CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-845: CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)

 
CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)
Category ID: 845 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to rules in the Input Validation and Data Sanitization section of the CERT Java Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness BaseWeakness Base78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness ClassWeakness Class116Improper Encoding or Escaping of Output
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base134Uncontrolled Format String
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness VariantWeakness Variant144Improper Neutralization of Line Delimiters
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness VariantWeakness Variant150Improper Neutralization of Escape, Meta, or Control Sequences
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfCategoryCategory171Cleansing, Canonicalization, and Comparison Errors
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base180Incorrect Behavior Order: Validate Before Canonicalize
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base182Collapse of Data into Unsafe Value
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness VariantWeakness Variant289Authentication Bypass by Alternate Name
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base409Improper Handling of Highly Compressed Data (Data Amplification)
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base625Permissive Regular Expression
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness VariantWeakness Variant647Use of Non-Canonical URL Paths for Authorization Decisions
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOfWeakness BaseWeakness Base838Inappropriate Encoding for Output Context
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
MemberOfViewView844Weaknesses Addressed by the CERT Java Secure Coding Standard
Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
+ References
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2011-05-24Internal CWE Team
Page Last Updated: June 23, 2014