BaseIncomplete

CWE-204Observable Response Discrepancy

Category: other

Description

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

Common consequences· 1

  • Confidentiality / Access Control — Read Application Data, Bypass Protection Mechanism

Potential mitigations· 2

  • [Architecture and Design]
  • [Implementation]

Related CAPEC attack patterns· 4

CAPEC-331CAPEC-332CAPEC-541CAPEC-580

References

  1. https://cwe.mitre.org/data/definitions/204.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternICMP IP 'ID' Field Error Message Probecapec-332100%live
AttackPatternSystem Footprintingcapec-580100%live
AttackPatternApplication Fingerprintingcapec-541100%live
AttackPatternICMP IP Total Length Field Probecapec-331100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-5485cve-2025-54850%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Observable Discrepancy
CWE
Exposure of Sensitive Information to an Unauthorized Actor
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
CWE
Improper Access Control
CWE
Exposure of Sensitive Information Due to Incompatible Policies
CWE
Exposure of Resource to Wrong Sphere
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.