...
| Wiki Markup |
|---|
This guideline extends equally to server side applications as well as clients. Adversaries can glean sensitive information from not only vulnerable web servers but also from innocent users who use vulnerable web browsers. In 2004, Schoenefeld discovered an instance in the Opera v7.54 web browser, wherein an attacker could use the {{sun.security.krb5.Credentials}} class in an applet as an oracle to "retrieve the name of the currently logged in user and parse his home directory from the information which is provided by the thrown {{java.security.AccessControlException}}." \[[Schoenefeld 04|AA. Java References#Schoenefeld 04]\]. |
All Errors reveal information by which an attacker can carry out a denial of service against the system. The table shown below lists a few sensitive errors and exceptions:
Exception Name | Description of information leak or threat |
|---|---|
| Underlying file system structure, user name enumeration |
| Database structure, user name enumeration |
| Enumeration of open ports when untrusted client can choose server port |
| May provide information about thread-unsafe code |
| Insufficient server resources (may aid DoS) |
| Resource enumeration |
| Underlying file system structure |
| Owner enumeration |
| Denial of service (DoS) |
| Denial of service (DoS) |
Noncompliant Code Example (leaks from exception message and type)
...