CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-895: SFP Cluster: Information Leak

 
SFP Cluster: Information Leak
Category ID: 895 (Category)Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Information Leak cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness VariantWeakness Variant5J2EE Misconfiguration: Data Transmission Without Encryption
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant6J2EE Misconfiguration: Insufficient Session-ID Length
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant7J2EE Misconfiguration: Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant8J2EE Misconfiguration: Entity Bean Declared Remote
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant11ASP.NET Misconfiguration: Creating Debug Binary
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant12ASP.NET Misconfiguration: Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant13ASP.NET Misconfiguration: Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base14Compiler Removal of Code to Clear Buffers
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base117Improper Output Neutralization for Logs
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class200Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant201Information Exposure Through Sent Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant202Exposure of Sensitive Data Through Data Queries
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class203Information Exposure Through Discrepancy
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base204Response Discrepancy Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base205Information Exposure Through Behavioral Discrepancy
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant206Information Exposure of Internal State Through Behavioral Inconsistency
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant207Information Exposure Through an External Behavioral Inconsistency
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base208Information Exposure Through Timing Discrepancy
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base209Information Exposure Through an Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base210Information Exposure Through Self-generated Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base211Information Exposure Through Externally-generated Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base212Improper Cross-boundary Removal of Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base213Intentional Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant214Information Exposure Through Process Environment
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant215Information Exposure Through Debug Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant219Sensitive Data Under Web Root
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant220Sensitive Data Under FTP Root
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base226Sensitive Information Uncleared Before Release
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant256Plaintext Storage of a Password
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base257Storing Passwords in a Recoverable Format
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant260Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base311Missing Encryption of Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base312Cleartext Storage of Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant313Cleartext Storage in a File or on Disk
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant314Cleartext Storage in the Registry
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant315Cleartext Storage of Sensitive Information in a Cookie
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant316Cleartext Storage of Sensitive Information in Memory
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant317Cleartext Storage of Sensitive Information in GUI
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant318Cleartext Storage of Sensitive Information in Executable
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base319Cleartext Transmission of Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base374Passing Mutable Objects to an Untrusted Method
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base375Returning a Mutable Object to an Untrusted Caller
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base377Insecure Temporary File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base378Creation of Temporary File With Insecure Permissions
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base379Creation of Temporary File in Directory with Incorrect Permissions
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class402Transmission of Private Resources into a New Sphere ('Resource Leak')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant433Unparsed Raw Web Content Delivery
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base453Insecure Default Variable Initialization
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class485Insufficient Encapsulation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant487Reliance on Package-level Scope
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant488Exposure of Data Element to Wrong Session
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant492Use of Inner Class Containing Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant495Private Array-Typed Field Returned From A Public Method
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant497Exposure of System Data to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant498Cloneable Class Containing Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant499Serializable Class Containing Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base501Trust Boundary Violation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant523Unprotected Transport of Credentials
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant524Information Exposure Through Caching
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant525Information Exposure Through Browser Caching
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant526Information Exposure Through Environmental Variables
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant527Exposure of CVS Repository to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant528Exposure of Core Dump File to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant529Exposure of Access Control List Files to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant530Exposure of Backup File to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant532Information Exposure Through Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant533Information Exposure Through Server Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant534Information Exposure Through Debug Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant535Information Exposure Through Shell Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant536Information Exposure Through Servlet Runtime Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant537Information Exposure Through Java Runtime Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base538File and Directory Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant539Information Exposure Through Persistent Cookies
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant540Information Exposure Through Source Code
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant541Information Exposure Through Include Source Code
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant542Information Exposure Through Cleanup Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant546Suspicious Comment
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant548Information Exposure Through Directory Listing
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant550Information Exposure Through Server Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base552Files or Directories Accessible to External Parties
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant555J2EE Misconfiguration: Plaintext Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant591Sensitive Data Storage in Improperly Locked Memory
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant598Information Exposure Through Query Strings in GET Request
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant607Public Static Final Field References Mutable Object
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant612Information Exposure Through Indexing of Private Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant615Information Exposure Through Comments
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class642External Control of Critical State Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant651Information Exposure Through WSDL File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class669Incorrect Resource Transfer Between Spheres
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class756Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant767Access to Critical Private Variable via Public Method
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView888Software Fault Pattern (SFP) Clusters
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2012-03-22Internal CWE Team
Page Last Updated: February 18, 2014