CWE-489 - Active Debug Code

Scope: Confidentiality, Integrity, Availability, Access Control, Other

Impact: Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context

Notes: Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug code will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.