{"@ID": "1125", "@Name": "Excessive Attack Surface", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product has an attack surface whose quantitative\n\t\t\t\t\tmeasurement exceeds a desirable maximum.", "Extended_Description": {"xhtml:p": "Originating from software security, an \"attack surface\" measure typically reflects the number of input points and output points that can be utilized by an untrusted party, i.e. a potential attacker. A larger attack surface provides more places to attack, and more opportunities for developers to introduce weaknesses.  In some cases, this measure may reflect other aspects of quality besides security; e.g., a product with many inputs and outputs may require a large number of tests in order to improve code coverage."}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "1120", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Indirect"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": [{"Phase": "Implementation"}, {"Phase": "Architecture and Design"}]}, "Common_Consequences": {"Consequence": {"Scope": "Other", "Impact": "Varies by Context"}}, "References": {"Reference": [{"@External_Reference_ID": "REF-966"}, {"@External_Reference_ID": "REF-967"}]}, "Mapping_Notes": {"Usage": "Prohibited", "Rationale": "This entry is primarily a quality issue with no direct security implications.", "Comments": "Look for weaknesses that are focused specifically on insecure behaviors that have more direct security implications.", "Reasons": {"Reason": {"@Type": "Other"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2018-07-02", "Submission_Version": "3.2", "Submission_ReleaseDate": "2019-01-03", "Submission_Comment": "Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2024-02-29", "Modification_Version": "4.14", "Modification_ReleaseDate": "2024-02-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Common_Consequences, Relationships, Time_of_Introduction"}]}}
