4/27/24, 3:43 PM
`CWE - CWE-200: Information Exposure (3.2)
`4/27/24, 3:43 PM
`CWE - CWE-200: Information Exposure (3.2)
`The Wayback Machine - https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/d…
`The Wayback Machine - https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/d...
`Common Weakness
`Common Weakness
`Enumeration
`Enumeration
`Enumeration
`A Community-Developed List of Software Weakness Types
`A Community-Developed List of Software Weakness Types
`A Community-Developed List of Software Weakness Types
`
`25
`
`ligrour ari
`ERRORS
`
`E Common Weakness
`
`Home
`Home
`
`
`
`About
`
`About
`
`
`CWE List
`
`CWE List
`
`Scoring
`
`Scoring
`Search
` Search
`
`Community
`
`Community
`
`News
`News
`
`Status: Incomplete
`Status: Incomplete
`
`Weakness ID: 200
`Weakness ID: 200
`Abstraction: Class
`Abstraction: Class
`Structure: Simple
`Structure: Simple
`Presentation Filter: High Level
`Presentation Filter: [High Level
` Description
`w Description
`An information exposure is the intentional or unintentional disclosure of information to an
`An information exposure is the intentional or unintentional disclosure of information to an
`actor that is not explicitly authorized to have access to that information.
`actor that is not explicitly authorized to have access to that information.
` Extended Description
`w Extended Description
`The information either:
`The information either:
`1. is regarded as sensitive within the product's own functionality, such as a private
`1. is regarded as sensitive within the product's own functionality, such as a private
`message; or
`message; or
`2. provides information about the product or its environment that could be useful in an
`2. provides information about the product or its environment that could be useful in an
`attack but is normally not available to the attacker, such as the installation path of a
`attack but is normally not available to the attacker, such as the installation path of a
`product that is remotely accessible.
`product that is remotely accessible.
`Many information exposures are resultant (e.g. PHP script error revealing the full path of the
`Many information exposures are resultant (e.g. PHP script error revealing the full path of the
`program), but they can also be primary (e.g. timing discrepancies in cryptography). There are
`program), but they can also be primary (e.g. timing discrepancies in cryptography). There are
`many different types of problems that involve information exposures. Their severity can range
`many different types of problems that involve information exposures. Their severity can range
`widely depending on the type of information that is revealed.
`widely depending on the type of information that is revealed.
` Alternate Terms
`v" Alternate Terms
`Information Leak:
`Information Leak:
`
`This is a frequently used term, however the "leak" term has
`This is a frequently used term, however the "leak" term has
`multiple uses within security. In some cases it deals with
`multiple uses within security. In some cases it deals with
`exposure of information, but in other cases (such as "memory
`exposure of information, but in other cases (such as "memory
`leak") this deals with improper tracking of resources which
`leak") this deals with improper tracking of resources which
`can lead to exhaustion. As a result, CWE is actively avoiding
`can lead to exhaustion. As a result, CWE is actively avoiding
`usage of the "leak" term.
`usage of the "leak" term.
`Information Disclosure:
`This term is frequently used in vulnerability databases and
`Information Disclosure: This term is frequently used in vulnerability databases and
`other sources, however "disclosure" does not always have
`other sources, however "disclosure" does not always have
`security implications. The phrase "information disclosure" is
`security implications. The phrase "information disclosure" is
`also used frequently in policies and legal documents, but do
`also used frequently in policies and legal documents, but do
`not refer to disclosure of security-relevant information.
`not refer to disclosure of security-relevant information.
`
` Relationships
`v" Relationships
`The table(s) below shows the weaknesses and high level categories that are related to this
`The table(s) below shows the weaknesses and high level categories that are related to this
`weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to
`weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to
`similar items that may exist at higher and lower levels of abstraction. In addition,
`similar items that may exist at higher and lower levels of abstraction. In addition,
`relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the
`relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the
`user may want to explore.
`user may want to explore.
` Relevant to the view "Research Concepts" (CWE-1000)
`/ Relevant to the view "Research Concepts" (CWE-1000)
` Relevant to the view "Weaknesses for Simplified Mapping of Published
`/ Relevant to the view "Weaknesses for Simplified Mapping of Published
`Vulnerabilities" (CWE-1003)
`Vulnerabilities" (CWE-1003)
` Relevant to the view "Development Concepts" (CWE-699)
`/ Relevant to the view "Development Concepts" (CWE-699)
` Modes Of Introduction
`V' Modes Of Introduction
`
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`
`WIZ, Inc. EXHIBIT - 1057
`1/2
`WIZ, Inc. v. Orca Security LTD. 1/2
`
`WIZ, Inc. EXHIBIT - 1057
`WIZ, Inc. v. Orca Security LTD.
