CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE VIEW: Weakness Base Elements

View ID: 677
Type: Implicit
Status: Draft
+ Objective
This view (slice) displays only weakness base elements.
+ Filter
/Weakness_Catalog/Weaknesses/Weakness[@Abstraction='Base']
+ Membership
NatureTypeIDName
HasMemberBaseBase14Compiler Removal of Code to Clear Buffers
HasMemberBaseBase15External Control of System or Configuration Setting
HasMemberBaseBase23Relative Path Traversal
HasMemberBaseBase36Absolute Path Traversal
HasMemberBaseBase41Improper Resolution of Path Equivalence
HasMemberBaseBase59Improper Link Resolution Before File Access ('Link Following')
HasMemberBaseBase66Improper Handling of File Names that Identify Virtual Resources
HasMemberBaseBase76Improper Neutralization of Equivalent Special Elements
HasMemberBaseBase78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberBaseBase79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberBaseBase88Argument Injection or Modification
HasMemberBaseBase89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberBaseBase90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMemberBaseBase91XML Injection (aka Blind XPath Injection)
HasMemberDeprecatedDeprecated92DEPRECATED: Improper Sanitization of Custom Special Characters
HasMemberBaseBase93Improper Neutralization of CRLF Sequences ('CRLF Injection')
HasMemberBaseBase95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMemberBaseBase96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
HasMemberBaseBase98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
HasMemberBaseBase99Improper Control of Resource Identifiers ('Resource Injection')
HasMemberBaseBase111Direct Use of Unsafe JNI
HasMemberBaseBase112Missing XML Validation
HasMemberBaseBase113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
HasMemberBaseBase114Process Control
HasMemberBaseBase115Misinterpretation of Input
HasMemberBaseBase117Improper Output Neutralization for Logs
HasMemberBaseBase120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberBaseBase123Write-what-where Condition
HasMemberBaseBase124Buffer Underwrite ('Buffer Underflow')
HasMemberBaseBase125Out-of-bounds Read
HasMemberBaseBase128Wrap-around Error
HasMemberBaseBase129Improper Validation of Array Index
HasMemberBaseBase130Improper Handling of Length Parameter Inconsistency
HasMemberBaseBase131Incorrect Calculation of Buffer Size
HasMemberDeprecatedDeprecated132DEPRECATED (Duplicate): Miscalculated Null Termination
HasMemberBaseBase134Use of Externally-Controlled Format String
HasMemberBaseBase135Incorrect Calculation of Multi-Byte String Length
HasMemberBaseBase140Improper Neutralization of Delimiters
HasMemberBaseBase166Improper Handling of Missing Special Element
HasMemberBaseBase167Improper Handling of Additional Special Element
HasMemberBaseBase168Improper Handling of Inconsistent Special Elements
HasMemberBaseBase170Improper Null Termination
HasMemberBaseBase178Improper Handling of Case Sensitivity
HasMemberBaseBase179Incorrect Behavior Order: Early Validation
HasMemberBaseBase180Incorrect Behavior Order: Validate Before Canonicalize
HasMemberBaseBase181Incorrect Behavior Order: Validate Before Filter
HasMemberBaseBase182Collapse of Data into Unsafe Value
HasMemberBaseBase183Permissive Whitelist
HasMemberBaseBase184Incomplete Blacklist
HasMemberBaseBase186Overly Restrictive Regular Expression
HasMemberBaseBase187Partial Comparison
HasMemberBaseBase188Reliance on Data/Memory Layout
HasMemberBaseBase190Integer Overflow or Wraparound
HasMemberBaseBase191Integer Underflow (Wrap or Wraparound)
HasMemberBaseBase193Off-by-one Error
HasMemberBaseBase194Unexpected Sign Extension
HasMemberBaseBase197Numeric Truncation Error
HasMemberBaseBase198Use of Incorrect Byte Ordering
HasMemberBaseBase204Response Discrepancy Information Exposure
HasMemberBaseBase205Information Exposure Through Behavioral Discrepancy
HasMemberBaseBase208Information Exposure Through Timing Discrepancy
HasMemberBaseBase209Information Exposure Through an Error Message
HasMemberBaseBase210Information Exposure Through Self-generated Error Message
HasMemberBaseBase211Information Exposure Through Externally-Generated Error Message
