CWE-211: Externally-Generated Error Message Containing Sensitive Information
ID
CWE-211
Abstraction
Base
Structure
Simple
Status
Incomplete
The product performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the product, such as an error generated by the programming language interpreter that a software application uses. The error can contain sensitive system information.
Modes of Introduction
| Phase | Note |
|---|---|
| Architecture and Design | PHP applications are often targeted for having this issue when the PHP interpreter generates the error outside of the application's control. However, other languages/environments exhibit the same issue. |
| Implementation | REALIZATION: This weakness is caused during implementation of an architectural security tactic. |
| Operation |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | PHP | ||
| Language | Not Language-Specific |
Loading...