CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE VIEW: Chain Elements

View ID: 679
Structure: Implicit Slice
Status: Draft
Presentation Filter:
+ View Data

View Objective

This view (slice) displays only weakness elements that are part of a chain.

View Filter: (.//Relationship_Nature='CanPrecede') or (@ID = //Relationship_Target_ID[../Relationship_Nature='CanPrecede'])

+ Relationships
Weakness BaseWeakness Base Access of Resource Using Incompatible Type ('Type Confusion') - (843)
Weakness BaseWeakness Base Access of Uninitialized Pointer - (824)
Weakness VariantWeakness Variant Assigning instead of Comparing - (481)
Weakness VariantWeakness Variant Authentication Bypass by Alternate Name - (289)
Weakness BaseWeakness Base Buffer Access with Incorrect Length Value - (805)
Weakness BaseWeakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Weakness VariantWeakness Variant Buffer Over-read - (126)
Weakness BaseWeakness Base Buffer Underwrite ('Buffer Underflow') - (124)
CategoryCategory Cleansing, Canonicalization, and Comparison Errors - (171)
Weakness BaseWeakness Base Client-Side Enforcement of Server-Side Security - (602)
Weakness VariantWeakness Variant Cloneable Class Containing Sensitive Information - (498)
Weakness BaseWeakness Base Collapse of Data into Unsafe Value - (182)
Weakness ClassWeakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
Weakness BaseWeakness Base Deployment of Wrong Handler - (430)
Weakness ClassWeakness Class Detection of Error Condition Without Action - (390)
Weakness BaseWeakness Base Direct Request ('Forced Browsing') - (425)
Weakness VariantWeakness Variant Double Free - (415)
Weakness BaseWeakness Base Double-Checked Locking - (609)
Weakness BaseWeakness Base Download of Code Without Integrity Check - (494)
Weakness ClassWeakness Class Encoding Error - (172)
Weakness BaseWeakness Base Excessive Iteration - (834)
Weakness BaseWeakness Base Expired Pointer Dereference - (825)
Weakness VariantWeakness Variant Exposed IOCTL with Insufficient Access Control - (782)
Weakness VariantWeakness Variant Exposure of Data Element to Wrong Session - (488)
Weakness ClassWeakness Class Exposure of Resource to Wrong Sphere - (668)
Weakness BaseWeakness Base External Control of Assumed-Immutable Web Parameter - (472)
Weakness ClassWeakness Class External Control of File Name or Path - (73)
Weakness VariantWeakness Variant Free of Memory not on the Heap - (590)
Weakness VariantWeakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)
Weakness ClassWeakness Class Improper Authentication - (287)
Weakness VariantWeakness Variant Improper Clearing of Heap Memory Before Release ('Heap Inspection') - (244)
Weakness BaseWeakness Base Improper Control of Document Type Definition - (827)
Weakness BaseWeakness Base Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - (98)
Weakness ClassWeakness Class Improper Control of Generation of Code ('Code Injection') - (94)
Weakness ClassWeakness Class Improper Encoding or Escaping of Output - (116)
Weakness VariantWeakness Variant Improper Handling of Alternate Encoding - (173)
Weakness BaseWeakness Base Improper Handling of Case Sensitivity - (178)
Weakness VariantWeakness Variant Improper Handling of Extra Values - (231)
Weakness BaseWeakness Base Improper Handling of Length Parameter Inconsistency - (130)
Weakness ClassWeakness Class Improper Input Validation - (20)
Weakness ClassWeakness Class Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)
Weakness BaseWeakness Base Improper Link Resolution Before File Access ('Link Following') - (59)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)
Weakness BaseWeakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Weakness ClassWeakness Class Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - (74)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Weakness BaseWeakness Base Improper Null Termination - (170)
Weakness BaseWeakness Base Improper Output Neutralization for Logs - (117)
Weakness BaseWeakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)
Weakness BaseWeakness Base Improper Resolution of Path Equivalence - (41)
Weakness ClassWeakness Class Improper Restriction of Communication Channel to Intended Endpoints - (923)
Weakness ClassWeakness Class Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)
Weakness VariantWeakness Variant Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - (776)
Weakness BaseWeakness Base Improper Synchronization - (662)
Weakness BaseWeakness Base Improper Update of Reference Count - (911)
Weakness BaseWeakness Base Improper Validation of Array Index - (129)
Weakness BaseWeakness Base Incomplete Blacklist - (184)
Weakness ClassWeakness Class Incorrect Calculation - (682)
Weakness BaseWeakness Base Incorrect Calculation of Buffer Size - (131)
Weakness BaseWeakness Base Incorrect Conversion between Numeric Types - (681)
Weakness ClassWeakness Class Incorrect Regular Expression - (185)