HasMemberBaseBase212Improper Cross-boundary Removal of Sensitive Data
HasMemberBaseBase213Intentional Information Exposure
HasMemberDeprecatedDeprecated217DEPRECATED: Failure to Protect Stored Data from Modification
HasMemberDeprecatedDeprecated218DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
HasMemberBaseBase222Truncation of Security-relevant Information
HasMemberBaseBase223Omission of Security-relevant Information
HasMemberBaseBase224Obscured Security-relevant Information by Alternate Name
HasMemberDeprecatedDeprecated225DEPRECATED (Duplicate): General Information Management Problems
HasMemberBaseBase226Sensitive Information Uncleared Before Release
HasMemberBaseBase229Improper Handling of Values
HasMemberBaseBase233Improper Handling of Parameters
HasMemberBaseBase237Improper Handling of Structural Elements
HasMemberBaseBase240Improper Handling of Inconsistent Structural Elements
HasMemberBaseBase241Improper Handling of Unexpected Data Type
HasMemberBaseBase242Use of Inherently Dangerous Function
HasMemberDeprecatedDeprecated247DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision
HasMemberBaseBase248Uncaught Exception
HasMemberBaseBase252Unchecked Return Value
HasMemberBaseBase253Incorrect Check of Function Return Value
HasMemberBaseBase257Storing Passwords in a Recoverable Format
HasMemberBaseBase259Use of Hard-coded Password
HasMemberBaseBase263Password Aging with Long Expiration
HasMemberBaseBase266Incorrect Privilege Assignment
HasMemberBaseBase267Privilege Defined With Unsafe Actions
HasMemberBaseBase268Privilege Chaining
HasMemberBaseBase270Privilege Context Switching Error
HasMemberBaseBase272Least Privilege Violation
HasMemberBaseBase273Improper Check for Dropped Privileges
HasMemberBaseBase274Improper Handling of Insufficient Privileges
HasMemberBaseBase280Improper Handling of Insufficient Permissions or Privileges
HasMemberBaseBase281Improper Preservation of Permissions
HasMemberBaseBase283Unverified Ownership
HasMemberBaseBase288Authentication Bypass Using an Alternate Path or Channel
HasMemberBaseBase290Authentication Bypass by Spoofing
HasMemberBaseBase294Authentication Bypass by Capture-replay
HasMemberBaseBase295Improper Certificate Validation
HasMemberBaseBase296Improper Following of a Certificate's Chain of Trust
HasMemberBaseBase299Improper Check for Certificate Revocation
HasMemberBaseBase303Incorrect Implementation of Authentication Algorithm
HasMemberBaseBase304Missing Critical Step in Authentication
HasMemberBaseBase305Authentication Bypass by Primary Weakness
HasMemberBaseBase307Improper Restriction of Excessive Authentication Attempts
HasMemberBaseBase308Use of Single-factor Authentication
HasMemberBaseBase309Use of Password System for Primary Authentication
HasMemberBaseBase311Missing Encryption of Sensitive Data
HasMemberBaseBase312Cleartext Storage of Sensitive Information
HasMemberBaseBase319Cleartext Transmission of Sensitive Information
HasMemberBaseBase321Use of Hard-coded Cryptographic Key
HasMemberBaseBase322Key Exchange without Entity Authentication
HasMemberBaseBase323Reusing a Nonce, Key Pair in Encryption
HasMemberBaseBase324Use of a Key Past its Expiration Date
HasMemberBaseBase325Missing Required Cryptographic Step
HasMemberBaseBase327Use of a Broken or Risky Cryptographic Algorithm
HasMemberBaseBase328Reversible One-Way Hash
HasMemberBaseBase331Insufficient Entropy
HasMemberBaseBase334Small Space of Random Values
HasMemberBaseBase335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase336Same Seed in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase337Predictable Seed in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase339Small Seed Space in PRNG
HasMemberBaseBase341Predictable from Observable State
HasMemberBaseBase342Predictable Exact Value from Previous Values
HasMemberBaseBase343Predictable Value Range from Previous Values
HasMemberBaseBase344Use of Invariant Value in Dynamically Changing Context
HasMemberBaseBase346Origin Validation Error
HasMemberBaseBase347Improper Verification of Cryptographic Signature
HasMemberBaseBase348Use of Less Trusted Source
HasMemberBaseBase349Acceptance of Extraneous Untrusted Data With Trusted Data
HasMemberBaseBase351Insufficient Type Distinction
