CWE-963 Détail de la faiblesse

Justification : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Commentaire : See member weaknesses of this category.

Soumission

Nom	Organisation	Date	Date de publication	Version
CWE Content Team	MITRE	2014-07-29 +00:00	2014-07-31 +00:00	2.8

Modifications

Nom	Organisation	Date	Commentaire
CWE Content Team	MITRE	2018-03-27 +00:00	updated Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Description
CWE Content Team	MITRE	2023-04-27 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

Détail de la catégorie CWE-963

CWE-963

Nom: SFP Secondary Cluster: Exposed Data

Listes des membres CWE

CWE-11: ASP.NET Misconfiguration: Creating Debug Binary Base

CWE-117: Improper Output Neutralization for Logs Base

CWE-12: ASP.NET Misconfiguration: Missing Custom Error Page Base

CWE-13: ASP.NET Misconfiguration: Password in Configuration File Base

CWE-14: Compiler Removal of Code to Clear Buffers Base

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Base

CWE-201: Insertion of Sensitive Information Into Sent Data Base

CWE-209: Generation of Error Message Containing Sensitive Information Base

CWE-210: Self-generated Error Message Containing Sensitive Information Base

CWE-211: Externally-Generated Error Message Containing Sensitive Information Base

CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer Base

CWE-213: Exposure of Sensitive Information Due to Incompatible Policies Base

CWE-214: Invocation of Process Using Visible Sensitive Information Base

CWE-215: Insertion of Sensitive Information Into Debugging Code Base

CWE-219: Storage of File with Sensitive Data Under Web Root Base

CWE-220: Storage of File With Sensitive Data Under FTP Root Base

CWE-226: Sensitive Information in Resource Not Removed Before Reuse Base

CWE-244: Improper Clearing of Heap Memory Before Release ('Heap Inspection') Base

CWE-256: Plaintext Storage of a Password Base

CWE-257: Storing Passwords in a Recoverable Format Base

CWE-260: Password in Configuration File Base

CWE-311: Missing Encryption of Sensitive Data Base

CWE-312: Cleartext Storage of Sensitive Information Base

CWE-313: Cleartext Storage in a File or on Disk Base

CWE-314: Cleartext Storage in the Registry Base

CWE-315: Cleartext Storage of Sensitive Information in a Cookie Base

CWE-316: Cleartext Storage of Sensitive Information in Memory Base

CWE-317: Cleartext Storage of Sensitive Information in GUI Base

CWE-318: Cleartext Storage of Sensitive Information in Executable Base

CWE-319: Cleartext Transmission of Sensitive Information Base

CWE-374: Passing Mutable Objects to an Untrusted Method Base

CWE-375: Returning a Mutable Object to an Untrusted Caller Base

CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak') Base

CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') Base

CWE-433: Unparsed Raw Web Content Delivery Base

CWE-495: Private Data Structure Returned From A Public Method Base

CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere Base

CWE-498: Cloneable Class Containing Sensitive Information Base

CWE-499: Serializable Class Containing Sensitive Data Base

CWE-5: J2EE Misconfiguration: Data Transmission Without Encryption Base

CWE-501: Trust Boundary Violation Base

CWE-522: Insufficiently Protected Credentials Base

CWE-523: Unprotected Transport of Credentials Base

CWE-526: Cleartext Storage of Sensitive Information in an Environment Variable Base

CWE-527: Exposure of Version-Control Repository to an Unauthorized Control Sphere Base

CWE-528: Exposure of Core Dump File to an Unauthorized Control Sphere Base

CWE-529: Exposure of Access Control List Files to an Unauthorized Control Sphere Base

CWE-530: Exposure of Backup File to an Unauthorized Control Sphere Base

CWE-532: Insertion of Sensitive Information into Log File Base

CWE-535: Exposure of Information Through Shell Error Message Base

CWE-536: Servlet Runtime Error Message Containing Sensitive Information Base

CWE-537: Java Runtime Error Message Containing Sensitive Information Base

CWE-538: Insertion of Sensitive Information into Externally-Accessible File or Directory Base

CWE-539: Use of Persistent Cookies Containing Sensitive Information Base

CWE-540: Inclusion of Sensitive Information in Source Code Base

CWE-541: Inclusion of Sensitive Information in an Include File Base

CWE-546: Suspicious Comment Base

CWE-548: Exposure of Information Through Directory Listing Base

CWE-550: Server-generated Error Message Containing Sensitive Information Base

CWE-552: Files or Directories Accessible to External Parties Base

CWE-555: J2EE Misconfiguration: Plaintext Password in Configuration File Base

CWE-591: Sensitive Data Storage in Improperly Locked Memory Base

CWE-598: Use of GET Request Method With Sensitive Query Strings Base

CWE-607: Public Static Final Field References Mutable Object Base

CWE-612: Improper Authorization of Index Containing Sensitive Information Base

CWE-615: Inclusion of Sensitive Information in Source Code Comments Base

CWE-642: External Control of Critical State Data Base

CWE-668: Exposure of Resource to Wrong Sphere Base

CWE-669: Incorrect Resource Transfer Between Spheres Base

CWE-7: J2EE Misconfiguration: Missing Custom Error Page Base

CWE-756: Missing Custom Error Page Base

CWE-767: Access to Critical Private Variable via Public Method Base

CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote Base

Informations du CWE

Notes de cartographie des vulnérabilités

Soumission