目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-209 通过错误消息导致的信息暴露 类漏洞列表 297

CWE-209 通过错误消息导致的信息暴露 类弱点 297 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-209属于信息泄露漏洞,指软件在生成错误消息时意外包含敏感的环境、用户或数据信息。攻击者通常利用这些详细的错误堆栈或路径信息,识别系统架构、数据库结构或用户身份,从而辅助后续更精准的定向攻击。开发者应避免在生产环境中暴露内部细节,通过配置统一的通用错误页面、过滤敏感字段及记录日志而非直接展示,来防止敏感数据外泄。

MITRE CWE 官方描述
CWE:CWE-209 生成包含敏感信息的错误消息 (Generation of Error Message Containing Sensitive Information) 英文:产品生成的错误消息 (error message) 包含了关于其环境、用户或关联数据的敏感信息 (sensitive information)。
常见影响 (1)
ConfidentialityRead Application Data
Often this will either reveal sensitive information which may be used to launch another, more focused attack or disclose private information stored in the server. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In tur…
缓解措施 (5)
ImplementationEnsure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or…
ImplementationHandle exceptions internally and do not display errors containing potentially sensitive information to a user.
ImplementationUse naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Effectiveness: Defense in Depth
Implementation, Build and CompilationDebugging information should not make its way into a production release.
Implementation, Build and CompilationDebugging information should not make its way into a production release.
代码示例 (2)
In the following example, sensitive information might be printed depending on the exception that occurs.
try { /.../ } catch (Exception e) { System.out.println(e); }
Bad · Java
This code tries to open a database connection, and prints any exceptions that occur.
try { openDbConnection(); } //print exception message that includes exception message and configuration file location catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), '\n'; echo 'Check credentials in config file at: ', $Mysql_config_location, '\n'; }
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-41644 Monetr Lunch Flow 链接创建与刷新存在 SSRF 漏洞 — monetr--2026-05-07
CVE-2025-31960 HCL BigFix SM 报告模块信息泄露漏洞 — BigFix Service Management (SM) 5.3 Medium2026-05-06
CVE-2025-59853 HCL DFXAnalytics 错误处理不当漏洞 — DFXAnalytics 3.1 Low2026-05-06
CVE-2026-40969 Vmware Spring gRPC 安全漏洞 — Spring gRPC 3.7 Low2026-04-28
CVE-2026-3259 Google BigQuery 安全漏洞 — BigQuery 4.3AIMediumAI2026-04-23
CVE-2025-14243 Red Hat OpenShift Mirror Registry 安全漏洞 — mirror registry for Red Hat OpenShift 5.3 Medium2026-04-08
CVE-2026-24511 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 4.4 Medium2026-04-08
CVE-2026-34045 Podman Desktop 资源管理错误漏洞 — podman-desktop 8.2 High2026-04-07
CVE-2025-71282 Xenforo 安全漏洞 — XenForo 7.5 High2026-04-01
CVE-2026-4994 OpenUI 安全漏洞 — OpenUI 3.5 Low2026-03-28
CVE-2026-2484 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 4.3 Medium2026-03-25
CVE-2026-1262 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 4.3 Medium2026-03-25
CVE-2026-21783 HCL Traveler 安全漏洞 — Traveler 4.3 Medium2026-03-24
CVE-2026-4633 Keycloak 安全漏洞 — Red Hat Build of Keycloak 3.7 Low2026-03-23
CVE-2026-33192 free5GC 安全漏洞 — free5gc 3.7 -2026-03-20
CVE-2026-33065 free5GC 安全漏洞 — free5gc 5.3 -2026-03-20
CVE-2025-13726 IBM Sterling Partner Engagement Manager 安全漏洞 — Sterling Partner Engagement Manager 5.3 Medium2026-03-13
CVE-2026-30835 Parse Server 安全漏洞 — parse-server 7.5 -2026-03-06
CVE-2026-29110 Cryptomator 安全漏洞 — cryptomator 2.2 Low2026-03-06
CVE-2026-2752 Navtor NavBox 安全漏洞 — NavBox 5.3 Medium2026-03-06
CVE-2026-27643 free5GC 安全漏洞 — udr 5.3 -2026-02-24
CVE-2025-69253 free5GC 安全漏洞 — udr 5.3 -2026-02-24
CVE-2025-69208 free5GC 安全漏洞 — udr 7.5AIHighAI2026-02-23
CVE-2025-65995 Apache Airflow 安全漏洞 — Apache Airflow 6.5AIMediumAI2026-02-21
CVE-2026-26957 Libredesk 代码问题漏洞 — github.com/abhinavxd/libredesk 5.5AIMediumAI2026-02-19
CVE-2026-27004 OpenClaw 访问控制错误漏洞 — openclaw 6.5 -2026-02-19
CVE-2025-36348 IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞 — Sterling B2B Integrator 4.9 Medium2026-02-17
CVE-2025-66594 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 5.3AIMediumAI2026-02-09
CVE-2023-38281 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-04
CVE-2023-38017 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-04

CWE-209(通过错误消息导致的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 297 条 CVE 漏洞。