OWASP Top Ten 2004 Category A7 - Improper Error Handling
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the A7 category in the OWASP Top Ten 2004.
The software detects a specific error, but takes no actions to handle the error.
The software generates an error message that includes sensitive information about its environment, users, or associated data.
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
The default error page of a web application should not display sensitive information about the software system.
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, su...
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security...
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.
This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/...
Deprecated or Obsolete
CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2004, and as required for compliance with PCI DSS version 1.1. This view is consid...