CWE-600: Uncaught Exception in Servlet
ID
CWE-600
Abstraction
Variant
Structure
Simple
Status
Draft
Number of CVEs
1
The Servlet does not catch all exceptions, which may reveal sensitive debugging information.
When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-248 | Uncaught Exception | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-209 | Generation of Error Message Containing Sensitive Information | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-390 | Detection of Error Condition Without Action | Base | Simple | Draft |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...