CWE-540 通过源代码导致的信息暴露
Information Exposure Through Source Code
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
Source code on a web server often contains sensitive information and should generally not be accessible to users.
扩展描述
There are situations where it is critical to remove source code from an area or server. For example, obtaining Perl source code on a system allows an attacker to understand the logic of the script and extract extremely useful information such as code bugs or logins and passwords.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 538 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 1000
-
cwe_Nature: ChildOf cwe_CWE_ID: 552 cwe_View_ID: 699
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Confidentiality | Read Application Data |
可能的缓解方案
['Architecture and Design', 'System Configuration']
策略:
Recommendations include removing this script from the web server and moving it to a location not accessible from the Internet.