CVEbaza.plCWE DictionaryCWE-600
Common Weakness Enumeration

CWE-600

Uncaught Exception in Servlet

Category: VariantCVE: 1
Description

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

Extended Description

When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker. For example, a stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.

CVE vulnerabilities with CWE-600 (1)
5.9
CVSS
MEDIUM
CVE-2023-35123

Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access.

pub. 2024-08-14
Information
ID: CWE-600
Type: Variant
Vulnerabilities: 1
MITRE CWE ↗
← CWE Dictionary