CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.4)  

CWE-691: Insufficient Control Flow Management

 
Insufficient Control Flow Management
Weakness ID: 691 (Weakness Class)Status: Draft
+ Description

Description Summary

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Other

Technical Impact: Alter execution logic

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory361Time and State
Development Concepts (primary)699
ChildOfCategoryCategory907SFP Cluster: Other
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class94Improper Control of Generation of Code ('Code Injection')
Research Concepts1000
ParentOfWeakness ClassWeakness Class362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base430Deployment of Wrong Handler
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base431Missing Handler
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant623Unsafe ActiveX Control Marked Safe For Scripting
Research Concepts1000
ParentOfWeakness BaseWeakness Base662Improper Synchronization
Research Concepts1000
ParentOfWeakness ClassWeakness Class670Always-Incorrect Control Flow Implementation
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class696Incorrect Behavior Order
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class705Incorrect Control Flow Scoping
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base749Exposed Dangerous Method or Function
Research Concepts1000
ParentOfWeakness VariantWeakness Variant768Incorrect Short Circuit Evaluation
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class799Improper Control of Interaction Frequency
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base834Excessive Iteration
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base841Improper Enforcement of Behavioral Workflow
Research Concepts (primary)1000
MemberOfViewView1000Research Concepts
Research Concepts (primary)1000
+ Relevant Properties
  • Validity
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
WASC40Insufficient Process Validation
+ Maintenance Notes

This is a fairly high-level concept, although it covers a number of weaknesses in CWE that were more scattered throughout the Research view (CWE-1000) before Draft 9 was released.

+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes
2008-11-24CWE Content TeamMITREInternal
updated Relationships
2009-03-10CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2009-05-27CWE Content TeamMITREInternal
updated Relationships
2010-02-16CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2010-09-27CWE Content TeamMITREInternal
updated Relationships
2010-12-13CWE Content TeamMITREInternal
updated Relationships
2011-03-29CWE Content TeamMITREInternal
updated Maintenance_Notes, Other_Notes, Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
Back to top
Page Last Updated: February 20, 2013
 

CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security.

This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us