Information Leak Through Java Runtime Error Message
Weakness ID: 537 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

Java

+ Demonstrative Examples

Example 1

In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object and a Java RuntimeException will be raised and an error message will be output to the user.

(Bad Code)
Example Language: Java 
public class InputFileRead {

private File readFile = null;
private FileReader reader = null;
private String inputFilePath = null;
private final String DEFAULT_FILE_PATH = "c:\\somedirectory\\";

public InputFileRead() {
inputFilePath = DEFAULT_FILE_PATH;
}

public void setInputFile(String inputFile) {
/* Assume appropriate validation / encoding is used and privileges / permissions are preserved */
}

public void readInputFile() {
try {
reader = new FileReader(readFile);
...
} catch (RuntimeException rex) {
System.err.println("Error: Cannot open input file in the directory " + inputFilePath);
System.err.println("Input file has not been set, call setInputFile method before calling readInputFile");

} catch (FileNotFoundException ex) {...}

}
}

However, the error message output to the user contains information regarding the default directory on the local file system. This information can be exploited and may lead to unauthorized access or use of the system. Any Java RuntimeExceptions that are handled should not expose sensitive information to the user.

+ Potential Mitigations

Phase: Implementation

Do not expose sensitive error information to the user.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base210Product-Generated Error Message Information Leak
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Anonymous Tool Vendor (under NDA)Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings
Back to top