CWE
Home > CWE List > CWE-275 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-275 Individual Dictionary Definition (Draft 9)

Permission Issues
Category ID
Status: Draft

275 (Category)

Description

Summary

Weaknesses in this category are related to improper assignment or handling of permissions.

Functional Area

File processing, non-specific.

Affected Resource

File/Directory

Relationships
NatureTypeIDName
ChildOfCategoryCategory264Permissions, Privileges, and Access Controls
ChildOfCategoryCategory632Weaknesses that Affect Files or Directories
ParentOfWeakness VariantWeakness VariantWeakness Variant276Insecure Default Permissions
ParentOfWeakness VariantWeakness VariantWeakness Variant277Insecure Inherited Permissions
ParentOfWeakness VariantWeakness VariantWeakness Variant278Insecure Preserved Inherited Permissions
ParentOfWeakness VariantWeakness VariantWeakness Variant279Insecure Execution-assigned Permissions
ParentOfWeakness BaseWeakness BaseWeakness Base280Failure to Handle Insufficient Permissions or Privileges
ParentOfWeakness BaseWeakness BaseWeakness Base281Permission Preservation Failure
ParentOfWeakness BaseWeakness BaseWeakness Base378Creation of Temporary File With Insecure Permissions
ParentOfWeakness VariantWeakness VariantWeakness Variant9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
IsRequiredByCompound Element: CompositeCompound Element: Composite426Untrusted Search Path
IsRequiredByCompound Element: CompositeCompound Element: Composite61UNIX Symbolic Link (Symlink) Following
ParentOfCompound Element: CompositeCompound Element: Composite689Permission Race Condition During Resource Copy
Source Taxonomies

PLOVER - Permission errors

Related Attack Patterns
CAPEC-IDAttack Pattern Name
35Leverage Executable Code in Nonexecutable Files
17Accessing, Modifying or Executing Executable Files
Back to top
Page Last Updated: April 22, 2008
 

CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us