CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
Export to Word
Description
The product makes resources available to untrusted parties when those resources are only intended to be accessed by the product.
Extended Description
N/A
ThreatScore
Threat Mapped score: 1.8
Industry: Finiancial
Threat priority: P4 - Informational (Low)
Observed Examples (CVEs)
-
CVE:
CVE-2003-0740
Server leaks a privileged file descriptor, allowing the server to be hijacked.
-
CVE:
CVE-2004-1033
File descriptor leak allows read of restricted files.
Related Attack Patterns (CAPEC)
N/A
Attack TTPs
N/A
Modes of Introduction
| Phase |
Note |
| Architecture and Design |
N/A |
| Implementation |
N/A |
Common Consequences
- Impact: Read Application Data — Notes:
Potential Mitigations
Applicable Platforms
Demonstrative Examples
N/A
Notes
← Back to CWE list