Missing Handler
Weakness ID: 431 (Weakness Base)Status: Draft
+ Description

Description Summary

A handler is not available or implemented.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Demonstrative Examples

Example 1

If a Servlet fails to catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack. In the following method a DNS lookup failure will cause the Servlet to throw an exception.

(Bad Code)
Example Language: Java 
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException {
String ip = req.getRemoteAddr();
InetAddress addr = InetAddress.getByName(ip);
...
out.println("hello " + addr.getHostName());
}

When a Servlet throws an exception, the default error response the Servlet container sends back to the user typically includes debugging information. This information is of great value to an attacker.

+ Potential Mitigations

Handle all possible situations (e.g. error condition).

If an operation can throw an Exception, implement a handler for that specific exception.

+ Other Notes

When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory429Handler Errors
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class691Insufficient Control Flow Management
Research Concepts (primary)1000
CanPrecedeWeakness VariantWeakness Variant433Unparsed Raw Web Content Delivery
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERMissing Handler
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-05-27CWE Content TeamMITREInternal
updated Demonstrative Examples
Back to top