CWE-219: Sensitive Data Under Web Root
Sensitive Data Under Web Root
Weakness ID: 219 (Weakness Variant) Status: Draft
Description
Description Summary
The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.
Time of Introduction
Common Consequences
Scope Effect
Confidentiality
Technical Impact: Read application
data
Observed Examples
Potential Mitigations
Avoid storing information under the web root directory.
Access control permissions should be set to prevent reading/writing of
sensitive files inside/outside of the web directory.
Relationships
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name
PLOVER Sensitive Data Under Web Root
OWASP Top Ten 2004 A10 CWE_More_Specific Insecure Configuration Management
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-08-15 Veracode External Suggested OWASP Top Ten 2004
mapping 2008-09-08 CWE Content Team MITRE Internal updated Relationships,
Taxonomy_Mappings 2009-12-28 CWE Content Team MITRE Internal updated Relationships 2010-06-21 CWE Content Team MITRE Internal updated Relationships 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences