CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: SFP Secondary Cluster: Exposed Data

Category ID: 963
Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Exposed Data cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory895SFP Primary Cluster: Information Leak
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant5J2EE Misconfiguration: Data Transmission Without Encryption
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant7J2EE Misconfiguration: Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant8J2EE Misconfiguration: Entity Bean Declared Remote
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant11ASP.NET Misconfiguration: Creating Debug Binary
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant12ASP.NET Misconfiguration: Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant13ASP.NET Misconfiguration: Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base14Compiler Removal of Code to Clear Buffers
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base117Improper Output Neutralization for Logs
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class200Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant201Information Exposure Through Sent Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base209Information Exposure Through an Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base210Information Exposure Through Self-generated Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base211Information Exposure Through Externally-generated Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base212Improper Cross-boundary Removal of Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base213Intentional Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant214Information Exposure Through Process Environment
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant215Information Exposure Through Debug Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant219Sensitive Data Under Web Root
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant220Sensitive Data Under FTP Root
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base226Sensitive Information Uncleared Before Release
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant256Plaintext Storage of a Password
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base257Storing Passwords in a Recoverable Format
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant260Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base311Missing Encryption of Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base312Cleartext Storage of Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant313Cleartext Storage in a File or on Disk
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant314Cleartext Storage in the Registry
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant315Cleartext Storage of Sensitive Information in a Cookie
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant316Cleartext Storage of Sensitive Information in Memory
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant317Cleartext Storage of Sensitive Information in GUI
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant318Cleartext Storage of Sensitive Information in Executable
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base319Cleartext Transmission of Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base374Passing Mutable Objects to an Untrusted Method
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base375Returning a Mutable Object to an Untrusted Caller
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class402Transmission of Private Resources into a New Sphere ('Resource Leak')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant433Unparsed Raw Web Content Delivery
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant495Private Array-Typed Field Returned From A Public Method
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant497Exposure of System Data to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant498Cloneable Class Containing Sensitive Information
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant499Serializable Class Containing Sensitive Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base501Trust Boundary Violation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base522Insufficiently Protected Credentials
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant523Unprotected Transport of Credentials
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant526Information Exposure Through Environmental Variables
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant527Exposure of CVS Repository to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant528Exposure of Core Dump File to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant529Exposure of Access Control List Files to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant530Exposure of Backup File to an Unauthorized Control Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant532Information Exposure Through Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant533Information Exposure Through Server Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant534Information Exposure Through Debug Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant535Information Exposure Through Shell Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant536Information Exposure Through Servlet Runtime Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant537Information Exposure Through Java Runtime Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base538File and Directory Information Exposure
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant539Information Exposure Through Persistent Cookies
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant540Information Exposure Through Source Code
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant541Information Exposure Through Include Source Code
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant542Information Exposure Through Cleanup Log Files
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant546Suspicious Comment
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant548Information Exposure Through Directory Listing
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant550Information Exposure Through Server Error Message
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base552Files or Directories Accessible to External Parties
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant555J2EE Misconfiguration: Plaintext Password in Configuration File
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant591Sensitive Data Storage in Improperly Locked Memory
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant598Information Exposure Through Query Strings in GET Request
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant607Public Static Final Field References Mutable Object
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant612Information Exposure Through Indexing of Private Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant615Information Exposure Through Comments
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class642External Control of Critical State Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class669Incorrect Resource Transfer Between Spheres
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class756Missing Custom Error Page
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant767Access to Critical Private Variable via Public Method
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29Internal CWE Team

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017