CWE-538 - Insertion of Sensitive Information into Externally-Accessible File or Directory

Read Time:21 Second

Description

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-200

Consequences

Confidentiality: Read Files or Directories

Potential Mitigations

Phase: Architecture and Design, Operation, System Configuration

Description:

Do not expose file and directory information to the user.

CVE References

InCWE- 538, Insertion of Sensitive Information into Externally-Accessible File or Directory

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022