Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE CATEGORY: Channel and Path Errors

Category ID: 417
Status: Draft
+ Summary
Weaknesses in this category are related to improper handling of communication channels and access paths.
+ Membership
MemberOfCategoryCategory18Source Code
MemberOfViewView699Development Concepts
HasMemberBaseBase419Unprotected Primary Channel
HasMemberBaseBase420Unprotected Alternate Channel
HasMemberClassClass424Improper Protection of Alternate Path
HasMemberCompositeComposite426Untrusted Search Path
HasMemberCompositeComposite426Untrusted Search Path
HasMemberBaseBase427Uncontrolled Search Path Element
HasMemberBaseBase427Uncontrolled Search Path Element
HasMemberBaseBase428Unquoted Search Path or Element
HasMemberBaseBase428Unquoted Search Path or Element
HasMemberClassClass514Covert Channel
+ Notes


This category is being considered for deprecation. It is not clear whether communication channels are related closely enough to access paths. In addition, the "path" term is probably assumed by many readers to be associated with file paths, as opposed to the original meaning as intended in PLOVER.


A number of vulnerabilities are specifically related to problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems. They are commonly used in "bypass" attacks, such as those that exploit authentication errors.

Research Gap

Most of these issues are probably under-studied. Only a handful of public reports exist.
+ Content History
Submission DateSubmitterOrganization
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-07-27CWE Content TeamMITRE
updated Other_Notes, Relationship_Notes
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-01-19CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Applicable_Platforms, Maintenance_Notes, Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018