This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Error Message Infoleaks"
From OWASP
m |
|||
Line 1: | Line 1: | ||
{{Stub}} | {{Stub}} | ||
{{Vulnerability}} | {{Vulnerability}} | ||
+ | |||
+ | [[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]] | ||
+ | |||
+ | Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}''' | ||
+ | |||
+ | [[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]] | ||
+ | |||
+ | [[ASDR Table of Contents]] | ||
+ | __TOC__ | ||
+ | |||
==Description== | ==Description== | ||
+ | |||
Error messages reveal too much detail about the application. | Error messages reveal too much detail about the application. | ||
− | ==Examples == | + | Attacker tries to obtain clues from the error messages. |
+ | |||
+ | |||
+ | ==Risk Factors== | ||
+ | |||
+ | TBD | ||
+ | |||
+ | ==Examples== | ||
+ | |||
+ | TBD | ||
+ | |||
+ | ==Related [[Attacks]]== | ||
+ | |||
+ | * [[Attack 1]] | ||
+ | * [[Attack 2]] | ||
+ | |||
+ | |||
+ | ==Related [[Vulnerabilities]]== | ||
− | ==Related | + | * [[Discrepancy Information Leaks]] |
− | + | ||
+ | |||
+ | |||
+ | ==Related [[Controls]]== | ||
+ | |||
+ | * [[:Category:Error Handling]] | ||
+ | |||
+ | |||
+ | |||
+ | ==Related [[Technical Impacts]]== | ||
+ | |||
+ | * [[Technical Impact 1]] | ||
+ | * [[Technical Impact 2]] | ||
+ | |||
+ | |||
+ | ==References== | ||
+ | TBD | ||
+ | |||
+ | [[Category:FIXME|add links | ||
+ | |||
+ | In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki> | ||
+ | |||
+ | Availability Vulnerability | ||
+ | |||
+ | Authorization Vulnerability | ||
+ | |||
+ | Authentication Vulnerability | ||
+ | |||
+ | Concurrency Vulnerability | ||
+ | |||
+ | Configuration Vulnerability | ||
+ | |||
+ | Cryptographic Vulnerability | ||
+ | |||
+ | Encoding Vulnerability | ||
+ | |||
+ | Error Handling Vulnerability | ||
+ | |||
+ | Input Validation Vulnerability | ||
+ | |||
+ | Logging and Auditing Vulnerability | ||
− | + | Session Management Vulnerability]] | |
− | + | __NOTOC__ | |
− | |||
− | |||
− | |||
+ | [[Category:OWASP ASDR Project]] | ||
[[Category:Error Handling Problem]] | [[Category:Error Handling Problem]] |
Revision as of 00:18, 24 September 2008
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 09/24/2008
Vulnerabilities Table of Contents
Description
Error messages reveal too much detail about the application.
Attacker tries to obtain clues from the error messages.
Risk Factors
TBD
Examples
TBD
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
TBD