涔愯儢浠ｈ喘鍏嶄唬鐞嗙増

嫟捠惼庛惈僞僀僾堦棗CWE偲偼

CWE-200

Weakness ID:200(Weakness Class)

Status: Incomplete

忣曬楻偊偄

夝愢

夝愢梫栺

忣曬偺楻偊偄偲偼丄摉奩忣曬偵傾僋僙僗偡傞偨傔偺擣壜傪柧帵揑偵庴偗偰偄側偄幰偵懳偟偰顣駛獔訍}揑偵偁傞偄偼堄恾偣偢偵奐帵偝傟傞偙偲偱偡丅

徻嵶側夝愢

忣曬偲偼丄埲壓偺偄偢傟偐傪巜偟傑偡丅
1) 撪晹儊僢僙乕僕側偳丄惢昳帺懱偺婡擻偺拞偱怲廳偵埖傢傟傞忣曬
2) 峌寕幰偵偲偭偰桳塿偩偑捠忢偼擖庤壜擻偱側偄丄惢昳傗娐嫬偵娭偡傞忣曬 (儕儌乕僩偱傾僋僙僗壜擻側惢昳僀儞僗僩乕儖僷僗側偳)

忣曬偺楻偊偄偺懡偔偼丄懠偺惼庛惈偲娭楢偟偨寢壥偲偟偰敪惗偟傑偡偑 (椺丗PHP 僗僋儕僾僩僄儔乕偵偍偗傞僷僗偺楻偊偄) 丄扨撈偱敪惗偡傞壜擻惈傕偁傝傑偡 (椺丗埫崋張棟偵偍偗傞僞僀儈儞僌偺晄堦抳) 丅忣曬偺楻偊偄傪彽偔惼庛惈偼懡庬懡條偱偡丅偙傟傜偺惼庛惈偺塭嬁搙偼丄楻偊偄偟偨忣曬偺庬椶偵埶懚偟傑偡丅

暿柤

Information Disclosure乮忣曬岞奐乯:

偙偺梡岅偼惼庛惈僨乕僞儀乕僗傗偦偺懠偺忣曬尮偵偍偄偰巊梡偝傟傑偡偑丄"disclosure(岞奐)" 偲偄偆尵梩偑忢偵僙僉儏儕僥傿偵娭偡傞堄枴傪娷傓傢偗偱偼偁傝傑偣傫丅傑偨丄惌嶔傗朄娭楢偺暥彂偵偍偄偰傕傛偔巊梡偝傟偰偄傑偡偑丄僙僉儏儕僥傿偵娭楢偡傞忣曬偺岞奐偵偮偄偰偼尵媦偝傟偰偄傑偣傫丅

Information Leak乮忣曬楻偊偄乯:

"leak" 偲偄偆尵梩偑傛偔巊梡偝傟傑偡偑丄僙僉儏儕僥傿偵偍偄偰偼暋悢偺堄枴傪帩偪傑偡丅堦曽偱忣曬偑偝傜偝傟傞偙偲傪巜偡斀柺丄"memory leak(儊儌儕儕乕僋)" 偺傛偆偵屚妷偵偮側偑傞傛偆側儕僜乕僗偺晄惓側捛愓傪巜偡応崌傕偁傝傑偡丅偦偺偨傔丄CWE 偱偼 "leak" 偺巊梡傪旔偗偰偄傑偡丅

惼庛惈偺敪惗帪婜

傾乕僉僥僋僠儍偍傛傃愝寁
幚憰

奩摉偡傞僾儔僢僩僼僅乕儉

尵岅

慡偰

峌寕傪庴偗傞壜擻惈

崅偄

旐奞偺娚榓嶔

怣棅偱偒傞嫬奅偱柧妋偵嬫愗傜傟傞乽埨慡側乿嬫堟傪妋曐偡傞偨傔丄僔僗僥儉傪嬫暘偗偟偰壓偝偄丅婡枾忣曬偑怣棅偱偒傞嫬奅偺奜晹偵弌偰峴偔偙偲傪嫋壜偣偢丄埨慡椞堟偺奜晹偺嬫夋偵僀儞僞乕僼僃乕僗偱寢崌偡傞応崌偼拲堄偟偰壓偝偄丅

