CWE-211: Externally-Generated Error Message Containing Sensitive Information
The product performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the product, such as an error generated by the programming language interpreter that a software application uses. The error can contain sensitive system information.
Last updated
Overview
CWE-211 (Externally-Generated Error Message Containing Sensitive Information) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-211 is exploited.
Read Application Data
Affects: Confidentiality
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-211, grouped by where in the lifecycle they apply.