HasMemberBaseBase353Missing Support for Integrity Check
HasMemberBaseBase354Improper Validation of Integrity Check Value
HasMemberBaseBase356Product UI does not Warn User of Unsafe Actions
HasMemberBaseBase357Insufficient UI Warning of Dangerous Operations
HasMemberBaseBase358Improperly Implemented Security Check for Standard
HasMemberBaseBase360Trust of System Event Data
HasMemberBaseBase363Race Condition Enabling Link Following
HasMemberBaseBase364Signal Handler Race Condition
HasMemberBaseBase365Race Condition in Switch
HasMemberBaseBase366Race Condition within a Thread
HasMemberBaseBase367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberBaseBase368Context Switching Race Condition
HasMemberBaseBase369Divide By Zero
HasMemberBaseBase372Incomplete Internal State Distinction
HasMemberDeprecatedDeprecated373DEPRECATED: State Synchronization Error
HasMemberBaseBase374Passing Mutable Objects to an Untrusted Method
HasMemberBaseBase375Returning a Mutable Object to an Untrusted Caller
HasMemberBaseBase377Insecure Temporary File
HasMemberBaseBase378Creation of Temporary File With Insecure Permissions
HasMemberBaseBase379Creation of Temporary File in Directory with Incorrect Permissions
HasMemberBaseBase385Covert Timing Channel
HasMemberBaseBase386Symbolic Name not Mapping to Correct Object
HasMemberBaseBase391Unchecked Error Condition
HasMemberBaseBase392Missing Report of Error Condition
HasMemberBaseBase393Return of Wrong Status Code
HasMemberBaseBase394Unexpected Status Code or Return Value
HasMemberBaseBase395Use of NullPointerException Catch to Detect NULL Pointer Dereference
HasMemberBaseBase396Declaration of Catch for Generic Exception
HasMemberBaseBase397Declaration of Throws for Generic Exception
HasMemberBaseBase400Uncontrolled Resource Consumption ('Resource Exhaustion')
HasMemberBaseBase401Improper Release of Memory Before Removing Last Reference ('Memory Leak')
HasMemberBaseBase403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberBaseBase404Improper Resource Shutdown or Release
HasMemberBaseBase406Insufficient Control of Network Message Volume (Network Amplification)
HasMemberBaseBase407Algorithmic Complexity
HasMemberBaseBase408Incorrect Behavior Order: Early Amplification
HasMemberBaseBase409Improper Handling of Highly Compressed Data (Data Amplification)
HasMemberBaseBase410Insufficient Resource Pool
HasMemberBaseBase412Unrestricted Externally Accessible Lock
HasMemberBaseBase413Improper Resource Locking
HasMemberBaseBase414Missing Lock Check
HasMemberBaseBase416Use After Free
HasMemberBaseBase419Unprotected Primary Channel
HasMemberBaseBase420Unprotected Alternate Channel
HasMemberBaseBase421Race Condition During Access to Alternate Channel
HasMemberDeprecatedDeprecated423DEPRECATED (Duplicate): Proxied Trusted Channel
HasMemberBaseBase425Direct Request ('Forced Browsing')
HasMemberBaseBase427Uncontrolled Search Path Element
HasMemberBaseBase428Unquoted Search Path or Element
HasMemberBaseBase430Deployment of Wrong Handler
HasMemberBaseBase431Missing Handler
HasMemberBaseBase432Dangerous Signal Handler not Disabled During Sensitive Operations
HasMemberBaseBase434Unrestricted Upload of File with Dangerous Type
HasMemberBaseBase436Interpretation Conflict
HasMemberBaseBase437Incomplete Model of Endpoint Features
HasMemberBaseBase439Behavioral Change in New Version or Environment
HasMemberBaseBase440Expected Behavior Violation
HasMemberDeprecatedDeprecated443DEPRECATED (Duplicate): HTTP response splitting
HasMemberBaseBase444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
HasMemberBaseBase446UI Discrepancy for Security Feature
HasMemberBaseBase447Unimplemented or Unsupported Feature in UI
HasMemberBaseBase448Obsolete Feature in UI
HasMemberBaseBase449The UI Performs the Wrong Action
HasMemberBaseBase450Multiple Interpretations of UI Input
HasMemberBaseBase453Insecure Default Variable Initialization
HasMemberBaseBase454External Initialization of Trusted Variables or Data Stores
HasMemberBaseBase455Non-exit on Failed Initialization
HasMemberBaseBase456Missing Initialization of a Variable
HasMemberDeprecatedDeprecated458DEPRECATED: Incorrect Initialization
HasMemberBaseBase459Incomplete Cleanup
HasMemberBaseBase462Duplicate Key in Associative List (Alist)
