...
The previous compliant solution logs the exception instead of revealing sensitive information. (See guideline rule [EXC06-J. Do not allow exceptions to transmit sensitive information.) When none of the possible exceptions reveals sensitive information, we can use an equivalent mechanism that allows exceptions to be wrapped, thus providing better diagnostic information for the caller. For example, an applet that lacks read-access to system files that contain fonts can accomplish the task from a privileged block without revealing any sensitive information. When non-sensitive exceptions provide more information, the client is better able to recognize the symptoms of a read failure.
...
Search for vulnerabilities resulting from the violation of this guideline rule on the CERT website.
Related Guidelines
...