logo

CWE-600 - Uncaught Exception in Servlet

CWE-600

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Uncaught Exception in Servlet

Description

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.

Common Consequences

Scope: Confidentiality, Availability

Impact: Read Application Data, DoS: Crash, Exit, or Restart

Related Weaknesses

CWE-248Uncaught Exception

CWE-390Detection of Error Condition Without ActionMedium

CWE-209Generation of Error Message Containing Sensitive InformationHigh

  • Release Date:
  • 2006-12-15
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website