Limit Exposure

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the design and architecture of the entry points to a system. Frequently these deal with minimizing the attack surface through designing the system with the least needed amount of entry points. The weaknesses in this category could lead to a degradation of a system's defenses if they are not addressed when designing or implementing a secure architecture.


Externally-Generated Error Message Containing Sensitive Information

The product performs an operation that triggers an external diagnostic or error message that is not directly generated or controlled by the product, such as an error g...

Inclusion of Functionality from Untrusted Control Sphere

The product imports, requires, or includes executable functionality (such as a library) from a source that is outside of the intended control sphere.

Inclusion of Web Functionality from an Untrusted Source

The product includes web functionality (such as a web widget) from another domain, which causes it to operate within the domain of the product, potentially granting to...

Invocation of Process Using Visible Sensitive Information

A process is invoked with sensitive command-line arguments, environment variables, or other elements that can be seen by other processes on the operating system.

Self-generated Error Message Containing Sensitive Information

The product identifies an error condition and creates its own diagnostic or error messages that contain sensitive information.

Server-generated Error Message Containing Sensitive Information

Certain conditions, such as network failure, will cause a server error message to be displayed.


Architectural Concepts

This view organizes weaknesses according to common architectural security tactics. It is intended to assist architects in identifying potential mistakes that can be ma...

See Also

  1. A Catalog of Security Architecture Weaknesses.

    2017 IEEE International Conference on Software Architecture (ICSA)

  2. Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

    2017 IEEE International Conference on Software Architecture (ICSA)

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.