CWE

Information Exposure Through Shell Error Message

ID: 535		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Variant

Description

A command shell error message indicates that there exists an unhandled exception in the web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.

Applicable Platforms
None

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Confidentiality	Read application data

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
		Do not expose sensitive error information to the user.

Relationships

Related CWE	Type	View	Chain
CWE-535 ChildOf CWE-895	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
Anonymous Tool Vendor (under NDA)

References:
None