CWE-536: Servlet Runtime Error Message Containing Sensitive Information
A servlet error message indicates that there exists an unhandled exception in the web application code and may provide useful information to an attacker.
Last updated
Overview
CWE-536 (Servlet Runtime Error Message Containing Sensitive Information) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-536 is exploited.
Read Application Data
Affects: Confidentiality
The error message may contain the location of the file in which the offending function is located. This may disclose the web root's absolute path as well as give the attacker the location of application files or configuration information. It may even disclose the portion of code that failed. In many cases, an attacker can use the data to launch further attacks against the system.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
Technologies