目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-431 句柄缺失 类漏洞列表 1

CWE-431 句柄缺失 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-431 属于缺失异常处理漏洞,指程序抛出异常但未实施相应的捕获或处理机制。攻击者通常利用此缺陷,通过触发特定异常导致程序崩溃、终止服务或泄露敏感的内部堆栈信息,从而引发拒绝服务或进一步的信息泄露。开发者应避免此类问题,需确保所有关键代码块均包含完善的异常捕获逻辑,对预期和非预期异常进行合理分类处理,并记录日志以维持系统的稳定性和安全性。

MITRE CWE 官方描述
CWE:CWE-431 Missing Handler(缺失处理程序) 英文:A handler is not available or implemented.(未提供或未实现处理程序。) When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution.(当异常被抛出且未被捕获时,该进程便放弃了决定某次特定故障或事件是否值得改变执行流程的机会。)
常见影响 (1)
OtherVaries by Context
缓解措施 (2)
ImplementationHandle all possible situations (e.g. error condition).
ImplementationIf an operation can throw an Exception, implement a handler for that specific exception.
代码示例 (1)
If a Servlet does not catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack. In the following method a DNS lookup failure will cause the Servlet to throw an exception.
protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2021-40334 Hitachi Energy Fox61X和Hitachi Energy Xcm20 安全漏洞 — FOX61x 8.6 High2021-12-02

CWE-431(句柄缺失) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。