QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-459

Back to CWE list

CWE-459

Incomplete Cleanup

Base
Draft

Description

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Common Consequences

Scope

Other
Confidentiality
Integrity

Impact

Other, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other)

Potential Mitigations

Architecture and Design
Implementation

Temporary files and other supporting resources should be deleted/released immediately after they are no longer needed.

CVE-2000-0552

World-readable temporary file not deleted after use.

CVE-2005-2293

Temporary file not deleted after use, leaking database usernames and passwords.

CVE-2002-0788

Interaction error creates a temporary file that can not be deleted due to strong permissions.

CVE-2002-2066

Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).

CVE-2002-2067

Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).

CVE-2002-2068

Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).

CVE-2002-2069

Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).

CVE-2002-2070

Alternate data streams for NTFS files are not cleared when files are wiped (alternate channel / infoleak).

CVE-2005-1744

Users not logged out when application is restarted after security-relevant changes were made.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now