CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-528: Exposure of Core Dump File to an Unauthorized Control Sphere

 
Exposure of Core Dump File to an Unauthorized Control Sphere
Weakness ID: 528 (Weakness Variant)Status: Draft
+ Description

Description Summary

The product generates a core dump file in a directory that is accessible to actors outside of the intended control sphere.
+ Time of Introduction
  • Implementation
  • Operation
+ Common Consequences
ScopeEffect

Technical Impact: Read application data; Read files or directories

+ Potential Mitigations

Phase: System Configuration

Protect the core dump files from unauthorized access.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base538File and Directory Information Exposure
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfWeakness BaseWeakness Base552Files or Directories Accessible to External Parties
Development Concepts699
Research Concepts1000
ChildOfCategoryCategory731OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOfCategoryCategory742CERT C Secure Coding Section 08 - Memory Management (MEM)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory876CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory895SFP Cluster: Information Leak
Software Fault Pattern (SFP) Clusters (primary)888
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
Anonymous Tool Vendor (under NDA)
CERT C Secure CodingMEM06-CEnsure that sensitive data is not written out to disk
CERT C++ Secure CodingMEM06-CPPEnsure that sensitive data is not written out to disk
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01CigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08MITREInternal
updated Relationships, Taxonomy_Mappings
2008-11-24MITREInternal
updated Relationships, Taxonomy_Mappings
2009-03-10MITREInternal
updated Relationships
2009-12-28MITREInternal
updated Description, Name
2011-06-01MITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2011-09-13MITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11MITREInternal
updated Relationships, Taxonomy_Mappings
2012-10-30MITREInternal
updated Potential_Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2009-12-28Information Leak Through Core Dump Files
Page Last Updated: June 23, 2014