Category: Limit Exposure
Draft
Summary
Weaknesses in this category are related to the design and architecture of the entry points to a system. Frequently these deal with minimizing the attack surface through designing the system with the least needed amount of entry points. The weaknesses in this category could lead to a degradation of a system's defenses if they are not addressed when designing or implementing a secure architecture.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-210 | Self-generated Error Message Containing Sensitive Information | The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information. |
| CWE-211 | Externally-Generated Error Message Containing Sensitive Information | The product performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the product, such as an error generated by the programming language interpreter that a software application uses. The error can contain sensitive system information. |
| CWE-214 | Invocation of Process Using Visible Sensitive Information | A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system. |
| CWE-550 | Server-generated Error Message Containing Sensitive Information | Certain conditions, such as network failure, will cause a server error message to be displayed. |
| CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere. |
| CWE-830 | Inclusion of Web Functionality from an Untrusted Source | The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting total access and control of the product to the untrusted source. |
| CWE-1008 | Architectural Concepts | This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be made when designing software. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.