CWE-213 - Exposure of Sensitive Information Due to Incompatible Policies

Read Time:40 Second

Description

The product’s intended functionality exposes information to certain actors in accordance with the developer’s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product’s administrator, users, or others whose information is being processed.

Modes of Introduction:

– Policy

Related Weaknesses

CWE-200

Consequences

Confidentiality: Read Application Data

Potential Mitigations

CVE References

CVE-2002-1725
- Script calls phpinfo()

CVE-2004-0033
- Script calls phpinfo()

CVE-2003-1181
- Script calls phpinfo()

CVE-2004-1422
- Script calls phpinfo()

CVE-2004-1590
- Script calls phpinfo()

CVE-2003-1038
- Product lists DLLs and full pathnames.

CVE-2005-1205
- Telnet protocol allows servers to obtain sensitive environment information from clients.

CVE-2005-0488
- Telnet protocol allows servers to obtain sensitive environment information from clients.

Cyber Security News

CWE-213 – Exposure of Sensitive Information Due to Incompatible Policies

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more