Merge pull request #5821 from JarLob/patch-1

Update UncaughtServletException.qhelp
2026-04-30 03:05:15 +02:00 · 2021-05-04 10:39:02 +02:00
parent 9ee9186a1a 38bce39baa
commit 5bcf810a7c
1 changed files with 1 additions and 1 deletions
--- a/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.qhelp
@@ -2,7 +2,7 @@
 <qhelp>
  <overview>
    <p>
-      Even though the request-handling methods of <code>Servlet</code> are declared <code>throws IOException, ServletException</code>, it's a bad idea to let such exceptions be thrown. Failure to catch exceptions in a servlet could leave a system in an unexpected state, possibly resulting in denial-of-service attacks, or could lead to exposure of sensitive information because when a servlet throws an exception, the servlet container typically sends debugging information back to the user. That information could be valuable to an attacker.
+      Even though the request-handling methods of <code>Servlet</code> are declared <code>throws IOException, ServletException</code>, it's a bad idea to let such exceptions be thrown. Failure to catch exceptions in a servlet could lead to exposure of sensitive information because when a servlet throws an exception, the servlet container typically sends debugging information back to the user. That information could be valuable to an attacker.
    </p>
  </overview>