Uncaught Exception in Servlet
Description The Servlet does not catch all exceptions, which may reveal sensitive debugging information. Extended DescriptionWhen a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components. Applicable PlatformsNone Time Of Introduction
Common Consequences
Detection MethodsNone Potential Mitigations
Relationships
Demonstrative Examples (Details) White Box Definitions None Black Box Definitions None Taxynomy Mappings
References:None |