...
| Wiki Markup |
|---|
This rule applies to server side applications as well as to clients. AdversariesAttackers can glean sensitive information not only from vulnerable web servers but also from victims who use vulnerable web browsers. In 2004, Schoenefeld discovered an exploit for the Opera v7.54 web browser, wherein an attacker could use the {{sun.security.krb5.Credentials}} class in an applet as an oracle to "retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown {{java.security.AccessControlException}}" \[[Schoenefeld 2004|AA. Bibliography#Schoenefeld 04]\]. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ce7ed7783feb768c-8d4bf6bc-4cb0452b-ac4e8dc9-a9260b1deba9f41bd5d12d05"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] "Information Exposure Through an Error Message" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 600 "Uncaught Exception in Servlet" | ||||
| CWE ID 497 "Exposure of System Data to an Unauthorized Control Sphere" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2208c2f0f26df8fb-9dd68d6b-474d43e0-960999fb-467765f546536683411ca1a4"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d836faf37f0aeabb-5a068123-419b4f6f-ba14b059-4ae2cf0b0db66e031da9f4bc"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...