Variant weakness

Draft

CWE-219: Storage of File with Sensitive Data Under Web Root

The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Besides public-facing web pages and code, products may store sensitive data, code that is not directly invoked, or other files under the web document root of the web server. If the server is not configured or otherwise used to prevent direct access to those files, then attackers may obtain this sensitive data.

CWE-219: Storage of File with Sensitive Data Under Web Root

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-219?

What CVEs are caused by CWE-219?

Is CWE-219 part of the OWASP Top 10?

How do you prevent CWE-219?

What are the consequences of CWE-219?

Is CWE-219 actively exploited?

References

Stay ahead of CWE-219

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-219?

What CVEs are caused by CWE-219?

Is CWE-219 part of the OWASP Top 10?

How do you prevent CWE-219?

What are the consequences of CWE-219?

Is CWE-219 actively exploited?

References

Stay ahead of CWE-219