CWE-756: Missing Custom Error Page

Base Incomplete Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product does not return custom error pages to the user, possibly exposing sensitive information.

常见后果

影响范围: Confidentiality

技术影响: Read Application Data

说明: Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.

关键信息

CWE ID: CWE-756

抽象级别: Base

结构: Simple

状态: Incomplete

相关弱点
ChildOf CWE-755

Improper Handling of Exceptional Conditions

Class
CanPrecede CWE-209

Generation of Error Message Containing Sensitive Information

Base
返回列表