CWE-537 Variante Incomplet

Java Runtime Error Message Containing Sensitive Information

This vulnerability occurs when a Java application's runtime error messages reveal sensitive details about the system, such as file paths, internal IP addresses, or stack traces. Attackers can…

Définition

What is CWE-537?

This vulnerability occurs when a Java application's runtime error messages reveal sensitive details about the system, such as file paths, internal IP addresses, or stack traces. Attackers can exploit these overly informative error messages to map the application's structure and gather intelligence for further attacks.
When an unhandled exception occurs, the default behavior in many Java applications is to display a detailed error message to the user. These messages often contain internal data like server file system paths, database connection strings, library versions, or configuration details. This information is invaluable to an attacker, as it helps them understand the underlying technology stack and pinpoint weaknesses without needing to probe the system directly. To prevent this, developers should implement a global exception handler that catches all unhandled exceptions and replaces verbose system-generated messages with generic, user-friendly ones. All detailed error information should be logged securely on the server side for debugging purposes, never exposed to the end-user. This practice, often called 'security through obscurity,' is a critical layer in a defense-in-depth strategy, ensuring that failures don't inadvertently hand attackers a roadmap to your system.
Impact réel

Real-world CVEs caused by CWE-537

Aucune référence CVE publique n'est liée à ce CWE dans le catalogue MITRE pour le moment.

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

  1. 1

    In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object. A Java RuntimeException will be raised, and an error message will be output to the user.

  2. 2

    However, the error message output to the user contains information regarding the default directory on the local file system. This information can be exploited and may lead to unauthorized access or use of the system. Any Java RuntimeExceptions that are handled should not expose sensitive information to the user.

  3. 3

    In the example below, the BankManagerLoginServlet servlet class will process a login request to determine if a user is authorized to use the BankManager Web service. The doPost method will retrieve the username and password from the servlet request and will determine if the user is authorized. If the user is authorized the servlet will go to the successful login page. Otherwise, the servlet will raise a FailedLoginException and output the failed login message to the error page of the service.

  4. 4

    However, the output message generated by the FailedLoginException includes the user-supplied password. Even if the password is erroneous, it is probably close to the correct password. Since it is printed to the user's page, anybody who can see the screen display will be able to see the password. Also, if the page is cached, the password might be written to disk.

Exemple de code vulnérable

Vulnerable Java

In the following Java example the class InputFileRead enables an input file to be read using a FileReader object. In the constructor of this class a default input file path is set to some directory on the local file system and the method setInputFile must be called to set the name of the input file to be read in the default directory. The method readInputFile will create the FileReader object and will read the contents of the file. If the method setInputFile is not called prior to calling the method readInputFile then the File object will remain null when initializing the FileReader object. A Java RuntimeException will be raised, and an error message will be output to the user.

Vulnérable Java 
public class InputFileRead {
  		private File readFile = null;
  		private FileReader reader = null;
  		private String inputFilePath = null;
  		private final String DEFAULT_FILE_PATH = "c:\\somedirectory\\";
  		public InputFileRead() {
  			inputFilePath = DEFAULT_FILE_PATH;
  		}
  		public void setInputFile(String inputFile) {
```
/* Assume appropriate validation / encoding is used and privileges / permissions are preserved */* 
  				}
  		
  		public void readInputFile() {
  		```
  				try {
  					reader = new FileReader(readFile);
  					...
  				} catch (RuntimeException rex) {
  					System.err.println("Error: Cannot open input file in the directory " + inputFilePath);
  					System.err.println("Input file has not been set, call setInputFile method before calling readInputFile");
  				} catch (FileNotFoundException ex) {...}
  		}
  }
Exemple de code sécurisé

Secure pseudo

Sécurisé pseudo 
// Validate, sanitize, or use a safe API before reaching the sink.
function handleRequest(input) {
  const safe = validateAndEscape(input);
  return executeWithGuards(safe);
}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention

How to prevent CWE-537

  • Implementation Do not expose sensitive error information to the user.
Signaux de détection

How to detect CWE-537

SAST High

Exécuter une analyse statique (SAST) sur le code source à la recherche du motif non sécurisé dans le flux de données.

DAST Moderate

Exécuter des tests de sécurité applicative dynamique (DAST) contre le point de terminaison en ligne.

Runtime Moderate

Surveiller les journaux runtime pour détecter des traces d'exception inhabituelles, des entrées malformées ou des tentatives de contournement d'autorisation.

Code review Moderate

Revue de code : signaler tout nouveau code qui traite les entrées de cette surface sans utiliser les helpers du framework validés.

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-537 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement
Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-537 ?

This vulnerability occurs when a Java application's runtime error messages reveal sensitive details about the system, such as file paths, internal IP addresses, or stack traces. Attackers can exploit these overly informative error messages to map the application's structure and gather intelligence for further attacks.

Quelle est la gravité de CWE-537 ?

MITRE n'a pas publié de note de probabilité d'exploitation pour cette faiblesse. Traitez-la comme un impact moyen jusqu'à ce que votre modèle de menace prouve le contraire.

Quels langages ou plateformes sont affectés par CWE-537 ?

MITRE lists the following affected platforms: Java.

Comment puis-je prévenir CWE-537 ?

Do not expose sensitive error information to the user.

Comment Plexicus détecte et corrige CWE-537 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-537 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-537 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/537.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-537

CWE-211 Parent

Externally-Generated Error Message Containing Sensitive Information

This vulnerability occurs when an application triggers an error message from an external component—like a database, interpreter, or…

CWE-535 Frère

Exposure of Information Through Shell Error Message

This vulnerability occurs when a web application's command shell returns detailed error messages to users. Attackers can analyze these…

CWE-536 Frère

Servlet Runtime Error Message Containing Sensitive Information

This vulnerability occurs when a Java servlet application displays detailed runtime error messages that reveal sensitive information about…

Ressources

Further reading

Prêt quand vous l'êtes

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.

Commencer gratuitement Réserver une démo