OWASP Top Ten 2004 Category A7 - Improper Error Handling

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2004.

Weaknesses

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.

Generation of Error Message Containing Sensitive Information

The software generates an error message that includes sensitive information about its environment, users, or associated data.

Improper Handling of Syntactically Invalid Structure

The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.

J2EE Misconfiguration: Missing Custom Error Page

The default error page of a web application should not display sensitive information about the software system.

Not Failing Securely ('Failing Open')

When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, su...

Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security...

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Unexpected Status Code or Return Value

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.

Categories

Error Conditions, Return Values, Status Codes

This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/...

Concepts

Deprecated or Obsolete

Weaknesses in OWASP Top Ten (2004)

CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is consid...

See Also

  1. A7 Improper Error Handling

    OWASP


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.