Certain conditions, such as network failure, will cause a server error message to be displayed.
View on MITREWhile error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
CWE-550: Server-generated Error Message Containing Sensitive Information is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Certain conditions, such as network failure, will cause a server error message to be displayed. While error messages in and of themselves are not dangerous, per se, it is what an attacker can glean from them that might cause eventual problems.
If exploited, CWE-550 (Server-generated Error Message Containing Sensitive Information) it can compromise Confidentiality, leading to outcomes such as Read Application Data.
Recommended mitigations for CWE-550 include: Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
A CWE (Common Weakness Enumeration) like CWE-550 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.