWE
Exposure of Information Through Shell Error Message
CWE
Server-generated Error Message Containing Sensitive Information
CWE
Uncaught Exception in Servlet
CWE
J2EE Misconfiguration: Missing Custom Error Page
CWE
Generation of Error Message Containing Sensitive Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.