CWE-489Active Debug Code

PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
CWE-489 - Active Debug Code - Diagram

Metadata

CWE ID:
CWE-489
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2026-04-30

名称

Active Debug Code

描述

The product is released with debugging code still enabled or active.

常见后果

范围:
Confidentiality, Integrity, Availability, Access Control, Other
影响:
Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
注释:
Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug code will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.

相关 CWE