CWE-756β€”Missing Custom Error Page

PUBLISHEDweakness record
released 2009-03-10 Β· last modified 2026-04-30

Metadata

CWE ID:
CWE-756
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2009-03-10
Latest Modification Date:
2026-04-30

Weakness Name

Missing Custom Error Page

Description

The product does not return custom error pages to the user, possibly exposing sensitive information.

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data
Notes:
Attackers can leverage the additional information provided by a default error page to mount attacks targeted on the framework, database, or other resources used by the application.

Related Weaknesses