CWE-524 通过缓存导致的信息暴露
Information Exposure Through Caching
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
The application uses a cache to maintain a pool of objects, threads, connections, pages, or passwords to minimize the time it takes to access them or the resources to which they connect. If implemented improperly, these caches can allow access to unauthorized information or cause a denial of service vulnerability.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 200 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 200 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Confidentiality | Read Application Data |
可能的缓解方案
Architecture and Design
策略:
Protect information stored in cache.
Architecture and Design
策略:
Do not store unnecessarily sensitive information in the cache.
Architecture and Design
策略:
Consider using encryption in the cache.
相关攻击模式
- CAPEC-204