`
`
`CWE - CWE-200: Information Exposure (3.2)
`4/27/24, 3:43 PM
`CWE - CWE-200: Information Exposure (3.2)
`The Wayback Machine - https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/d…
`The Wayback Machine - https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/d...
`Common Weakness
`Common Weakness
`Enumeration
`Enumeration
`Enumeration
`A Community-Developed List of Software Weakness Types
`A Community-Developed List of Software Weakness Types
`A Community-Developed List of Software Weakness Types
`
`25
`
`ligrour ari
`ERRORS
`
`E Common Weakness
`
`Home
`Home
`
`
`
`About
`
`About
`
`
`CWE List
`
`CWE List
`
`Scoring
`
`Scoring
`Search
` Search
`
`Community
`
`Community
`
`News
`News
`
`Status: Incomplete
`Status: Incomplete
`
`Weakness ID: 200
`Weakness ID: 200
`Abstraction: Class
`Abstraction: Class
`Structure: Simple
`Structure: Simple
`Presentation Filter: High Level
`Presentation Filter: [High Level
` Description
`w Description
`An information exposure is the intentional or unintentional disclosure of information to an
`An information exposure is the intentional or unintentional disclosure of information to an
`actor that is not explicitly authorized to have access to that information.
`actor that is not explicitly authorized to have access to that information.
` Extended Description
`w Extended Description
`The information either:
`The information either:
`1. is regarded as sensitive within the product's own functionality, such as a private
`1. is regarded as sensitive within the product's own functionality, such as a private
`message; or
`message; or
`2. provides information about the product or its environment that could be useful in an
`2. provides information about the product or its environment that could be useful in an
`attack but is normally not available to the attacker, such as the installation path of a
`attack but is normally not available to the attacker, such as the installation path of a
`product that is remotely accessible.
`product that is remotely accessible.
`Many information exposures are resultant (e.g. PHP script error revealing the full path of the
`Many information exposures are resultant (e.g. PHP script error revealing the full path of the
`program), but they can also be primary (e.g. timing discrepancies in cryptography). There are
`program), but they can also be primary (e.g. timing discrepancies in cryptography). There are
`many different types of problems that involve information exposures. Their severity can range
`many different types of problems that involve information exposures. Their severity can range
`widely depending on the type of information that is revealed.
`widely depending on the type of information that is revealed.
` Alternate Terms
`v" Alternate Terms
`Information Leak:
`Information Leak:
`
`This is a frequently used term, however the "leak" term has
`This is a frequently used term, however the "leak" term has
`multiple uses within security. In some cases it deals with
`multiple uses within security. In some cases it deals with
`exposure of information, but in other cases (such as "memory
`exposure of information, but in other cases (such as "memory
`leak") this deals with improper tracking of resources which
`leak") this deals with improper tracking of resources which
`can lead to exhaustion. As a result, CWE is actively avoiding
`can lead to exhaustion. As a result, CWE is actively avoiding
`usage of the "leak" term.
`usage of the "leak" term.
`Information Disclosure:
`This term is frequently used in vulnerability databases and
`Information Disclosure: This term is frequently used in vulnerability databases and
`other sources, however "disclosure" does not always have
`other sources, however "disclosure" does not always have
`security implications. The phrase "information disclosure" is
`security implications. The phrase "information disclosure" is
`also used frequently in policies and legal documents, but do
`also used frequently in policies and legal documents, but do
`not refer to disclosure of security-relevant information.
`not refer to disclosure of security-relevant information.
`
` Relationships
`v" Relationships
`The table(s) below shows the weaknesses and high level categories that are related to this
`The table(s) below shows the weaknesses and high level categories that are related to this
`weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to
`weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to
`similar items that may exist at higher and lower levels of abstraction. In addition,
`similar items that may exist at higher and lower levels of abstraction. In addition,
`relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the
`relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the
`user may want to explore.
`user may want to explore.
