Information Leak Semantic Template

Imagemap
Information Leak Semantic Template Fault Failure to safeguard internal state 203 Failure to follow safe programming pract ... 498 499 Failure to remove sensitive information ... 215 8 492 618 749 767 488 495 766 485 Failure to sanitze error message 209 81 Missing custom error page 756 Improper exception handling 600 390 7 Improper use or implementation of crypto ... 310 330 327 326 Failure to encrypt sensitive data 311 Plaintext storage of sensitive informati ... 313-318 Cleartext storage of sensitive informati ... 312 319 Permitting data queries that allow infer ... 202 Intended information leak 213 Putting sensitive information in wrong p ... 526 497 214 591 publicly accessible output stream process paramter list Failure to secure data channel 201 Improper cleansing of sensitive data 212 Failure to clear heap memory 244 Failure to clear cache 524 Insufficient session expiration 613 Improper access or listing or exposure o ... 538 782 378 412 708 Misconfiguration of tool 14 Incorrect permission or access control 285 276 266 269 284 286 689 648 Resource/Locations File and directory 538 CVS repository 527 Core dump 528 Access control lists 529 Backup files 530 Log files 532 Server logs 533 Debug logs 534 Cleanup logs 542 Persistent cookies 539 Source code 540 Test code 531 Include source 541 Source code comments 615 Directory listing 548 XML External entity 611 WSDL file 651 Data channel 201 Cache 524 Browser cache 525 Memory heap 244 Process invocation elements 214 Process parameters Process environments Debug information 215 Sensitive information 200 User information 202 Credentials 255 System data 497 OS environment variables 526 Error message 209 Product generated 210 Shell error message 535 Servlet runtime error message 536 Java runtime error message 537 Server error message 550 Product-external 211 Indices 612 Internal state 203 Covert channel 385 514 515 Consequences Sensitive information exposure to unauth ... (leads to) Privacy violation credit card health records 359 Further attack password Denial of service Unauthorized access to system 200 Weakness Expose sensitive information 200 Exposure of sensitive information due to ... 203 202 Exposure of resource to wrong sphere 668 402 610 669 673
hide
Information Leak Semantic Template
hide
Fault
hide
Failure to safeguard internal state
leaf
203

Example Code:

 

hide
Failure to follow safe programming practices
leaf
498
leaf
499
hide
Failure to remove sensitive information from debug code
leaf
215
leaf
8
leaf
492
leaf
618
leaf
749
leaf
767
leaf
488
leaf
495
leaf
766
leaf
485
hide
Failure to sanitze error message
leaf
209
leaf
81
hide
Missing custom error page
leaf
756
hide
Improper exception handling
leaf
600
leaf
390
leaf
7
hide
Improper use or implementation of cryptography
leaf
310
leaf
330
leaf
327
leaf
326
hide
Failure to encrypt sensitive data
leaf
311
hide
Plaintext storage of sensitive information
leaf
313-318
hide
Cleartext storage of sensitive information
leaf
312
leaf
319
hide
Permitting data queries that allow inferencing
leaf
202
hide
Intended information leak
leaf
213
hide
Putting sensitive information in wrong place
leaf
526
leaf
497
leaf
214
leaf
591
leaf
publicly accessible output stream
leaf
process paramter list
hide
Failure to secure data channel
leaf
201
hide
Improper cleansing of sensitive data
leaf
212
hide
Failure to clear heap memory
leaf
244
hide
Failure to clear cache
leaf
524
hide
Insufficient session expiration
leaf
613
hide
Improper access or listing or exposure of files and directories
 Arrow Link
leaf
538
leaf
782
leaf
378
leaf
412
leaf
708
hide
Misconfiguration of tool
leaf
14
hide
Incorrect permission or access control
leaf
285
leaf
276
leaf
266
leaf
269
leaf
284
leaf
286
leaf
689
leaf
648
hide
Resource/Locations
hide
File and directory
leaf
538
leaf
CVS repository 527
leaf
Core dump 528
leaf
Access control lists 529
leaf
Backup files 530
hide
Log files 532
leaf
Server logs 533
leaf
Debug logs 534
leaf
Cleanup logs 542
leaf
Persistent cookies 539
hide
Source code 540
leaf
Test code 531
leaf
Include source 541
leaf
Source code comments 615
leaf
Directory listing 548
leaf
XML External entity 611
leaf
WSDL file 651
hide
Data channel
leaf
201
hide
Cache
leaf
524
leaf
Browser cache 525
hide
Memory heap
leaf
244
hide
Process invocation elements
leaf
214 User Link
leaf
Process parameters
leaf
Process environments
 Arrow Link
hide
Debug information
leaf
215
hide
Sensitive information
leaf
200
hide
User information
leaf
202
hide
Credentials
leaf
255
hide
System data
leaf
497
hide
OS environment variables
leaf
526
hide
Error message
leaf
209
hide
Product generated 210
leaf
Shell error message 535
leaf
Servlet runtime error message 536
leaf
Java runtime error message 537
leaf
Server error message 550
leaf
Product-external 211
hide
Indices
leaf
612
hide
Internal state
hide
203
leaf
204
hide
205
leaf
206
leaf
207
leaf
208
hide
Covert channel
leaf
385
leaf
514
leaf
515
hide
Consequences
hide
Sensitive information exposure to unauthorized parties
hideforward
(leads to)
hide
Privacy violation
leaf
credit card
leaf
health records
leaf
359
hide
Further attack
leaf
password
leaf
Denial of service
leaf
Unauthorized access to system
leaf
200
hide
Weakness
hide
Expose sensitive information
leaf
200
hide
Exposure of sensitive information due to inference or discrepancy
leaf
203
leaf
202
hide
Exposure of resource to wrong sphere
leaf
668
leaf
402
leaf
610
leaf
669
leaf
673