CWE-489—Active Debug Code
PUBLISHEDweakness record
released 2006-07-19 · last modified 2026-04-30
Metadata
- CWE ID:
- CWE-489
- 摘要:
- Base
- 结构:
- Simple
- 状态:
- Draft
- 发布日期:
- 2006-07-19
- 更新日期:
- 2026-04-30
描述
The product is released with debugging code still enabled or active.
常见后果
- 范围:
- Confidentiality, Integrity, Availability, Access Control, Other
- 影响:
- Bypass Protection Mechanism, Read Application Data, Gain Privileges or Assume Identity, Varies by Context
- 注释:
- Active debug code can create unintended entry points or expose sensitive information. The severity of the exposed debug code will depend on the particular instance. At the least, it will give an attacker sensitive information about the settings and mechanics of web applications on the server. At worst, as is often the case, the debug code will allow an attacker complete control over the web application and server, as well as confidential information that either of these access.