Tag Archives: Servlet Runtime Error Message Containing Sensitive Information

CWE-536 – Servlet Runtime Error Message Containing Sensitive Information

Read Time:33 Second

Description

A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-211

 

Consequences

Confidentiality: Read Application Data

The error message may contain the location of the file in which the offending function is located. This may disclose the web root’s absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.

 

Potential Mitigations

CVE References