CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-813: OWASP Top Ten 2010 Category A4 - Insecure Direct Object References

 
OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
Category ID: 813 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2010.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness BaseWeakness Base434Unrestricted Upload of File with Dangerous Type
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness BaseWeakness Base639Authorization Bypass Through User-Controlled Key
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness ClassWeakness Class829Inclusion of Functionality from Untrusted Control Sphere
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness ClassWeakness Class862Missing Authorization
Weaknesses in OWASP Top Ten (2010) (primary)809
ParentOfWeakness ClassWeakness Class863Incorrect Authorization
Weaknesses in OWASP Top Ten (2010) (primary)809
MemberOfViewView809Weaknesses in OWASP Top Ten (2010)
Weaknesses in OWASP Top Ten (2010) (primary)809
+ References
OWASP. "Top 10 2010-A4-Insecure Direct Object References". <http://www.owasp.org/index.php/Top_10_2010-A4-Insecure_Direct_Object_References>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2010-06-17MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2011-09-13CWE Content TeamMITREInternal
updated Relationships
2013-02-21CWE Content TeamMITREInternal
updated Relationships
Page Last Updated: July 30, 2014