CWE-550: Server-generated Error Message Containing Sensitive Information
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
Certain conditions, such as network failure, will cause a server error message to be displayed.
扩展描述
While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
常见后果
影响范围: Confidentiality
技术影响: Read Application Data
潜在缓解措施
阶段: Architecture and Design System Configuration
描述: Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |