CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-442: Web Problems

 
Web Problems
Category ID: 442 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to World Wide Web technology.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base79Failure to Preserve Web Page Structure ('Cross-site Scripting')
Development Concepts699
ParentOfWeakness BaseWeakness Base113Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant601URL Redirection to Untrusted Site ('Open Redirect')
Development Concepts699
ParentOfWeakness VariantWeakness Variant644Improper Sanitization of HTTP Headers for Scripting Syntax
Development Concepts699
ParentOfWeakness VariantWeakness Variant646Reliance on File Name or Extension of Externally-Supplied File
Development Concepts699
ParentOfWeakness VariantWeakness Variant647Use of Non-Canonical URL Paths for Authorization Decisions
Development Concepts699
ParentOfWeakness VariantWeakness Variant784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Development Concepts699
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERWeb problems
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy Mappings
2008-10-14CWE Content TeamMITREInternal
updated Relationships
2009-07-27CWE Content TeamMITREInternal
updated Relationships
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us