CWE-208 – Observable Timing Discrepancy
Description Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals...
CWE-207 – Observable Behavioral Discrepancy With Equivalent Products
Description The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products...
CWE-206 – Observable Internal Behavioral Discrepancy
Description The product performs multiple behaviors that are combined to produce a single result, but the individual behaviors are observable separately in a way that...
CWE-205 – Observable Behavioral Discrepancy
Description The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision...
CWE-204 – Observable Response Discrepancy
Description The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended...
CWE-203 – Observable Discrepancy
Description The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant...
CWE-202 – Exposure of Sensitive Information Through Data Queries
Description When trying to keep information confidential, an attacker can often infer some of the information by using statistics. In situations where data should not...