Failure to filter sensitive information when propagating exceptions often results in information leaks that can assist an attacker's efforts develop further exploits. An attacker may craft input arguments to expose internal structures and mechanisms of the application. Both the exception message text and the type of an exception can leak information. For example, the FileNotFoundException message reveals information about the file system layout, and the exception type reveals the absence of the requested file.
Wiki Markup sun.security.krb5.Credentials}} class in an applet as an oracle to "retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown {{java.security.AccessControlException}}" \ [[Schönefeld 2004|AA. References#Schoenefeld 04]\].
All exceptions reveal information that can assist an attacker's efforts to carry out a denial of service (DoS) against the system. Consequently, programs must filter both exception messages and exception types that can propagate across trust boundaries. The following table lists several problematic exceptions:
...
C++ Secure Coding Standard | ERR12-CPP. Do not allow exceptions to transmit sensitive information |
CWE-209. Information exposure through an error message | |
| CWE-600. Uncaught exception in servlet |
| CWE-497. Exposure of system data to an unauthorized control sphere |
Bibliography
...
[[Gong 2003AA. References#Gong 03] ] | 9.1, Security Exceptions ]]></ac:plain-text-body></ac:structured-macro> |
...