HasMemberBaseBase463Deletion of Data Structure Sentinel
HasMemberBaseBase464Addition of Data Structure Sentinel
HasMemberBaseBase466Return of Pointer Value Outside of Expected Range
HasMemberBaseBase468Incorrect Pointer Scaling
HasMemberBaseBase469Use of Pointer Subtraction to Determine Size
HasMemberBaseBase470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberBaseBase471Modification of Assumed-Immutable Data (MAID)
HasMemberBaseBase472External Control of Assumed-Immutable Web Parameter
HasMemberBaseBase474Use of Function with Inconsistent Implementations
HasMemberBaseBase475Undefined Behavior for Input to API
HasMemberBaseBase476NULL Pointer Dereference
HasMemberBaseBase477Use of Obsolete Function
HasMemberBaseBase480Use of Incorrect Operator
HasMemberBaseBase484Omitted Break Statement in Switch
HasMemberBaseBase489Leftover Debug Code
HasMemberBaseBase494Download of Code Without Integrity Check
HasMemberBaseBase501Trust Boundary Violation
HasMemberBaseBase507Trojan Horse
HasMemberBaseBase508Non-Replicating Malicious Code
HasMemberBaseBase509Replicating Malicious Code (Virus or Worm)
HasMemberBaseBase510Trapdoor
HasMemberBaseBase511Logic/Time Bomb
HasMemberBaseBase512Spyware
HasMemberBaseBase515Covert Storage Channel
HasMemberDeprecatedDeprecated516DEPRECATED (Duplicate): Covert Timing Channel
HasMemberBaseBase521Weak Password Requirements
HasMemberBaseBase522Insufficiently Protected Credentials
HasMemberBaseBase538File and Directory Information Exposure
HasMemberBaseBase544Missing Standardized Error Handling Mechanism
HasMemberBaseBase551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
HasMemberBaseBase552Files or Directories Accessible to External Parties
HasMemberBaseBase562Return of Stack Variable Address
HasMemberBaseBase565Reliance on Cookies without Validation and Integrity Checking
HasMemberBaseBase567Unsynchronized Access to Shared Data in a Multithreaded Context
HasMemberBaseBase581Object Model Violation: Just One of Equals and Hashcode Defined
HasMemberBaseBase584Return Inside Finally Block
HasMemberBaseBase587Assignment of a Fixed Address to a Pointer
HasMemberBaseBase595Comparison of Object References Instead of Object Contents
HasMemberBaseBase596Incorrect Semantic Object Comparison
HasMemberBaseBase600Uncaught Exception in Servlet
HasMemberBaseBase602Client-Side Enforcement of Server-Side Security
HasMemberBaseBase603Use of Client-Side Authentication
HasMemberBaseBase605Multiple Binds to the Same Port
HasMemberBaseBase606Unchecked Input for Loop Condition
HasMemberBaseBase609Double-Checked Locking
HasMemberBaseBase613Insufficient Session Expiration
HasMemberBaseBase618Exposed Unsafe ActiveX Method
HasMemberBaseBase619Dangling Database Cursor ('Cursor Injection')
HasMemberBaseBase621Variable Extraction Error
HasMemberBaseBase624Executable Regular Expression Error
HasMemberBaseBase625Permissive Regular Expression
HasMemberBaseBase627Dynamic Variable Evaluation
HasMemberBaseBase628Function Call with Incorrectly Specified Arguments
HasMemberBaseBase639Authorization Bypass Through User-Controlled Key
HasMemberBaseBase640Weak Password Recovery Mechanism for Forgotten Password
HasMemberBaseBase641Improper Restriction of Names for Files and Other Resources
HasMemberBaseBase643Improper Neutralization of Data within XPath Expressions ('XPath Injection')
HasMemberBaseBase645Overly Restrictive Account Lockout Mechanism
HasMemberBaseBase648Incorrect Use of Privileged APIs
HasMemberBaseBase649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
HasMemberBaseBase652Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
HasMemberBaseBase653Insufficient Compartmentalization
HasMemberBaseBase654Reliance on a Single Factor in a Security Decision
HasMemberBaseBase655Insufficient Psychological Acceptability
HasMemberBaseBase656Reliance on Security Through Obscurity
HasMemberBaseBase662Improper Synchronization
HasMemberBaseBase663Use of a Non-reentrant Function in a Concurrent Context
HasMemberBaseBase666Operation on Resource in Wrong Phase of Lifetime
HasMemberBaseBase667Improper Locking
HasMemberBaseBase672Operation on a Resource after Expiration or Release
HasMemberBaseBase674Uncontrolled Recursion
HasMemberBaseBase676Use of Potentially Dangerous Function