Weakness ClassWeakness Class Incorrect Resource Transfer Between Spheres - (669)
Weakness BaseWeakness Base Incorrectly Specified Destination in a Communication Channel - (941)
Weakness ClassWeakness Class Information Exposure - (200)
Weakness BaseWeakness Base Information Exposure Through an Error Message - (209)
Weakness BaseWeakness Base Information Exposure Through Timing Discrepancy - (208)
Weakness ClassWeakness Class Insufficient Comparison - (697)
Weakness BaseWeakness Base Insufficient Control of Network Message Volume (Network Amplification) - (406)
Weakness BaseWeakness Base Insufficient Resource Pool - (410)
Weakness BaseWeakness Base Insufficient Session Expiration - (613)
Weakness BaseWeakness Base Integer Overflow or Wraparound - (190)
Weakness ClassWeakness Class Missing Custom Error Page - (756)
Weakness BaseWeakness Base Missing Handler - (431)
Weakness BaseWeakness Base Missing Initialization of a Variable - (456)
Weakness BaseWeakness Base Missing Initialization of Resource - (909)
Weakness BaseWeakness Base Missing Release of Resource after Effective Lifetime - (772)
Weakness BaseWeakness Base Modification of Assumed-Immutable Data (MAID) - (471)
Weakness BaseWeakness Base NULL Pointer Dereference - (476)
Weakness BaseWeakness Base Numeric Range Comparison Without Minimum Check - (839)
Weakness BaseWeakness Base Off-by-one Error - (193)
Weakness BaseWeakness Base Operation on a Resource after Expiration or Release - (672)
Weakness BaseWeakness Base Out-of-bounds Read - (125)
Weakness BaseWeakness Base Out-of-bounds Write - (787)
Weakness BaseWeakness Base Partial Comparison - (187)
Weakness VariantWeakness Variant Path Equivalence: '/multiple/trailing/slash//' - (52)
Weakness VariantWeakness Variant Path Equivalence: 'filename ' (Trailing Space) - (46)
Weakness VariantWeakness Variant Path Traversal: '....' (Multiple Dot) - (33)
Weakness VariantWeakness Variant Path Traversal: '....//' - (34)
Weakness VariantWeakness Variant Path Traversal: '.../...//' - (35)
Weakness BaseWeakness Base Permissive Whitelist - (183)
Weakness VariantWeakness Variant PHP External Variable Modification - (473)
Weakness BaseWeakness Base Premature Release of Resource During Expected Lifetime - (826)
Weakness BaseWeakness Base Race Condition Enabling Link Following - (363)
Weakness VariantWeakness Variant Reachable Assertion - (617)
Weakness VariantWeakness Variant Reliance on Reverse DNS Resolution for a Security-Critical Action - (350)
Weakness BaseWeakness Base Reliance on Security Through Obscurity - (656)
Weakness BaseWeakness Base Return of Stack Variable Address - (562)
Weakness VariantWeakness Variant Sensitive Data Under Web Root - (219)
Weakness VariantWeakness Variant Serializable Class Containing Sensitive Data - (499)
Weakness BaseWeakness Base Signal Handler Race Condition - (364)
Weakness VariantWeakness Variant Signal Handler Use of a Non-reentrant Function - (479)
Weakness VariantWeakness Variant Signed to Unsigned Conversion Error - (195)
Weakness BaseWeakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)
Weakness BaseWeakness Base Uncaught Exception in Servlet - (600)
Weakness BaseWeakness Base Unchecked Input for Loop Condition - (606)
Weakness BaseWeakness Base Unchecked Return Value - (252)
Weakness VariantWeakness Variant Uncontrolled Memory Allocation - (789)
Weakness BaseWeakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)
Weakness ClassWeakness Class Unintended Proxy or Intermediary ('Confused Deputy') - (441)
Weakness VariantWeakness Variant Unparsed Raw Web Content Delivery - (433)
Weakness BaseWeakness Base Unrestricted Upload of File with Dangerous Type - (434)
Weakness BaseWeakness Base Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
Weakness BaseWeakness Base Untrusted Pointer Dereference - (822)
Weakness BaseWeakness Base Use After Free - (416)
Weakness BaseWeakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)
Weakness BaseWeakness Base Use of Hard-coded Cryptographic Key - (321)
Weakness BaseWeakness Base Use of Hard-coded Password - (259)
Weakness BaseWeakness Base Use of Inherently Dangerous Function - (242)
Weakness BaseWeakness Base Use of Out-of-range Pointer Offset - (823)
Weakness VariantWeakness Variant Use of sizeof() on a Pointer Type - (467)
Weakness BaseWeakness Base Use of Uninitialized Resource - (908)
Weakness VariantWeakness Variant Use of Uninitialized Variable - (457)
Weakness BaseWeakness Base Variable Extraction Error - (621)
Weakness BaseWeakness Base Wrap-around Error - (128)
Weakness BaseWeakness Base Write-what-where Condition - (123)
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated View_Filter, View_Structure
+ View Metrics
CWEs in this viewTotal CWEs
Total127out of1005
Views0out of33
Categories1out of244
Weaknesses126out of720
Compound_Elements0out of8

More information is available — Please select a different filter.
Page Last Updated: January 19, 2017