VariantIncomplete

CWE-550Server-generated Error Message Containing Sensitive Information

Category: data-exposure

Description

Certain conditions, such as network failure, will cause a server error message to be displayed. While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.

Common consequences· 1

  • Confidentiality — Read Application Data

Potential mitigations· 1

  • [Architecture and Design, System Configuration]Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.

References

  1. https://cwe.mitre.org/data/definitions/550.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Servlet Runtime Error Message Containing Sensitive Information
CWE
Exposure of Information Through Shell Error Message
CWE
Generation of Error Message Containing Sensitive Information
CWE
Self-generated Error Message Containing Sensitive Information
CWE
Java Runtime Error Message Containing Sensitive Information
CWE
Externally-Generated Error Message Containing Sensitive Information
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.