HasMemberBaseBase694Use of Multiple Resources with Duplicate Identifier
HasMemberBaseBase695Use of Low-Level Functionality
HasMemberBaseBase698Execution After Redirect (EAR)
HasMemberBaseBase708Incorrect Ownership Assignment
HasMemberBaseBase733Compiler Optimization Removal or Modification of Security-critical Code
HasMemberBaseBase749Exposed Dangerous Method or Function
HasMemberBaseBase759Use of a One-Way Hash without a Salt
HasMemberBaseBase760Use of a One-Way Hash with a Predictable Salt
HasMemberBaseBase763Release of Invalid Pointer or Reference
HasMemberBaseBase769Uncontrolled File Descriptor Consumption
HasMemberBaseBase770Allocation of Resources Without Limits or Throttling
HasMemberBaseBase771Missing Reference to Active Allocated Resource
HasMemberBaseBase772Missing Release of Resource after Effective Lifetime
HasMemberBaseBase778Insufficient Logging
HasMemberBaseBase779Logging of Excessive Data
HasMemberBaseBase786Access of Memory Location Before Start of Buffer
HasMemberBaseBase787Out-of-bounds Write
HasMemberBaseBase788Access of Memory Location After End of Buffer
HasMemberBaseBase791Incomplete Filtering of Special Elements
HasMemberBaseBase795Only Filtering Special Elements at a Specified Location
HasMemberBaseBase798Use of Hard-coded Credentials
HasMemberBaseBase804Guessable CAPTCHA
HasMemberBaseBase805Buffer Access with Incorrect Length Value
HasMemberBaseBase807Reliance on Untrusted Inputs in a Security Decision
HasMemberBaseBase820Missing Synchronization
HasMemberBaseBase821Incorrect Synchronization
HasMemberBaseBase822Untrusted Pointer Dereference
HasMemberBaseBase823Use of Out-of-range Pointer Offset
HasMemberBaseBase824Access of Uninitialized Pointer
HasMemberBaseBase825Expired Pointer Dereference
HasMemberBaseBase826Premature Release of Resource During Expected Lifetime
HasMemberBaseBase827Improper Control of Document Type Definition
HasMemberBaseBase828Signal Handler with Functionality that is not Asynchronous-Safe
HasMemberBaseBase830Inclusion of Web Functionality from an Untrusted Source
HasMemberBaseBase831Signal Handler Function Associated with Multiple Signals
HasMemberBaseBase832Unlock of a Resource that is not Locked
HasMemberBaseBase833Deadlock
HasMemberBaseBase834Excessive Iteration
HasMemberBaseBase835Loop with Unreachable Exit Condition ('Infinite Loop')
HasMemberBaseBase836Use of Password Hash Instead of Password for Authentication
HasMemberBaseBase837Improper Enforcement of a Single, Unique Action
HasMemberBaseBase838Inappropriate Encoding for Output Context
HasMemberBaseBase839Numeric Range Comparison Without Minimum Check
HasMemberBaseBase841Improper Enforcement of Behavioral Workflow
HasMemberBaseBase842Placement of User into Incorrect Group
HasMemberBaseBase843Access of Resource Using Incompatible Type ('Type Confusion')
HasMemberBaseBase908Use of Uninitialized Resource
HasMemberBaseBase909Missing Initialization of Resource
HasMemberBaseBase910Use of Expired File Descriptor
HasMemberBaseBase911Improper Update of Reference Count
HasMemberBaseBase914Improper Control of Dynamically-Identified Variables
HasMemberBaseBase915Improperly Controlled Modification of Dynamically-Determined Object Attributes
HasMemberBaseBase916Use of Password Hash With Insufficient Computational Effort
HasMemberBaseBase917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
HasMemberBaseBase918Server-Side Request Forgery (SSRF)
HasMemberBaseBase920Improper Restriction of Power Consumption
HasMemberBaseBase921Storage of Sensitive Data in a Mechanism without Access Control
HasMemberBaseBase939Improper Authorization in Handler for Custom URL Scheme
HasMemberBaseBase940Improper Verification of Source of a Communication Channel
HasMemberBaseBase941Incorrectly Specified Destination in a Communication Channel
HasMemberBaseBase1007Insufficient Visual Distinction of Homoglyphs Presented to User
HasMemberBaseBase1021Improper Restriction of Rendered UI Layers or Frames
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITRE
updated View_Filter, View_Structure
+ View Metrics
CWEs in this viewTotal CWEs
Total328out of982
Weaknesses328out of 714
Categories0out of 237
Views0out of 31

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017