CWE-533 – DEPRECATED: Information Exposure Through Server Log Files
Description This entry has been deprecated because its abstraction was too low-level. See CWE-532. Modes of Introduction: Related Weaknesses Consequences Potential...
CWE-532 – Insertion of Sensitive Information into Log File
Description Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Modes...
CWE-531 – Inclusion of Sensitive Information in Test Code
Description Accessible test applications can pose a variety of security risks. Since developers or administrators rarely consider that someone besides themselves would even know about...
CWE-530 – Exposure of Backup File to an Unauthorized Control Sphere
Description A backup file is stored in a directory or archive that is made accessible to unauthorized actors. Often, older backup files are renamed with...
CWE-53 – Path Equivalence: ‘multiple\internalbackslash’
Description A software system that accepts path input in the form of multiple internal backslash ('multipletrailing\slash') without appropriate validation can lead to ambiguous path resolution...
CWE-529 – Exposure of Access Control List Files to an Unauthorized Control Sphere
Description The product stores access control list files in a directory or other container that is accessible to actors outside of the intended control sphere....
CWE-528 – Exposure of Core Dump File to an Unauthorized Control Sphere
Description The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized...
CWE-527 – Exposure of Version-Control Repository to an Unauthorized Control Sphere
Description The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible...
CWE-526 – Exposure of Sensitive Information Through Environmental Variables
Description Environmental variables may contain sensitive information about a remote server. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-497 Consequences...
CWE-525 – Use of Web Browser Cache Containing Sensitive Information
Description The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should...