CWE-550

Server-generated Error Message Containing Sensitive Information

Certain conditions, such as network failure, will cause a server error message to be displayed.

Mitigation

Phases: Architecture and Design, System Configuration

Description:

  • Recommendations include designing and adding consistent error handling mechanisms which are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page