CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-351: Insufficient Type Distinction

Weakness ID: 351
Abstraction: Base
Status: Draft
Presentation Filter:
+ Description

Description Summary

The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other

Technical Impact: Other

+ Observed Examples
ReferenceDescription
Browser user interface does not distinguish between user-initiated and synthetic events.
Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory993SFP Secondary Cluster: Incorrect Input Handling
Software Fault Pattern (SFP) Clusters (primary)888
PeerOfWeakness BaseWeakness Base436Interpretation Conflict
Research Concepts1000
PeerOfWeakness BaseWeakness Base434Unrestricted Upload of File with Dangerous Type
Research Concepts1000
+ Relationship Notes

Overlaps others, e.g. Multiple Interpretation Errors.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERInsufficient Type Distinction
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Relationship_Notes, Taxonomy_Mappings
2010-02-16CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017