目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-209 通过错误消息导致的信息暴露 类漏洞列表 307

CWE-209 通过错误消息导致的信息暴露 类弱点 307 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-209属于信息泄露漏洞,指软件在生成错误消息时意外包含敏感的环境、用户或数据信息。攻击者通常利用这些详细的错误堆栈或路径信息,识别系统架构、数据库结构或用户身份,从而辅助后续更精准的定向攻击。开发者应避免在生产环境中暴露内部细节,通过配置统一的通用错误页面、过滤敏感字段及记录日志而非直接展示,来防止敏感数据外泄。

MITRE CWE 官方描述
CWE:CWE-209 生成包含敏感信息的错误消息 (Generation of Error Message Containing Sensitive Information) 英文:产品生成的错误消息 (error message) 包含了关于其环境、用户或关联数据的敏感信息 (sensitive information)。
常见影响 (1)
ConfidentialityRead Application Data
Often this will either reveal sensitive information which may be used to launch another, more focused attack or disclose private information stored in the server. For example, an attempt to exploit a path traversal weakness (CWE-22) might yield the full pathname of the installed application. In tur…
缓解措施 (5)
ImplementationEnsure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or…
ImplementationHandle exceptions internally and do not display errors containing potentially sensitive information to a user.
ImplementationUse naming conventions and strong types to make it easier to spot when sensitive data is being used. When creating structures, objects, or other complex entities, separate the sensitive and non-sensitive data as much as possible.
Effectiveness: Defense in Depth
Implementation, Build and CompilationDebugging information should not make its way into a production release.
Implementation, Build and CompilationDebugging information should not make its way into a production release.
代码示例 (2)
In the following example, sensitive information might be printed depending on the exception that occurs.
try { /.../ } catch (Exception e) { System.out.println(e); }
Bad · Java
This code tries to open a database connection, and prints any exceptions that occur.
try { openDbConnection(); } //print exception message that includes exception message and configuration file location catch (Exception $e) { echo 'Caught exception: ', $e->getMessage(), '\n'; echo 'Check credentials in config file at: ', $Mysql_config_location, '\n'; }
Bad · PHP
CVE ID标题CVSS风险等级Published
CVE-2026-9794 Keycloak 安全漏洞 — Red Hat Build of Keycloak 5.3 Medium2026-05-28
CVE-2024-28765 IBM Security Directory Integrator 安全漏洞 — SDI 5.3 Medium2026-05-27
CVE-2026-9583 SourceCodester CET Automated Grading System with AI Predictive Analytics 安全漏洞 — CET Automated Grading System with AI Predictive Analytics 4.3 Medium2026-05-26
CVE-2026-45728 algernon 安全漏洞 — algernon 7.5 High2026-05-26
CVE-2026-5511 TP-Link Archer AX72 安全漏洞 — Archer AX72 (SG) v1.0--2026-05-19
CVE-2026-7860 Vaadin Flow 安全漏洞 — flow--2026-05-19
CVE-2026-42552 Flight 安全漏洞 — core 7.5 High2026-05-13
CVE-2026-44002 vm2 安全漏洞 — vm2 5.8 Medium2026-05-13
CVE-2026-43873 WWBN AVideo 安全漏洞 — AVideo 7.5 High2026-05-11
CVE-2026-44226 pyLoad 安全漏洞 — pyload 5.3 Medium2026-05-11
CVE-2026-41644 monetr 安全漏洞 — monetr 4.3AIMediumAI2026-05-07
CVE-2025-31960 HCL BigFix Service Management 安全漏洞 — BigFix Service Management (SM) 5.3 Medium2026-05-06
CVE-2025-59853 HCL DFXAnalytics 安全漏洞 — DFXAnalytics 3.1 Low2026-05-06
CVE-2026-40969 Vmware Spring gRPC 安全漏洞 — Spring gRPC 3.7 Low2026-04-28
CVE-2026-3259 Google BigQuery 安全漏洞 — BigQuery 4.3AIMediumAI2026-04-23
CVE-2025-14243 Red Hat OpenShift Mirror Registry 安全漏洞 — mirror registry for Red Hat OpenShift 5.3 Medium2026-04-08
CVE-2026-24511 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 4.4 Medium2026-04-08
CVE-2026-34045 Podman Desktop 资源管理错误漏洞 — podman-desktop 8.2 High2026-04-07
CVE-2025-71282 Xenforo 安全漏洞 — XenForo 7.5 High2026-04-01
CVE-2026-4994 OpenUI 安全漏洞 — OpenUI 3.5 Low2026-03-28
CVE-2026-2484 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 4.3 Medium2026-03-25
CVE-2026-1262 IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server 4.3 Medium2026-03-25
CVE-2026-21783 HCL Traveler 安全漏洞 — Traveler 4.3 Medium2026-03-24
CVE-2026-4633 Keycloak 安全漏洞 — Red Hat Build of Keycloak 3.7 Low2026-03-23
CVE-2026-33192 free5GC 安全漏洞 — free5gc 3.7 -2026-03-20
CVE-2026-33065 free5GC 安全漏洞 — free5gc 5.3 -2026-03-20
CVE-2025-13726 IBM Sterling Partner Engagement Manager 安全漏洞 — Sterling Partner Engagement Manager 5.3 Medium2026-03-13
CVE-2026-30835 Parse Server 安全漏洞 — parse-server 7.5 -2026-03-06
CVE-2026-29110 Cryptomator 安全漏洞 — cryptomator 2.2 Low2026-03-06
CVE-2026-2752 Navtor NavBox 安全漏洞 — NavBox 5.3 Medium2026-03-06

CWE-209(通过错误消息导致的信息暴露) 是常见的弱点类别,本平台收录该类弱点关联的 307 条 CVE 漏洞。