CWE - CWE-731: OWASP Top Ten 2004 Category A10 - Insecure Configuration Management (1.6)

Home > CWE List > CWE- Individual Dictionary Definition (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-731: OWASP Top Ten 2004 Category A10 - Insecure Configuration Management

OWASP Top Ten 2004 Category A10 - Insecure Configuration Management

Category ID: 731 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2004.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Category	4	J2EE Environment Issues	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Category	10	ASP.NET Environment Issues	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	209	Error Message Information Leak	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Variant	215	Information Leak Through Debug Information	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	219	Sensitive Data Under Web Root	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Category	275	Permission Issues	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Category	295	Certificate Issues	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	459	Incomplete Cleanup	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	489	Leftover Debug Code	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	526	Information Leak Through Environmental Variables	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	527	Information Leak Through CVS Repository	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	528	Information Leak Through Core Dump Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	529	Information Leak Through Access Control List Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	530	Information Leak Through Backup (.~bk) Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	531	Information Leak Through Test Code	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	532	Information Leak Through Log Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	533	Information Leak Through Server Log Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	534	Information Leak Through Debug Log Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	540	Information Leak Through Source Code	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	541	Information Leak Through Include Source Code	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	542	Information Leak Through Cleanup Log Files	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	548	Information Leak Through Directory Listing	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	552	Files or Directories Accessible to External Parties	Weaknesses in OWASP Top Ten (2004) (primary)711
MemberOf	View	711	Weaknesses in OWASP Top Ten (2004)	Weaknesses in OWASP Top Ten (2004) (primary)711

References

OWASP. "A10 Insecure Configuration Management". 2007. <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-08-15		Veracode	External Submission
2008-08-15	Suggested creation of view and provided mappings
Modifications
Modification Date	Modifier	Organization	Source
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Relationships

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us