2021年12月4日16:21:08评论202 views字数 787阅读2分37秒阅读模式

CWE-524 通过缓存导致的信息暴露

Information Exposure Through Caching

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

The application uses a cache to maintain a pool of objects, threads, connections, pages, or passwords to minimize the time it takes to access them or the resources to which they connect. If implemented improperly, these caches can allow access to unauthorized information or cause a denial of service vulnerability.

常见的影响

范围	影响	注释
Confidentiality	Read Application Data

可能的缓解方案

Architecture and Design

策略:

Protect information stored in cache.

Architecture and Design

策略:

Do not store unnecessarily sensitive information in the cache.

Architecture and Design

策略:

Consider using encryption in the cache.

CWE-524 通过缓存导致的信息暴露

CWE-524 通过缓存导致的信息暴露

Information Exposure Through Caching

基本描述

相关缺陷

常见的影响

可能的缓解方案

Architecture and Design

Architecture and Design

Architecture and Design

相关攻击模式

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信