CWE-536 - Servlet Runtime Error Message Containing Sensitive Information

Weakness Name: Servlet Runtime Error Message Containing Sensitive Information

Description: A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: The error message may contain the location of the file in which the offending function is located. This may disclose the web root's absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.

Related Weaknesses: CWE-211Externally-Generated Error Message Containing Sensitive Information

Free security scan for your website

Don't show website scan report rating on the leaderboard

A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.