CWE - CWE-538: File and Directory Information Leaks (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-538: File and Directory Information Leaks

File and Directory Information Leaks

Weakness ID: 538 (Weakness Base)

Status: Draft

Description

Description Summary

Weaknesses in this category are related to information leaks in files and directories.

Time of Introduction

Implementation
Operation

Applicable Platforms

Languages

All

Potential Mitigations

Phase	Description
	Do not expose file and directory information to the user.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Weakness Class	200	Information Leak (Information Disclosure)	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	527	Information Leak Through CVS Repository	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	528	Information Leak Through Core Dump Files	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	529	Information Leak Through Access Control List Files	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	530	Information Leak Through Backup (.~bk) Files	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	532	Information Leak Through Log Files	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	539	Information Leak Through Persistent Cookies	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	540	Information Leak Through Source Code	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	548	Information Leak Through Directory Listing	Development Concepts (primary)699 Research Concepts (primary)1000
ParentOf	Weakness Variant	611	Information Leak Through XML External Entity File Disclosure	Development Concepts (primary)699 Research Concepts1000
ParentOf	Weakness Variant	651	Information Leak through WSDL File	Development Concepts (primary)699 Research Concepts (primary)1000

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Potential Mitigations, Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Relationships, Type

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us