CWE - CWE-442: Web Problems (2.7)

Home > CWE List > CWE- Individual Dictionary Definition (2.7)

CWE List
Full Dictionary View
Development View
Research View
Reports
Mapping & Navigation

About
Sources
Process
Documents
FAQs

Community
Use & Citations
SwA On-Ramp
Discussion List
Discussion Archives
Contact Us

Scoring
Prioritization
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

Presentation Filter:

CWE-442: Web Problems

Web Problems

Category ID: 442 (Category)

Status: Draft

Description

Description Summary

Weaknesses in this category are related to World Wide Web technology.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	18	Source Code	Development Concepts (primary)699
ParentOf	Weakness Base	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Development Concepts699
ParentOf	Weakness Base	113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')	Development Concepts (primary)699
ParentOf	Compound Element: Composite	352	Cross-Site Request Forgery (CSRF)	Development Concepts699
ParentOf	Weakness Base	425	Direct Request ('Forced Browsing')	Development Concepts699
ParentOf	Weakness Base	444	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')	Development Concepts (primary)699
ParentOf	Weakness Variant	601	URL Redirection to Untrusted Site ('Open Redirect')	Development Concepts699
ParentOf	Weakness Variant	611	Improper Restriction of XML External Entity Reference ('XXE')	Development Concepts (primary)699
ParentOf	Weakness Variant	644	Improper Neutralization of HTTP Headers for Scripting Syntax	Development Concepts699
ParentOf	Weakness Variant	646	Reliance on File Name or Extension of Externally-Supplied File	Development Concepts699
ParentOf	Weakness Variant	647	Use of Non-Canonical URL Paths for Authorization Decisions	Development Concepts699
ParentOf	Weakness Variant	776	Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')	Development Concepts699
ParentOf	Weakness Variant	784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision	Development Concepts699
ParentOf	Weakness Base	827	Improper Control of Document Type Definition	Development Concepts (primary)699

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
PLOVER			Web problems

Content History

Submissions
Submission Date	Submitter	Organization	Source
			Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08		MITRE	Internal
2008-09-08	updated Description, Relationships, Taxonomy_Mappings
2008-10-14		MITRE	Internal
2008-10-14	updated Relationships
2009-07-27		MITRE	Internal
2009-07-27	updated Relationships
2011-03-29		MITRE	Internal
2011-03-29	updated Relationships
2013-02-21		MITRE	Internal
2013-02-21	updated Relationships

Page Last Updated: June 23, 2014


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2014, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us