` Relevant to the view "Research Concepts" (CWE-1000)
`/ Relevant to the view "Research Concepts" (CWE-1000)
` Relevant to the view "Weaknesses for Simplified Mapping of Published
`/ Relevant to the view "Weaknesses for Simplified Mapping of Published
`Vulnerabilities" (CWE-1003)
`Vulnerabilities" (CWE-1003)
` Relevant to the view "Development Concepts" (CWE-699)
`/ Relevant to the view "Development Concepts" (CWE-699)
` Modes Of Introduction
`V' Modes Of Introduction
`
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`
`WIZ, Inc. EXHIBIT - 1057
`1/2
`WIZ, Inc. v. Orca Security LTD. 1/2
`
`WIZ, Inc. EXHIBIT - 1057
`WIZ, Inc. v. Orca Security LTD.
`
`
`
`Note
`Note
`
`CWE - CWE-200: Information Exposure (3.2)
`4/27/24, 3:43 PM
`CWE - CWE-200: Information Exposure (3.2)
`4/27/24, 3:43 PM
`The different Modes of Introduction provide information about how and when this weakness
`The different Modes of Introduction provide information about how and when this weakness
`may be introduced. The Phase identifies a point in the software life cycle at which introduction
`may be introduced. The Phase identifies a point in the software life cycle at which introduction
`may occur, while the Note provides a typical scenario related to introduction during the given
`may occur, while the Note provides a typical scenario related to introduction during the given
`phase.
`phase.
`Phase
`Phase
`Architecture and Design
`Architecture and Design
`Implementation
`Implementation
` Common Consequences
`'V Common Consequences
`The table below specifies different individual consequences associated with the weakness. The
`The table below specifies different individual consequences associated with the weakness. The
`Scope identifies the application security area that is violated, while the Impact describes the
`Scope identifies the application security area that is violated, while the Impact describes the
`negative technical impact that arises if an adversary succeeds in exploiting this weakness. The
`negative technical impact that arises if an adversary succeeds in exploiting this weakness. The
`Likelihood provides information about how likely the specific consequence is expected to be
`Likelihood provides information about how likely the specific consequence is expected to be
`seen relative to the other consequences in the list. For example, there may be high likelihood
`seen relative to the other consequences in the list. For example, there may be high likelihood
`that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will
`that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will
`be exploited to achieve a different impact.
`be exploited to achieve a different impact.
`Scope
`Impact
`Impact
`Confidentiality Technical Impact: Read Application Data
`Confidentiality Technical Impact: Read Application Data
`
`Likelihood
`Likelihood
`
` Likelihood Of Exploit
`v" Likelihood Of Exploit
`High
`High
` Memberships
`V Memberships
`This MemberOf Relationships table shows additional CWE Categories and Views that reference
`This MemberOf Relationships table shows additional CWE Categories and Views that reference
`this weakness as a member. This information is often useful in understanding where a
`this weakness as a member. This information is often useful in understanding where a
`weakness fits within the context of external information sources.
`weakness fits within the context of external information sources.
`Nature
`Type ID
`Name
`Type ID
`Nature
`Name
`MemberOf
`635 Weaknesses Originally Used by NVD from 2008 to 2016
`v
`MemberOf
`Weaknesses Originally Used by NVD from 2008 to 2016
`635
`MemberOf
`717
`OWASP Top Ten 2007 Category A6 - Information Leakage and
`IN 717
`OWASP Top Ten 2007 Category A6 - Information Leakage and
`MemberOf
`Improper Error Handling
`Improper Error Handling
`ra 963
`963
`SFP Secondary Cluster: Exposed Data
`MemberOf
`SFP Secondary Cluster: Exposed Data
`MemberOf
`
`More information is available — Please select a different filter.
`More information is available — Please select a different filter.
`
`
`
`Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more
`Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more
`information, please email cwe@mitre.org.
`information, please email cwe@mitre.org.
`CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright ©
`CWE is sponsored by US-CERT in the office of ybersecurity and Communications at the U.S. Department of Homeland Security. Copyright @
`2006-2019, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
`2006-2019, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
`
`Privacy Policy
`Privacy Policy_
`Terms of Use
`Terms of Use
`Site Map
`Site Map
`Contact Us
`Contact Us
`
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`https://web.archive.org/web/20190126150012/https://cwe.mitre.org/data/definitions/200.html
`
`2/2
`2/2
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
