BaseIncomplete

CWE-756Missing Custom Error Page

Category: other

Description

The product does not return custom error pages to the user, possibly exposing sensitive information.

Common consequences· 1

  • Confidentiality — Read Application Data
    Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.

References

  1. https://cwe.mitre.org/data/definitions/756.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Generation of Error Message Containing Sensitive Information
CWE
Improper Access Control
CWE
Improper Protection of Alternate Path
CWE
Missing Encryption of Sensitive Data
CWE
Improper Neutralization of Script in an Error Message Web Page
CWE
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.