Propagating the content of exceptions without performing explicit filtering is often associated with information leakage. An attacker may craft input parameters such that underlying structures and mechanisms may get exposed inadvertently. Information leakage can result from both the exception message text and the type of exception. For example, with FileNotFoundException, the message reveals the file system layout while the type conveys the absence of the file.
| Wiki Markup |
|---|
This guideline extends equally to both server applications as well as clients. Adversaries can glean sensitive information from not only vulnerable web servers but also innocent users who use vulnerable web browsers. In 2004, Schoenefeld \[[Schoenefeld 04|AA. Java References#Schoenefeld 04]\] discovered an instance wherein an attacker could use the {{sun.security.krb5.Credentials}} class as an oracle to "retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown java.security.AccessControlException." |
Noncompliant Code Example
...