Difference between revisions of "Improper cleanup on thrown exception"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new189.html asian time ] [http://s1.shard.jp/frhorton/t45lfscw6.html monrovia africa history ] [http://s1.shard.jp/frhorton/hwct2dcpc.html african american care child foster in ] [http://s1.shard.jp/galeach/new28.html asian style decor] [http://s1.shard.jp/olharder/route-66-auto.html custom auto amp rack ] [http://s1.shard.jp/frhorton/j1znr5lny.html south african animals and plants ] [http://s1.shard.jp/olharder/autorizadas.html automation and drives ] [http://s1.shard.jp/losaul/midas-mufflers.html positive cash flow property australia ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/autobiographer.html automatic vents ] [http://s1.shard.jp/galeach/new81.html asiann ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/galeach/new150.html airline asian southeast ] [http://s1.shard.jp/bireba/antivirus-software.html norton antivirus corporate edition uninstall ] [http://s1.shard.jp/olharder/ auto crystal insurance springs ] [http://s1.shard.jp/losaul/aborigines--dreamtime.html aborigines + dreamtime + australia] [http://s1.shard.jp/bireba/alertas-antivirus.html norton antivirus 2004 crack serial ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new99.html asian canada cheap flight from from ] [http://s1.shard.jp/galeach/new165.html disney's fantasia ] [http://s1.shard.jp/bireba/notron-antivirus.html notron antivirus 2004] [http://s1.shard.jp/galeach/new54.html puffy amiyumi lyrics true asia ] [http://s1.shard.jp/olharder/autores-romanticos.html online auto foreclosure auctions ] [http://s1.shard.jp/galeach/new131.html asia consulting ] [http://s1.shard.jp/bireba/panda-antivirus.html stinger antivirus tools ] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/olharder/automatic-direction.html auto forumi ] [http://s1.shard.jp/bireba/clam-win-antivirus.html clam win antivirus] [http://s1.shard.jp/olharder/the-autobiography.html auto part swap meet ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/galeach/new127.html colorectal neoplasia ] [http://s1.shard.jp/olharder/ch-futterautomat.html auto recyclers ontario canada ] [http://s1.shard.jp/olharder/rockies-auto-colorado.html scotts auto country incorporated ] [http://s1.shard.jp/frhorton/2wh6r9nyq.html africa development ford foundation ] [http://s1.shard.jp/olharder/automatic-dc-queue.html autotarget ] [http://s1.shard.jp/losaul/australia-bank.html australian shepherd nationals ] [http://s1.shard.jp/bireba/mcaffe-antivirus.html symantec antivirus server 2003 ] [http://s1.shard.jp/olharder/automobile-promotion.html auto ccd scanning single ] [http://s1.shard.jp/frhorton/o5mgjok5p.html miss south africa 1997] [http://s1.shard.jp/galeach/new59.html asian male models portfolio ] [http://s1.shard.jp/galeach/new137.html asian cover duvet] [http://s1.shard.jp/galeach/new91.html asian spas georgia ] [http://s1.shard.jp/olharder/johnny-bench.html johnny bench autographed baseball] [http://s1.shard.jp/losaul/buffy-convention.html gnc live well australia ] [http://s1.shard.jp/losaul/multiplex-group.html accomodation cairns australia ] [http://s1.shard.jp/galeach/new63.html asia info southeast ] [http://s1.shard.jp/galeach/new152.html asian buddy icons ] [http://s1.shard.jp/bireba/alarm-antivirus.html symantec antivirus client removal tool ] [http://s1.shard.jp/galeach/new128.html asian pendant] [http://s1.shard.jp/galeach/new52.html pretty asia women] 

Latest revision as of 06:50, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents


Causing a change in flow, due to an exception, can often leave the code in a bad state.


  • Implementation: The code could be left in a bad state.

Exposure period

  • Implementation: Many logic errors can lead to this condition.


  • Languages: Java, C, C# or any language which can throw an exception.
  • Operating platforms: Any

Required resources




Likelihood of exploit


Often, when functions or loops become complicated, some level of cleanup in the beginning to the end is needed. Often, since exceptions can disturb the flow of the code, one can leave a code block in a bad state.

Risk Factors



In C++/Java:

public class foo {
  public static final void main( String args[] ) {
        boolean returnValue;
  public static final boolean doStuff( ) {
        boolean threadLock;
        boolean truthvalue=true;

        try {
                while(//check some condition){
                        //do some stuff to truthvalue
        } catch (Exception e){
                System.err.println("You did something bad");
                        if (something) return truthvalue;
        return  truthvalue;

In this case, you may leave a thread locked accidentally.

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: If one breaks from a loop or function by throwing an exception, make sure that cleanup happens or that you should exit the program. Use throwing exceptions sparsely.

Related Technical Impacts