VYPR

CWE-534

DEPRECATED: Information Exposure Through Debug Log Files

VariantDeprecated

Description

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

CVEs mapped to this weakness (2)

  • CVE-2017-11398HigJan 19, 2018
    risk 0.61cvss 8.8epss 0.08

    A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.

  • CVE-2015-6941CriAug 9, 2017
    risk 0.57cvss 9.8epss 0.02

    win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.