MemberOf | View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 699 | Development Concepts |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
HasMember | Composite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. | 352 | Cross-Site Request Forgery (CSRF) |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 425 | Direct Request ('Forced Browsing') |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 601 | URL Redirection to Untrusted Site ('Open Redirect') |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 611 | Improper Restriction of XML External Entity Reference |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 644 | Improper Neutralization of HTTP Headers for Scripting Syntax |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 646 | Reliance on File Name or Extension of Externally-Supplied File |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 647 | Use of Non-Canonical URL Paths for Authorization Decisions |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 776 | Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 827 | Improper Control of Document Type Definition |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 918 | Server-Side Request Forgery (SSRF) |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 1004 | Sensitive Cookie Without 'HttpOnly' Flag |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1007 | Insufficient Visual Distinction of Homoglyphs Presented to User |
HasMember | Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. | 1021 | Improper Restriction of Rendered UI Layers or Frames |
HasMember | Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. | 1022 | Use of Web Link to Untrusted Target with window.opener Access |