目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-204 响应差异性信息暴露 类漏洞列表 134

CWE-204 响应差异性信息暴露 类弱点 134 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-204 属于信息泄露类漏洞,指系统对请求的响应差异暴露了内部状态。攻击者常利用响应时间、错误消息或行为模式的细微差别,推断服务器内部逻辑、文件存在性或认证状态,从而辅助后续攻击。开发者应避免在错误处理中暴露敏感细节,确保对合法与非法请求返回统一、通用的响应格式,并消除基于内部状态的差异化反馈,以阻断信息泄露路径。

MITRE CWE 官方描述
CWE:CWE-204 Observable Response Discrepancy 英文:The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere. 译文:产品以某种方式对传入请求提供不同的响应,从而向预期控制范围之外的未授权实体泄露内部状态信息。
常见影响 (1)
Confidentiality, Access ControlRead Application Data, Bypass Protection Mechanism
缓解措施 (2)
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
ImplementationEnsure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or…
代码示例 (1)
The following code checks validity of the supplied username and password and notifies the user of a successful or failed login.
my $username=param('username'); my $password=param('password'); if (IsValidUsername($username) == 1) { if (IsValidPassword($username, $password) == 1) { print "Login Successful"; } else { print "Login Failed - incorrect password"; } } else { print "Login Failed - unknown username"; }
Bad · Perl
"Login Failed - incorrect username or password"
Result
CVE ID标题CVSS风险等级Published
CVE-2026-20195 Cisco Identity Services Engine 可观察响应差异漏洞 — Cisco Identity Services Engine Software 5.3 Medium2026-05-06
CVE-2026-24468 OpenAEV 安全漏洞 — openaev 5.3 Medium2026-04-20
CVE-2026-34264 SAP Human Capital Management 安全漏洞 — SAP Human Capital Management for SAP S/4HANA 6.5 Medium2026-04-14
CVE-2026-4113 SonicWALL SMA1000 安全漏洞 — SMA1000 7.5AIHighAI2026-04-09
CVE-2026-39851 saleor 安全漏洞 — saleor 5.3AIMediumAI2026-04-08
CVE-2025-3716 ESET Protect 安全漏洞 — ESET Protect (on-prem) 4.3 -2026-03-30
CVE-2026-33419 MinIO 安全漏洞 — minio 9.8 -2026-03-24
CVE-2026-33323 Parse Server 安全漏洞 — parse-server 5.3 -2026-03-24
CVE-2026-33688 WWBN AVideo 安全漏洞 — AVideo 5.3 Medium2026-03-23
CVE-2026-30876 Chamilo LMS 安全漏洞 — chamilo-lms 5.3AIMediumAI2026-03-16
CVE-2025-69243 Raytha CMS 安全漏洞 — Raytha 5.3 -2026-03-16
CVE-2025-13460 IBM Aspera Console 安全漏洞 — Aspera Console 5.3 Medium2026-03-13
CVE-2025-12455 OpenText Vertica 安全漏洞 — Vertica 9.8 -2026-03-13
CVE-2026-2859 Checkmk 安全漏洞 — Checkmk 5.3 -2026-03-13
CVE-2026-24097 Checkmk 安全漏洞 — Checkmk 4.3 -2026-03-13
CVE-2026-4045 ProjectSend(cFTP) 安全漏洞 — projectsend 3.7 Low2026-03-12
CVE-2026-31901 Parse Server 安全漏洞 — parse-server 5.3AIMediumAI2026-03-11
CVE-2026-31888 Shopware 安全漏洞 — core 5.3 Medium2026-03-11
CVE-2026-28358 NocoDB 安全漏洞 — nocodb 5.3AIMediumAI2026-03-02
CVE-2026-28288 dify 安全漏洞 — dify 5.3 -2026-02-27
CVE-2026-25138 Rucio 安全漏洞 — rucio 5.3 Medium2026-02-25
CVE-2025-62512 Piwigo 安全漏洞 — Piwigo 5.3 -2026-02-24
CVE-2026-27480 Static Web Server 安全漏洞 — static-web-server 5.3 Medium2026-02-21
CVE-2019-25338 DokuWiki 安全漏洞 — Dokuwiki 5.3 Medium2026-02-12
CVE-2026-25509 CI4MS 安全漏洞 — ci4ms 5.3 Medium2026-02-03
CVE-2026-24664 Open eClass 安全漏洞 — openeclass 5.3 Medium2026-02-03
CVE-2026-24332 Discord 安全漏洞 — WebSocket API service 4.3 Medium2026-01-22
CVE-2026-23511 ZITADEL 安全漏洞 — zitadel 5.3 Medium2026-01-15
CVE-2025-69413 Gitea 安全漏洞 — Gitea 5.3 Medium2026-01-01
CVE-2025-67874 ChurchCRM 安全漏洞 — CRM 8.1AIHighAI2025-12-16

CWE-204(响应差异性信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 134 条 CVE 漏洞。