目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-209 通过错误消息导致的信息暴露 类漏洞列表 312

CWE-209 通过错误消息导致的信息暴露 类弱点 312 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-209属于信息泄露漏洞,指软件在生成错误消息时意外包含敏感的环境、用户或数据信息。攻击者通常利用这些详细的错误堆栈或路径信息,识别系统架构、数据库结构或用户身份,从而辅助后续更精准的定向攻击。开发者应避免在生产环境中暴露内部细节,通过配置统一的通用错误页面、过滤敏感字段及记录日志而非直接展示,来防止敏感数据外泄。

MITRE CWE 官方描述
CWE:CWE-209 生成包含敏感信息的错误消息 (Generation of Error Message Containing Sensitive Information) 英文:产品生成的错误消息 (error message) 包含了关于其环境、用户或关联数据的敏感信息 (sensitive information)。
常见影响 (1)
ConfidentialityRead Application Data
Often this will either reveal sensitive information which may be used to launch another, more focused attack or disclose private information stored in the server. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In tur…
缓解措施 (5)
ImplementationEnsure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or…
ImplementationHandle exceptions internally and do not display errors containing potentially sensitive information to a user.
ImplementationUse naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Effectiveness: Defense in Depth
Implementation, Build and CompilationDebugging information should not make its way into a production release.
Implementation, Build and CompilationDebugging information should not make its way into a production release.
代码示例 (2)
In the following example, sensitive information might be printed depending on the exception that occurs.
try { /.../ } catch (Exception e) { System.out.println(e); }
Bad · Java
This code tries to open a database connection, and prints any exceptions that occur.
try { openDbConnection(); } //print exception message that includes exception message and configuration file location catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), '\n'; echo 'Check credentials in config file at: ', $Mysql_config_location, '\n'; }
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-33192 free5GC 安全漏洞 — free5gc 3.7 -2026-03-20
CVE-2026-33065 free5GC 安全漏洞 — free5gc 5.3 -2026-03-20
CVE-2025-13726 IBM Sterling Partner Engagement Manager 安全漏洞 — Sterling Partner Engagement Manager 5.3 Medium2026-03-13
CVE-2026-30835 Parse Server 安全漏洞 — parse-server 7.5 -2026-03-06
CVE-2026-29110 Cryptomator 安全漏洞 — cryptomator 2.2 Low2026-03-06
CVE-2026-2752 Navtor NavBox 安全漏洞 — NavBox 5.3 Medium2026-03-06
CVE-2026-27643 free5GC 安全漏洞 — udr 5.3 -2026-02-24
CVE-2025-69253 free5GC 安全漏洞 — udr 5.3 -2026-02-24
CVE-2025-69208 free5GC 安全漏洞 — udr 7.5AIHighAI2026-02-23
CVE-2025-65995 Apache Airflow 安全漏洞 — Apache Airflow 6.5AIMediumAI2026-02-21
CVE-2026-27004 OpenClaw 访问控制错误漏洞 — openclaw 6.5 -2026-02-19
CVE-2025-36348 IBM Sterling B2B Integrator和IBM Sterling File Gateway 安全漏洞 — Sterling B2B Integrator 4.9 Medium2026-02-17
CVE-2025-66594 Yokogawa FAST/TOOLS 安全漏洞 — FAST/TOOLS 5.3AIMediumAI2026-02-09
CVE-2023-38281 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-04
CVE-2023-38017 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-04
CVE-2023-38010 IBM Cloud Pak System 安全漏洞 — Cloud Pak System 5.3 Medium2026-02-04
CVE-2025-12773 Brocade SANnav 安全漏洞 — SANnav 4.9AIMediumAI2026-02-03
CVE-2025-1395 Codriapp HeyGarson 安全漏洞 — HeyGarson 8.2 High2026-01-30
CVE-2025-11065 mapstructure 安全漏洞 5.3 Medium2026-01-26
CVE-2026-1175 prime 安全漏洞 — prime 5.3 Medium2026-01-19
CVE-2025-55250 HCL AION 安全漏洞 — AION 1.8 Low2026-01-19
CVE-2025-15526 WordPress plugin Fancy Product Designer 安全漏洞 — Fancy Product Designer 5.3 Medium2026-01-16
CVE-2026-22646 SICK Incoming Goods Suite 安全漏洞 — Incoming Goods Suite 4.3 Medium2026-01-15
CVE-2026-20838 Microsoft Windows Kernel 安全漏洞 — Windows 11 version 22H3 5.5 Medium2026-01-13
CVE-2025-62840 QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞 — HBS 3 Hybrid Backup Sync 3.5 -2026-01-02
CVE-2022-50686 Kentico Xperience 安全漏洞 — Xperience 7.5 High2025-12-18
CVE-2025-9122 Hitachi Vantara Pentaho Data Integration and Analytics 安全漏洞 — Pentaho Data Integration and Analytics 5.3 Medium2025-12-15
CVE-2025-13978 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 4.3 Medium2025-12-11
CVE-2025-36437 IBM Planning Analytics Local 安全漏洞 — IBM Planning Analytics Local 4.3 Medium2025-12-09
CVE-2025-66549 Nextcloud Desktop Client 安全漏洞 — security-advisories 2.4 Low2025-12-05

CWE-209(通过错误消息导致的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 312 条 CVE 漏洞。