Read Time:40 Second
Description
The product’s intended functionality exposes information to certain actors in accordance with the developer’s security policy, but this information is regarded as sensitive according to the intended security policies of other stakeholders such as the product’s administrator, users, or others whose information is being processed.
Modes of Introduction:
– Policy
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Potential Mitigations
CVE References
- CVE-2002-1725
- Script calls phpinfo()
- CVE-2004-0033
- Script calls phpinfo()
- CVE-2003-1181
- Script calls phpinfo()
- CVE-2004-1422
- Script calls phpinfo()
- CVE-2004-1590
- Script calls phpinfo()
- CVE-2003-1038
- Product lists DLLs and full pathnames.
- CVE-2005-1205
- Telnet protocol allows servers to obtain sensitive environment information from clients.
- CVE-2005-0488
- Telnet protocol allows servers to obtain sensitive environment information from clients.