敪惗偵偍偗傞懠偺惼庛惈偲偺埶懚娭學

埶懚娭學	徻嵶
埶懚揑	懠偺惼庛惈偑懚嵼偡傞偙偲偵傛傝敪惗

娭學惈

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	199	Information Management Errors	Development Concepts (primary)699
ChildOf	Weakness Class	668	Exposure of Resource to Wrong Sphere	Research Concepts (primary)1000
ChildOf	Category	717	OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling	Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOf	Weakness Variant	201	Information Exposure Through Sent Data	Development Concepts (primary)699
ParentOf	Weakness Variant	201	Information Exposure Through Sent Data	Research Concepts (primary)1000
ParentOf	Weakness Variant	202	Privacy Leak through Data Queries	Development Concepts (primary)699
ParentOf	Weakness Class	203	Information Exposure Through Discrepancy	Development Concepts (primary)699
ParentOf	Weakness Class	203	Information Exposure Through Discrepancy	Research Concepts (primary)1000
ParentOf	Weakness Base	209	Information Exposure Through an Error Message	Development Concepts (primary)699
ParentOf	Weakness Base	209	Information Exposure Through an Error Message	Research Concepts (primary)1000
ParentOf	Weakness Base	212	Improper Cross-boundary Removal of Sensitive Data	Development Concepts (primary)699
ParentOf	Weakness Base	212	Improper Cross-boundary Removal of Sensitive Data	Research Concepts (primary)1000
ParentOf	Weakness Base	213	Intended Information Leak	Development Concepts (primary)699
ParentOf	Weakness Base	213	Intended Information Leak	Research Concepts (primary)1000
ParentOf	Weakness Variant	214	Process Environment Information Leak	Development Concepts (primary)699
ParentOf	Weakness Variant	214	Process Environment Information Leak	Research Concepts (primary)1000
ParentOf	Weakness Variant	215	Information Exposure Through Debug Information	Development Concepts (primary)699
ParentOf	Weakness Variant	215	Information Exposure Through Debug Information	Research Concepts (primary)1000
ParentOf	Weakness Base	226	Sensitive Information Uncleared Before Release	Development Concepts (primary)699
ParentOf	Weakness Base	226	Sensitive Information Uncleared Before Release	Research Concepts1000
ParentOf	Weakness Class	359	Privacy Violation	Research Concepts (primary)1000
ParentOf	Weakness Variant	497	Exposure of System Data to an Unauthorized Control Sphere	Development Concepts (primary)699
ParentOf	Weakness Variant	497	Exposure of System Data to an Unauthorized Control Sphere	Research Concepts (primary)1000
ParentOf	Weakness Variant	524	Information Leak Through Caching	Development Concepts (primary)699
ParentOf	Weakness Variant	524	Information Leak Through Caching	Research Concepts (primary)1000
ParentOf	Weakness Variant	526	Information Leak Through Environmental Variables	Development Concepts (primary)699
ParentOf	Weakness Variant	526	Information Leak Through Environmental Variables	Research Concepts (primary)1000
ParentOf	Weakness Base	538	File and Directory Information Exposure	Development Concepts (primary)699
ParentOf	Weakness Base	538	File and Directory Information Exposure	Research Concepts (primary)1000
ParentOf	Weakness Variant	598	Information Leak Through Query Strings in GET Request	Development Concepts (primary)699
ParentOf	Weakness Variant	598	Information Leak Through Query Strings in GET Request	Research Concepts (primary)1000
ParentOf	Weakness Variant	612	Information Leak Through Indexing of Private Data	Development Concepts (primary)699
ParentOf	Weakness Variant	612	Information Leak Through Indexing of Private Data	Research Concepts (primary)1000
MemberOf	View	635	Weaknesses Used by NVD	Weaknesses Used by NVD (primary)635
CanFollow	Weakness Variant	498	Information Leak through Class Cloning	Development Concepts699
CanFollow	Weakness Variant	498	Information Leak through Class Cloning	Research Concepts1000
CanFollow	Weakness Variant	499	Serializable Class Containing Sensitive Data	Development Concepts699
CanFollow	Weakness Variant	499	Serializable Class Containing Sensitive Data	Research Concepts1000

懠慻怐偱偺暘椶

慻怐柤傑偨偼慻怐偱偺暘椶	僲乕僪 ID	CWE偺暘椶偲偺揔崌搙	暘椶柤
PLOVER			Information Leak (information disclosure)
OWASP Top Ten 2007	A6	CWE 偺曽偑徻嵶	Information Leakage and Improper Error Handling
WASC	13		Information Leakage

娭楢偡傞峌寕僷僞乕儞

CAPEC-ID	峌寕僷僞乕儞柤 (CAPEC Version 1.5)
13	Subverting Environment Variable Values
22	Exploiting Trust in Client (aka Make the Client Invisible)
59	Session Credential Falsification through Prediction
60	Reusing Session IDs (aka Session Replay)
79	Using Slashes in Alternate Encoding
281	Analytic Attacks

峏怴棜楌

[2011擭04寧21擔]
  2010擭10寧12擔帪揰偺僨乕僞傪尦偵峏怴
[2009擭06寧29擔]
  2009擭02寧02擔帪揰偺壓婰 URL 傪尦偵嶌惉
    http://cwe.mitre.org/data/definitions/200.html

搊榐擔 2011/04/21

嵟廔峏怴擔 2023/04/04