Information Leak Through Source Code |
Weakness ID: 540 (Weakness Variant) | Status: Incomplete |
Description Summary
Source code on a web server often contains sensitive information and should generally not be accessible to users.
Extended Description
There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to view the logic of the script and extract extremely useful information such as code bugs or logins and passwords.
Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 538 | File and Directory Information Exposure | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | ![]() | 552 | Files or Directories Accessible to External Parties | Development Concepts699 Research Concepts1000 |
ChildOf | ![]() | 731 | OWASP Top Ten 2004 Category A10 - Insecure Configuration Management | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ParentOf | ![]() | 531 | Information Leak Through Test Code | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 541 | Information Leak Through Include Source Code | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 615 | Information Leak Through Comments | Development Concepts (primary)699 Research Concepts (primary)1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
Anonymous Tool Vendor (under NDA) | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2008-10-14 | CWE Content Team | MITRE | Internal | |
updated Description | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Relationships |