CWE-536 - Servlet Runtime Error Message Containing Sensitive Information
CWE-536
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Servlet Runtime Error Message Containing Sensitive Information
- Description
A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.
- Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: The error message may contain the location of the file in which the offending function is located. This may disclose the web root's absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2024-02-29
Free security scan for your website