CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.6)  

Presentation Filter:

CWE-442: Web Problems

 
Web Problems
Category ID: 442 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to World Wide Web technology.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Development Concepts699
ParentOfWeakness BaseWeakness Base113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Development Concepts (primary)699
ParentOfCompound Element: CompositeCompound Element: Composite352Cross-Site Request Forgery (CSRF)
Development Concepts699
ParentOfWeakness BaseWeakness Base425Direct Request ('Forced Browsing')
Development Concepts699
ParentOfWeakness BaseWeakness Base444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant601URL Redirection to Untrusted Site ('Open Redirect')
Development Concepts699
ParentOfWeakness VariantWeakness Variant611Improper Restriction of XML External Entity Reference ('XXE')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant644Improper Neutralization of HTTP Headers for Scripting Syntax
Development Concepts699
ParentOfWeakness VariantWeakness Variant646Reliance on File Name or Extension of Externally-Supplied File
Development Concepts699
ParentOfWeakness VariantWeakness Variant647Use of Non-Canonical URL Paths for Authorization Decisions
Development Concepts699
ParentOfWeakness VariantWeakness Variant776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Development Concepts699
ParentOfWeakness VariantWeakness Variant784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Development Concepts699
ParentOfWeakness BaseWeakness Base827Improper Control of Document Type Definition
Development Concepts (primary)699
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERWeb problems
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Taxonomy_Mappings
2008-10-14CWE Content TeamMITREInternal
updated Relationships
2009-07-27CWE Content TeamMITREInternal
updated Relationships
2011-03-29CWE Content TeamMITREInternal
updated Relationships
2013-02-21CWE Content TeamMITREInternal
updated Relationships
Page Last Updated: February 18, 2014