278 – Insecure exceptions - NullPointerException

Description

Use is made of functions that perform _catch_ to Nullpointer exceptions, which can cause unexpected behavior in the system.

Impact

- Decrease application performance. - Cause a possible denial of service.

Recommendation

The _catch_ to _NullpointerException_ should only be used when test class entries need to be tested.

Threat

Unauthorized attacker from the Internet.

Expected Remediation Time

15 minutes.

Score 4.0

Default score using CVSS 4.0. It may change depending on the context of the src.

Base 4.0

• Attack vector: N
• Attack complexity: H
• Attack Requirements: N
• Privileges required: N
• User interaction: N
• Confidentiality (VC): N
• Integrity (VI): N
• Availability (VA): L
• Confidentiality (SC): N
• Integrity (SI): N
• Availability (SA): N

Threat 4.0

• Exploit maturity: U

Requirements

• 161 - Define secure default options
• 266 - Disable insecure functionalities
• 359 - Avoid using generic exceptions

Fixes

• Csharp
• Dart
• Php
• Ruby

Last updated

2024/02/18