Table 4 Classification for failure symptoms
Tag | Description |
|---|---|
Server resource disclosure | Information about the servers filesystem or a physical resource is disclosed |
Conversion issues | A conversion problem exists in the service |
Wrong type definition | The service operation expects a value whose type is not consistent with what is announced in the services WSDL file |
Data access operations | A problem exists related with data access operations |
Specific server failure message | An exception is thrown and application or development specific information is revealed. This information is, however, generally too vague or too context-specific to allow us an association with another tag |
Persistence error | An exception is thrown indicating a persistence-related problem. This is typically an SQL exception that is thrown as a consequence of improper parameter handling |
Argument out of format | The service operation requires a restriction on a parameters format. However, no restriction is specified in the WSDL file, allowing clients to invoke the operation with an out-of-format parameter |
Wrapped error information | An error response is wrapped in an expected object. The response indicates the occurrence of an internal error |
Array out of bounds | Occurrence of an array access with an index that exceeds the limits of the array (upper or lower) |
Null references | A null pointer or reference exception is thrown by the server application |
Command or schema disclosure | An internal command is totally or partially disclosed (e.g., an SQL statement is revealed), or the data schema is revealed (e.g., the table names in a relational database are revealed) |
Arithmetic operations | An indication of an arithmetic error is returned by the service operation |
Division by zero | The service operation indicates that a division by zero has been attempted |
Internal function name disclosure | The name of an internal or system procedure is disclosed (e.g., a database stored procedure) |
System vendor disclosure | System vendor information is disclosed (e.g., database or operating system vendor) |
Overflow | The service operation is unable to properly handle a value that is larger than the capacity of its container, indicating the occurrence of an overflow error |
System instance name disclosure | The name of a system instance is revealed to the client (e.g., a database instance name) |
System user disclosure | A system username or password is exposed to the client (e.g., the username used to connect to a database or the operating system username) |
Other | Any other service response that does not fit into any of the previous categories |