CWE-489β€”Active Debug Code

PUBLISHEDweakness record
released 2006-07-19 Β· last modified 2026-04-30
CWE-489 - Active Debug Code - Diagram

Metadata

CWE ID:
CWE-489
Abstraction:
Base
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2026-04-30

Weakness Name

Active Debug Code

Description

The product is released with debugging code still enabled or active.

Common Consequences

Scope:
Confidentiality, Integrity, Availability, Access Control, Other
Impact:
Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
Notes:
Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug code will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.

Related Weaknesses