Description
Certain conditions, such as network failure, will cause a server error message to be displayed.
While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
Potential Impact
Confidentiality
Read Application Data
Mitigations & Prevention
Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
Related Weaknesses
Frequently Asked Questions
What is CWE-550?
CWE-550 (Server-generated Error Message Containing Sensitive Information) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. Certain conditions, such as network failure, will cause a server error message to be displayed.
How can CWE-550 be exploited?
Attackers can exploit CWE-550 (Server-generated Error Message Containing Sensitive Information) to read application data. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-550?
Key mitigations include: Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and pr
What is the severity of CWE-550?
CWE-550 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.