CWE-534
DEPRECATED: Information Exposure Through Debug Log Files
VariantDeprecated
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
CVEs mapped to this weakness (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11398 | Hig | 0.61 | 8.8 | 0.08 | Jan 19, 2018 | A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system. | ||
| CVE-2015-6941 | Cri | 0.57 | 9.8 | 0.02 | Aug 9, 2017 | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. |
- risk 0.61cvss 8.8epss 0.08
A session hijacking via log disclosure vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an unauthenticated attacker to hijack active user sessions to perform authenticated requests on a vulnerable system.
- risk 0.57cvss 9.8epss 0.02
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.