CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.5)  

CWE-442: Web Problems

 
Web Problems
Category ID: 442 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to World Wide Web technology.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Development Concepts699
ParentOfWeakness BaseWeakness Base113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Development Concepts (primary)699
ParentOfCompound Element: CompositeCompound Element: Composite352Cross-Site Request Forgery (CSRF)
Development Concepts699
ParentOfWeakness BaseWeakness Base425Direct Request ('Forced Browsing')
Development Concepts699
ParentOfWeakness BaseWeakness Base444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant601URL Redirection to Untrusted Site ('Open Redirect')
Development Concepts699
ParentOfWeakness VariantWeakness Variant611Improper Restriction of XML External Entity Reference ('XXE')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant644Improper Neutralization of HTTP Headers for Scripting Syntax
Development Concepts699
ParentOfWeakness VariantWeakness Variant646Reliance on File Name or Extension of Externally-Supplied File
Development Concepts699
ParentOfWeakness VariantWeakness Variant647Use of Non-Canonical URL Paths for Authorization Decisions
Development Concepts699
ParentOfWeakness VariantWeakness Variant776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Development Concepts699
ParentOfWeakness VariantWeakness Variant784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Development Concepts699
ParentOfWeakness BaseWeakness Base827Improper Control of Document Type Definition
Development Concepts (primary)699
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERWeb problems
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy_Mappings
2008-10-14CWE Content TeamMITREInternal
updated Relationships
2009-07-27CWE Content TeamMITREInternal
updated Relationships
2011-03-29CWE Content TeamMITREInternal
updated Relationships
2013-02-21CWE Content TeamMITREInternal
updated Relationships
Page Last Updated: July 16, 2013
 

CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us