CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-209
Jump to navigation
Jump to search
CWE-209: Information Exposure Through an Error Message
Description
Error messages are very useful for developers, in order to debug a web application. But they must be used on development servers only. Indeed, error messages that are displayed on production environments lead to information exposure for potential attackers.
Risk measurement
| Weakness Prevalence | High |
|---|---|
| Remediation Cost | Low |
| Attack Frequency | Often |
| Consequences | Data loss |
| Ease of Detection | Easy |
| Attacker Awareness | High |
Comments
Talk:CWE-SANS-Top-25/Insecure-interaction-between-components/CWE-209