Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-207 (通过外部行为不一致性导致的信息暴露) — Vulnerability Class 1

1 vulnerabilities classified as CWE-207 (通过外部行为不一致性导致的信息暴露). AI Chinese analysis included.

CWE-207 represents an information disclosure weakness where a software product exhibits distinct behavioral patterns that allow attackers to identify its specific vendor or version, even when the system’s existence is intended to remain hidden. This vulnerability is typically exploited through passive fingerprinting techniques, where adversaries analyze subtle differences in response headers, error messages, or timing delays to distinguish the target from other equivalent products. By recognizing these observable discrepancies, attackers can tailor exploits to known vulnerabilities specific to that software variant, significantly increasing the likelihood of a successful breach. Developers can mitigate this risk by standardizing error handling and response formats across different product lines, ensuring that all software behaves indistinguishably from generic, non-specific implementations. This uniformity prevents attackers from leveraging unique signatures to identify and target specific systems effectively.

MITRE CWE Description
The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker. For many kinds of products, multiple products may be available that perform the same functionality, such as a web server, network interface, or intrusion detection system. Attackers often perform "fingerprinting," which uses discrepancies in order to identify which specific product is in use. Once the specific product has been identified, the attacks can be made more customized and efficient. Often, an organization might intentionally allow the specific product to be identifiable. However, in some environments, the ability to identify a distinct product is unacceptable, and it is expected that every product would behave in exactly the same way. In these more restricted environments, a behavioral difference might pose an unacceptable risk if it makes it easier to identify the product's vendor, model, configuration, version, etc.
Common Consequences (1)
Confidentiality, Access ControlRead Application Data, Bypass Protection Mechanism
CVE IDTitleCVSSSeverityPublished
CVE-2025-41657 AUMA: Incorrect delivery status of the Bluetooth configuration — AC1.2 4.3 Medium2025-06-10

Vulnerabilities classified as CWE-207 (通过外部行为不一致性导致的信息暴露) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.