...
This rule appears in the C++ Secure Coding Standard as ERR12-CPP. Do not allow exceptions to transmit sensitive information.
Bibliography
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="a8342bca-0928-4eb8-bb86-094bc580a824"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] |
...
"Information |
...
Exposure |
...
Through |
...
an |
...
Error |
...
Message" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 600 "Uncaught Exception in Servlet" |
| CWE ID 497 "Exposure of System Data to an Unauthorized Control Sphere" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="751ccdb8-0783-4edc-9c75-d569bf74bcef"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8de60dd2-6b64-44ce-9339-48681c1bd37c"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...
06. Exceptional Behavior (ERR) ERR07-J. Prevent exceptions while logging data