CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: SFP Secondary Cluster: Exposed Data

Category ID: 963
Status: Incomplete
+ Summary
This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster.
+ Membership
NatureTypeIDName
MemberOfCategoryCategory895SFP Primary Cluster: Information Leak
HasMemberVariantVariant5J2EE Misconfiguration: Data Transmission Without Encryption
HasMemberVariantVariant7J2EE Misconfiguration: Missing Custom Error Page
HasMemberVariantVariant8J2EE Misconfiguration: Entity Bean Declared Remote
HasMemberVariantVariant11ASP.NET Misconfiguration: Creating Debug Binary
HasMemberVariantVariant12ASP.NET Misconfiguration: Missing Custom Error Page
HasMemberVariantVariant13ASP.NET Misconfiguration: Password in Configuration File
HasMemberBaseBase14Compiler Removal of Code to Clear Buffers
HasMemberBaseBase117Improper Output Neutralization for Logs
HasMemberClassClass200Information Exposure
HasMemberVariantVariant201Information Exposure Through Sent Data
HasMemberBaseBase209Information Exposure Through an Error Message
HasMemberBaseBase210Information Exposure Through Self-generated Error Message
HasMemberBaseBase211Information Exposure Through Externally-Generated Error Message
HasMemberBaseBase212Improper Cross-boundary Removal of Sensitive Data
HasMemberBaseBase213Intentional Information Exposure
HasMemberVariantVariant214Information Exposure Through Process Environment
HasMemberVariantVariant215Information Exposure Through Debug Information
HasMemberVariantVariant219Sensitive Data Under Web Root
HasMemberVariantVariant220Sensitive Data Under FTP Root
HasMemberBaseBase226Sensitive Information Uncleared Before Release
HasMemberVariantVariant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberVariantVariant256Plaintext Storage of a Password
HasMemberBaseBase257Storing Passwords in a Recoverable Format
HasMemberVariantVariant260Password in Configuration File
HasMemberBaseBase311Missing Encryption of Sensitive Data
HasMemberBaseBase312Cleartext Storage of Sensitive Information
HasMemberVariantVariant313Cleartext Storage in a File or on Disk
HasMemberVariantVariant314Cleartext Storage in the Registry
HasMemberVariantVariant315Cleartext Storage of Sensitive Information in a Cookie
HasMemberVariantVariant316Cleartext Storage of Sensitive Information in Memory
HasMemberVariantVariant317Cleartext Storage of Sensitive Information in GUI
HasMemberVariantVariant318Cleartext Storage of Sensitive Information in Executable
HasMemberBaseBase319Cleartext Transmission of Sensitive Information
HasMemberBaseBase374Passing Mutable Objects to an Untrusted Method
HasMemberBaseBase375Returning a Mutable Object to an Untrusted Caller
HasMemberClassClass402Transmission of Private Resources into a New Sphere ('Resource Leak')
HasMemberBaseBase403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberVariantVariant433Unparsed Raw Web Content Delivery
HasMemberVariantVariant495Private Array-Typed Field Returned From A Public Method
HasMemberVariantVariant497Exposure of System Data to an Unauthorized Control Sphere
HasMemberVariantVariant498Cloneable Class Containing Sensitive Information
HasMemberVariantVariant499Serializable Class Containing Sensitive Data
HasMemberBaseBase501Trust Boundary Violation
HasMemberBaseBase522Insufficiently Protected Credentials
HasMemberVariantVariant523Unprotected Transport of Credentials
HasMemberVariantVariant526Information Exposure Through Environmental Variables
HasMemberVariantVariant527Exposure of CVS Repository to an Unauthorized Control Sphere
HasMemberVariantVariant528Exposure of Core Dump File to an Unauthorized Control Sphere
HasMemberVariantVariant529Exposure of Access Control List Files to an Unauthorized Control Sphere
HasMemberVariantVariant530Exposure of Backup File to an Unauthorized Control Sphere
HasMemberVariantVariant532Information Exposure Through Log Files
HasMemberVariantVariant533Information Exposure Through Server Log Files
HasMemberVariantVariant534Information Exposure Through Debug Log Files
HasMemberVariantVariant535Information Exposure Through Shell Error Message
HasMemberVariantVariant536Information Exposure Through Servlet Runtime Error Message
HasMemberVariantVariant537Information Exposure Through Java Runtime Error Message
HasMemberBaseBase538File and Directory Information Exposure
HasMemberVariantVariant539Information Exposure Through Persistent Cookies
HasMemberVariantVariant540Information Exposure Through Source Code
HasMemberVariantVariant541Information Exposure Through Include Source Code
HasMemberVariantVariant542Information Exposure Through Cleanup Log Files
HasMemberVariantVariant546Suspicious Comment
HasMemberVariantVariant548Information Exposure Through Directory Listing
HasMemberVariantVariant550Information Exposure Through Server Error Message
HasMemberBaseBase552Files or Directories Accessible to External Parties
HasMemberVariantVariant555J2EE Misconfiguration: Plaintext Password in Configuration File
HasMemberVariantVariant591Sensitive Data Storage in Improperly Locked Memory
HasMemberVariantVariant598Information Exposure Through Query Strings in GET Request
HasMemberVariantVariant607Public Static Final Field References Mutable Object
HasMemberVariantVariant612Information Exposure Through Indexing of Private Data
HasMemberVariantVariant615Information Exposure Through Comments
HasMemberClassClass642External Control of Critical State Data
HasMemberClassClass668Exposure of Resource to Wrong Sphere
HasMemberClassClass669Incorrect Resource Transfer Between Spheres
HasMemberClassClass756Missing Custom Error Page
HasMemberVariantVariant767Access to Critical Private Variable via Public Method
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29CWE Content TeamMITRE

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017