From 38bce39baa4d8fad01a2ba25f9d6463a97d186cb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaroslav=20Loba=C4=8Devski?= <jarlob@github.com>
Date: Mon, 3 May 2021 15:06:57 +0300
Subject: [PATCH] Update UncaughtServletException.qhelp

There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
---
 .../Security/CWE/CWE-600/UncaughtServletException.qhelp         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp
index de9d395e731..cf04705eecd 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp
@@ -2,7 +2,7 @@
 <qhelp>
   <overview>
     <p>
-      Even though the request-handling methods of <code>Servlet</code> are declared <code>throws IOException, ServletException</code>, it's a bad idea to let such exceptions be thrown. Failure to catch exceptions in a servlet could leave a system in an unexpected state, possibly resulting in denial-of-service attacks, or could lead to exposure of sensitive information because when a servlet throws an exception, the servlet container typically sends debugging information back to the user. That information could be valuable to an attacker.
+      Even though the request-handling methods of <code>Servlet</code> are declared <code>throws IOException, ServletException</code>, it's a bad idea to let such exceptions be thrown. Failure to catch exceptions in a servlet could lead to exposure of sensitive information because when a servlet throws an exception, the servlet container typically sends debugging information back to the user. That information could be valuable to an attacker.
     </p>
   </overview>