CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-205: Information Exposure Through Behavioral Discrepancy

 
Information Exposure Through Behavioral Discrepancy
Weakness ID: 205 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The product's actions indicate important differences based on (1) the internal state of the product or (2) differences from other products in the same class.

Extended Description

For example, attacks such as OS fingerprinting rely heavily on both behavioral and response discrepancies.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality
Access Control

Technical Impact: Read application data; Bypass protection mechanism

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class203Information Exposure Through Discrepancy
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory967SFP Secondary Cluster: State Disclosure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant206Information Exposure of Internal State Through Behavioral Inconsistency
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant207Information Exposure Through an External Behavioral Inconsistency
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERBehavioral Discrepancy Infoleak
WASC45Fingerprinting
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2008-10-14CWE Content TeamMITREInternal
updated Description
2009-12-28CWE Content TeamMITREInternal
updated Description, Name
2010-02-16CWE Content TeamMITREInternal
updated Taxonomy_Mappings
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2009-12-28Behavioral Discrepancy Information Leak
Page Last Updated: July 30, 2014