Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Category ID:731
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the A10 category in the OWASP Top Ten 2004.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV711Weaknesses in OWASP Top Ten (2004)
HasMemberAllowedV527Exposure of Version-Control Repository to an Unauthorized Control Sphere
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedV11ASP.NET Misconfiguration: Creating Debug Binary
HasMemberAllowedV12ASP.NET Misconfiguration: Missing Custom Error Page
HasMemberAllowedV13ASP.NET Misconfiguration: Password in Configuration File
HasMemberAllowedB215Insertion of Sensitive Information Into Debugging Code
HasMemberAllowedV219Storage of File with Sensitive Data Under Web Root
HasMemberAllowedB295Improper Certificate Validation
HasMemberAllowedV541Inclusion of Sensitive Information in an Include File
HasMemberAllowedV528Exposure of Core Dump File to an Unauthorized Control Sphere
HasMemberAllowedB459Incomplete Cleanup
HasMemberAllowedV529Exposure of Access Control List Files to an Unauthorized Control Sphere
HasMemberAllowedB489Active Debug Code
HasMemberAllowedV5J2EE Misconfiguration: Data Transmission Without Encryption
HasMemberAllowedV520.NET Misconfiguration: Use of Impersonation
HasMemberAllowedV526Cleartext Storage of Sensitive Information in an Environment Variable
HasMemberAllowedV530Exposure of Backup File to an Unauthorized Control Sphere
HasMemberAllowedV531Inclusion of Sensitive Information in Test Code
HasMemberAllowedB532Insertion of Sensitive Information into Log File
HasMemberAllowedB540Inclusion of Sensitive Information in Source Code
HasMemberAllowedV548Exposure of Information Through Directory Listing
HasMemberAllowedB552Files or Directories Accessible to External Parties
HasMemberAllowedV554ASP.NET Misconfiguration: Not Using Input Validation Framework
HasMemberAllowedV555J2EE Misconfiguration: Plaintext Password in Configuration File
HasMemberAllowedV556ASP.NET Misconfiguration: Use of Identity Impersonation
HasMemberAllowedV6J2EE Misconfiguration: Insufficient Session-ID Length
HasMemberAllowedV7J2EE Misconfiguration: Missing Custom Error Page
HasMemberAllowedV8J2EE Misconfiguration: Entity Bean Declared Remote
HasMemberAllowedV9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
HasMemberProhibitedC275Permission Issues
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 711
Name: Weaknesses in OWASP Top Ten (2004)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 527
Name: Exposure of Version-Control Repository to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 11
Name: ASP.NET Misconfiguration: Creating Debug Binary
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 12
Name: ASP.NET Misconfiguration: Missing Custom Error Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 13
Name: ASP.NET Misconfiguration: Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 215
Name: Insertion of Sensitive Information Into Debugging Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 219
Name: Storage of File with Sensitive Data Under Web Root
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 295
Name: Improper Certificate Validation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 541
Name: Inclusion of Sensitive Information in an Include File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 528
Name: Exposure of Core Dump File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 459
Name: Incomplete Cleanup
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 529
Name: Exposure of Access Control List Files to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 489
Name: Active Debug Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 5
Name: J2EE Misconfiguration: Data Transmission Without Encryption
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 520
Name: .NET Misconfiguration: Use of Impersonation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 526
Name: Cleartext Storage of Sensitive Information in an Environment Variable
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 530
Name: Exposure of Backup File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 531
Name: Inclusion of Sensitive Information in Test Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 532
Name: Insertion of Sensitive Information into Log File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 540
Name: Inclusion of Sensitive Information in Source Code
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 548
Name: Exposure of Information Through Directory Listing
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 552
Name: Files or Directories Accessible to External Parties
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 554
Name: ASP.NET Misconfiguration: Not Using Input Validation Framework
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 555
Name: J2EE Misconfiguration: Plaintext Password in Configuration File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 556
Name: ASP.NET Misconfiguration: Use of Identity Impersonation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 6
Name: J2EE Misconfiguration: Insufficient Session-ID Length
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 7
Name: J2EE Misconfiguration: Missing Custom Error Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 8
Name: J2EE Misconfiguration: Entity Bean Declared Remote
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 9
Name: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 275
Name: Permission Issues
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-591
Title: A10 Insecure Configuration Management
Version: v4.15
Author: OWASP
Publication:
Publisher:
Edition:
URL:http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827
URL Date:
Day:N/A
Month:N/A
Year:2007
Details not found