File and Directory Information Exposure |
Weakness ID: 538 (Weakness Base) | Status: Draft |
Description Summary
The product stores sensitive information in files or directories that are accessible to actors outside of the intended control sphere.
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 200 | Information Exposure | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 527 | Exposure of CVS Repository to an Unauthorized Control Sphere | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 530 | Exposure of Backup File to an Unauthorized Control Sphere | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 532 | Information Leak Through Log Files | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 539 | Information Leak Through Persistent Cookies | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 540 | Information Leak Through Source Code | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 548 | Information Leak Through Directory Listing | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 611 | Information Leak Through XML External Entity File Disclosure | Development Concepts (primary)699 Research Concepts1000 |
ParentOf | ![]() | 651 | Information Leak through WSDL File | Development Concepts (primary)699 Research Concepts (primary)1000 |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
95 | WSDL Scanning |
Depending on usage, this could be a weakness or a category. Further study of all its children is needed, and the entire sub-tree may need to be clarified. The current organization is based primarily on the exposure of sensitive information as a consequence, instead of as a primary weakness. |
There is a close relationship with CWE-552, which is more focused on weaknesses. As a result, it may be more appropriate to convert CWE-538 to a category. |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Type | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Description, Maintenance Notes, Name | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2009-12-28 | File and Directory Information Leaks | |||