CWE-550 · Server-generated Error Message Containing Sensitive Information

Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

CWE-550VariantIncomplete

Abstraction: Variant

Status: Incomplete

Server-generated Error Message Containing Sensitive Information

Certain conditions, such as network failure, will cause a server error message to be displayed.

Open in catalog with CWE filter →

Related CAPECs

—

Related vulnerabilities

CVE-2023-40726A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.

CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol.

CVE-2025-36419IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system.

CVE-2023-5617 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including 9.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.