...
Compliant solutions must ensure that security exceptions such as java.security.AccessControlException and java.lang.SecurityException continue to be logged and sanitized appropriately. See rule ERR07 ERR02-J. Prevent exceptions while logging data for additional information. The MyExceptionReporter class from rule ERR00-J. Do not suppress or ignore checked exceptions demonstrates an acceptable approach for this logging and sanitization.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b36f98b1cc811aed-07cb445c-483448f0-b6eca288-4dba346fdb7d7d9cc086c68f"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 209 | http://cwe.mitre.org/data/definitions/209.html] "Information Exposure Through an Error Message" | ]]></ac:plain-text-body></ac:structured-macro> |
| CWE ID 600 "Uncaught Exception in Servlet" | ||||
| CWE ID 497 "Exposure of System Data to an Unauthorized Control Sphere" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9905c08092e8e3ba-1eab90be-4cc84e5c-b19ebdcb-3328878e38d740777ffae1a2"><ac:plain-text-body><![CDATA[ | [[Gong 2003 | AA. Bibliography#Gong 03]] | 9.1 Security Exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8d37f07cb00748f5-fb533629-484046df-bba78d48-0e0f1bcd9bb5652a6fb0cf48"><ac:plain-text-body><![CDATA[ | [[SCG 2007 | AA. Bibliography#SCG 07]] | Guideline 3-4 Purge sensitive information from exceptions | ]]></ac:plain-text-body></ac:structured-macro> |
...
06. Exceptional Behavior (ERR) ERR07-J. Prevent exceptions while logging data