CWE-211 - Externally-Generated Error Message Containing Sensitive Information

CWE-211

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Externally-Generated Error Message Containing Sensitive Information

Description: The product performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the product, such as an error generated by the programming language interpreter that a software application uses. The error can contain sensitive system information.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data

Related Weaknesses: CWE-209Generation of Error Message Containing Sensitive InformationHigh

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard