...
This rule appears in the C++ Secure Coding Standard as ERR12-CPP. Do not allow exceptions to transmit sensitive information.
Bibliography
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="a56d95e3-fa9f-41a8-a9a9-b3f5eda7a4b9"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] |
...
"Information |
...
Exposure |
...
Through |
...
an |
...
Error |
...
Message" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 600 "Uncaught Exception in Servlet" |
| CWE ID 497 "Exposure of System Data to an Unauthorized Control Sphere" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ec0b8100-5f8e-4c08-a20e-45d0ece1be67"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="af797b29-8297-4eec-a6d6-49596732d247"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...
06. Exceptional Behavior (ERR) ERR07-J. Prevent exceptions while logging data