CWE-600: Uncaught Exception in Servlet

VariantDraft

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

View on MITRE
Back to CWE Lookup

Extended Description

When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-600

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-600: Uncaught Exception in Servlet | CWE Lookup | Inventive HQ