LiveActive security incident?Get immediate response
CWE Reference

CWE-1069: Empty Exception Block | Glexia

CWE-1069 (Empty Exception Block) weakness overview with consequences, detection methods, mitigations, related CVEs and MITRE ATT&CK context.

Release 4.20weaknessIncomplete

Glexia's Take · Automated analysis

CWE-1069: Empty Exception Block

Empty Exception Block represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.

Executive Impact

  • Other: Reduce Reliability: When an exception handling block (such as a Catch and Finally block) is used, but that block is empty, this can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

Developer Pattern

CWE-1069 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.

Automation confidence

high confidence from CWE-1069, 4.20.

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Official CWE Definition

CWE-1069: Empty Exception Block

An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

Type
weakness
Abstraction
Variant
Status
Incomplete
Source
MITRE CWE definition

Developer And Remediation Guidance

How teams prevent and detect this weakness

Causes

  • In the following Java example, the code catches an ArithmeticException. Since the exception block is empty, no action is taken.,In the code below the exception has been logged and the bad execution has been handled in the desired way allowing the program to continue in an expected way.

Remediation

  • Implementation: For every exception block add code that handles the specific exception in the way intended by the application.

Detection

  • Code review
  • SAST
  • DAST
  • Focused regression tests

Mappings

Related CVEs, CWEs, and ATT&CK context

Related CWEs

Related CVEs

Related CVE mappings appear after CVE records are cross-indexed.

Open CWE CVE mapping

ATT&CK Relevance

ATT&CK relevance is shown only when reviewed or responsibly inferred.