970 indexed
CWECWE weaknesses
970 MITRE CWE entries — software weakness types that underlie vulnerabilities (CVE→CWE link). Filter by category. Authored by Adam Lundqvist.
Showing 51–72 of 72 in Data Exposure · page 2 of 2
| ID | Title | Summary |
|---|---|---|
| CWE-532 | Insertion of Sensitive Information into Log File | The product writes sensitive information to a log file. |
| CWE-533 | DEPRECATED: Information Exposure Through Server Log Files | This entry has been deprecated because its abstraction was too low-level. See CWE-532. |
| CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files | This entry has been deprecated because its abstraction was too low-level. See CWE-532. |
| CWE-535 | Exposure of Information Through Shell Error Message | A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the condi… |
| CWE-536 | Servlet Runtime Error Message Containing Sensitive Information | A servlet error message indicates that there exists an unhandled exception in the web application code and may provide useful information to an attacker. |
| CWE-537 | Java Runtime Error Message Containing Sensitive Information | In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system. |
| CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the se… |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information | The web application uses persistent cookies, but the cookies contain sensitive information. Cookies are small bits of data that are sent by the web applicatio… |
| CWE-540 | Inclusion of Sensitive Information in Source Code | Source code on a web server or repository often contains sensitive information and should generally not be accessible to users. There are situations where it … |
| CWE-541 | Inclusion of Sensitive Information in an Include File | If an include file source is accessible, the file can contain usernames and passwords, as well as sensitive information pertaining to the application and syste… |
| CWE-542 | DEPRECATED: Information Exposure Through Cleanup Log Files | This entry has been deprecated because its abstraction was too low-level. See CWE-532. |
| CWE-548 | Exposure of Information Through Directory Listing | The product inappropriately exposes a directory listing with an index of all the resources located inside of the directory. |
| CWE-550 | Server-generated Error Message Containing Sensitive Information | Certain conditions, such as network failure, will cause a server error message to be displayed. While error messages in and of themselves are not dangerous, p… |
| CWE-591 | Sensitive Data Storage in Improperly Locked Memory | The product stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files o… |
| CWE-598 | Use of HTTP Request With Sensitive Query String | The web application uses an HTTP method to process a request, but the request includes sensitive information in the query string. |
| CWE-615 | Inclusion of Sensitive Information in Source Code Comments | While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or li… |
| CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect i… |
| CWE-651 | Exposure of WSDL File Containing Sensitive Information | The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services … |
| CWE-668 | Exposure of Resource to Wrong Sphere | The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. |
| CWE-921 | Storage of Sensitive Data in a Mechanism without Access Control | The product stores sensitive information in a file system or device that does not have built-in access control. |
| CWE-922 | Insecure Storage of Sensitive Information | The product stores sensitive information without properly limiting read or write access by unauthorized actors. If read access is not properly restricted, the… |
| CWE-927 | Use of Implicit Intent for Sensitive Communication | The Android application uses an implicit intent for transmitting sensitive data to other applications. |