CWE - CWE-722: OWASP Top Ten 2004 Category A1

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-722: OWASP Top Ten 2004 Category A1 - Unvalidated Input

OWASP Top Ten 2004 Category A1 - Unvalidated Input

Category ID: 722 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to the A1 category in the OWASP Top Ten 2004.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Weakness Class	20	Improper Input Validation	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Class	77	Improper Neutralization of Special Elements used in a Command ('Command Injection')	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Base	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Base	89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Variant	102	Struts: Duplicate Validation Forms	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	103	Struts: Incomplete validate() Method Definition	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	104	Struts: Form Bean Does Not Extend Validation Class	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	106	Struts: Plug-in Framework not in Use	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	109	Struts: Validator Turned Off	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Base	166	Improper Handling of Missing Special Element	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	167	Improper Handling of Additional Special Element	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	179	Incorrect Behavior Order: Early Validation	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	180	Incorrect Behavior Order: Validate Before Canonicalize	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	181	Incorrect Behavior Order: Validate Before Filter	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	182	Collapse of Data into Unsafe Value	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	183	Permissive Whitelist	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	425	Direct Request ('Forced Browsing')	Weaknesses in OWASP Top Ten (2004)711
ParentOf	Weakness Base	472	External Control of Assumed-Immutable Web Parameter	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Variant	601	URL Redirection to Untrusted Site ('Open Redirect')	Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOf	Weakness Base	602	Client-Side Enforcement of Server-Side Security	Weaknesses in OWASP Top Ten (2004) (primary)711
MemberOf	View	711	Weaknesses in OWASP Top Ten (2004)	Weaknesses in OWASP Top Ten (2004) (primary)711

References

OWASP. "A1 Unvalidated Input". 2007. <http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2008-08-15		Veracode	External Submission
2008-08-15	Suggested creation of view and provided mappings
Modifications
Modification Date	Modifier	Organization	Source
2009-03-10	CWE Content Team	MITRE	Internal
2009-03-10	updated Relationships

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us