...
This rule appears in the C++ Secure Coding Standard as ERR12-CPP. Do not allow exceptions to transmit sensitive information.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="49d6d526-9857-4399-ac07-32b81df4fdff"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] "Information Exposure Through an Error Message" | ]]></ac:plain-text-body></ac:structured-macro> | ||
| CWE ID 600, "Uncaught Exception in Servlet" | ||||||
| CWE ID 497, "Exposure of System Data to an Unauthorized Control Sphere" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5e0abab9e82bdf33-844fb677-4fb64688-90e0998a-6afe20d86c2b1ea8f3c60f11"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3311b3bd285f9bac-b347c2a4-452a4d4c-a2a49327-f25e61abb00a9c9f868ca75e"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...