OWASP Top Ten 2010 Category A6 - Security Misconfiguration
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the A6 category in the OWASP Top Ten 2010.
Weaknesses
The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of ot...
The product makes files or directories accessible to unauthorized actors, even though they should not be.
The product generates an error message that includes sensitive information about its environment, users, or associated data.
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive ...
The product stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties.
Concepts
Deprecated or Obsolete
CWE nodes in this view (graph) are associated with the OWASP Top Ten, as released in 2010. This view is considered obsolete as a newer version of the OWASP Top Ten is ...
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.