Information Exposure Through Externally-Generated Error Message [CWE-211] — The Hacktivists

Credit: https://www.immuniweb.com/

1. Description
………………………………

This weakness describes an information disclosure case where software performs an operation that triggers an error or diagnostic message in an external component. It is a child element of Information Exposure weakness and should be treated as such.

2. Potential impact
………………………………

An attacker might be able to gain access to restricted information and use it to widen the attack surface. Depending on the disclosed information, it might be possible to escalate privileges within the application or, in rare cases, to gain complete control over the system.

3. Exploitation Examples
………………………………..

4. Severity and CVSS Scoring
……………………………………..

Here is a scoring example of installation path disclosure.
3.7 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N] — Low severity.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
The Hacktivists

The Hacktivists

Contact us for Information Security Services & Training https://thehacktivists.in/