CWE-550 - Server-generated Error Message Containing Sensitive Information

CWE-550

Abstraction:
Variant

Structure:
Simple

Status:
Incomplete

Weakness Name: Server-generated Error Message Containing Sensitive Information

Description: Certain conditions, such as network failure, will cause a server error message to be displayed.
While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data

Related Weaknesses: CWE-209Generation of Error Message Containing Sensitive InformationHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard