OWASP Top Ten 2004 Category A7 - Improper Error Handling

The product detects a specific error, but takes no actions to handle the error.

The product generates an error message that includes sensitive information about its environment, users, or associated data.

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

The default error page of a web application should not display sensitive information about the product.

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, su...

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security...

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to in...

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/...

CWE entries in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is cons...