Files or Directories Accessible to External Parties |
Weakness ID: 552 (Weakness Base) | Status: Draft |
Description Summary
Files or directories are accessible in the environment that should not be.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 2 | Environment | Development Concepts (primary)699 |
ChildOf | Category | 632 | Weaknesses that Affect Files or Directories | Resource-specific Weaknesses (primary)631 |
ChildOf | Weakness Class | 668 | Exposure of Resource to Wrong Sphere | Research Concepts (primary)1000 |
ChildOf | Category | 731 | OWASP Top Ten 2004 Category A10 - Insecure Configuration Management | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ChildOf | Category | 743 | CERT C Secure Coding Section 09 - Input Output (FIO) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ParentOf | Weakness Variant | 527 | Exposure of CVS Repository to an Unauthorized Control Sphere | Development Concepts699 Research Concepts1000 |
ParentOf | Weakness Variant | 528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Development Concepts699 Research Concepts1000 |
ParentOf | Weakness Variant | 529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | Development Concepts699 Research Concepts1000 |
ParentOf | Weakness Variant | 530 | Exposure of Backup File to an Unauthorized Control Sphere | Research Concepts1000 |
ParentOf | Weakness Variant | 532 | Information Leak Through Log Files | Development Concepts699 Research Concepts1000 |
ParentOf | Weakness Variant | 533 | Information Leak Through Server Log Files | Development Concepts699 |
ParentOf | Weakness Variant | 534 | Information Leak Through Debug Log Files | Development Concepts699 |
ParentOf | Weakness Variant | 540 | Information Leak Through Source Code | Development Concepts699 Research Concepts1000 |
ParentOf | Weakness Variant | 542 | Information Leak Through Cleanup Log Files | Development Concepts699 |
ParentOf | Weakness Variant | 548 | Information Leak Through Directory Listing | Research Concepts1000 |
ParentOf | Weakness Variant | 553 | Command Shell in Externally Accessible Directory | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
OWASP Top Ten 2004 | A10 | CWE More Specific | Insecure Configuration Management |
CERT C Secure Coding | FIO15-C | Ensure that file operations are performed in a secure directory |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-08-15 | Veracode | External | ||
Suggested OWASP Top Ten 2004 mapping | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Errant Files or Directories Accessible | |||