Category: OWASP Top Ten 2010 Category A6 - Security Misconfiguration
Obsolete
Summary
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2010.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-209 | Generation of Error Message Containing Sensitive Information | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
| CWE-219 | Storage of File with Sensitive Data Under Web Root | The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. |
| CWE-250 | Execution with Unnecessary Privileges | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
| CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. |
| CWE-552 | Files or Directories Accessible to External Parties | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-809 | Weaknesses in OWASP Top Ten (2010) | CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2010. This view is considered obsolete as a newer version of the OWASP Top Ten is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.