CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-884: CWE Cross-section

 
CWE Cross-section
View ID: 884 (View: Explicit Slice)Status: Incomplete
+ View Data

View Objective

This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful to most audiences. It can be used by researchers to determine how broad their theories, models, or tools are. It will also be used by the CWE content team in 2012 to focus quality improvement efforts for individual CWE entries.

+ View Metrics
CWEs in this viewTotal CWEs
Total158out of945
Views0out of31
Categories0out of187
Weaknesses157out of719
Compound_Elements1out of8
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
HasMemberWeakness BaseWeakness Base14Compiler Removal of Code to Clear Buffers
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base23Relative Path Traversal
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base36Absolute Path Traversal
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base41Improper Resolution of Path Equivalence
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base59Improper Link Resolution Before File Access ('Link Following')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base88Argument Injection or Modification
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class94Improper Control of Generation of Code ('Code Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base117Improper Output Neutralization for Logs
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base129Improper Validation of Array Index
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base131Incorrect Calculation of Buffer Size
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base134Uncontrolled Format String
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base135Incorrect Calculation of Multi-Byte String Length
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base170Improper Null Termination
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant173Improper Handling of Alternate Encoding
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant174Double Decoding of the Same Data
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant175Improper Handling of Mixed Encoding
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base179Incorrect Behavior Order: Early Validation
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class185Incorrect Regular Expression
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base190Integer Overflow or Wraparound
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base191Integer Underflow (Wrap or Wraparound)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base193Off-by-one Error
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class203Information Exposure Through Discrepancy
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base209Information Exposure Through an Error Message
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base212Improper Cross-boundary Removal of Sensitive Data
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base222Truncation of Security-relevant Information
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base223Omission of Security-relevant Information
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class228Improper Handling of Syntactically Invalid Structure
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base248Uncaught Exception
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class250Execution with Unnecessary Privileges
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base252Unchecked Return Value
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base253Incorrect Check of Function Return Value
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant262Not Using Password Aging
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base263Password Aging with Long Expiration
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base266Incorrect Privilege Assignment
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base267Privilege Defined With Unsafe Actions
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base268Privilege Chaining
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base270Privilege Context Switching Error
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class271Privilege Dropping / Lowering Errors
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base273Improper Check for Dropped Privileges
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base283Unverified Ownership
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base290Authentication Bypass by Spoofing
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base294Authentication Bypass by Capture-replay
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base296Improper Following of a Certificate's Chain of Trust
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant299Improper Check for Certificate Revocation
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class300Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant301Reflection Attack in an Authentication Protocol
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base304Missing Critical Step in Authentication
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant306Missing Authentication for Critical Function
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base307Improper Restriction of Excessive Authentication Attempts
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base308Use of Single-factor Authentication
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base312Cleartext Storage of Sensitive Information
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base319Cleartext Transmission of Sensitive Information
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base322Key Exchange without Entity Authentication
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base323Reusing a Nonce, Key Pair in Encryption
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base325Missing Required Cryptographic Step
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base327Use of a Broken or Risky Cryptographic Algorithm
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base331Insufficient Entropy
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base334Small Space of Random Values
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class335PRNG Seed Error
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base341Predictable from Observable State
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base347Improper Verification of Cryptographic Signature
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base348Use of Less Trusted Source
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base349Acceptance of Extraneous Untrusted Data With Trusted Data
CWE Cross-section (primary)884
HasMemberCompound Element: CompositeCompound Element: Composite352Cross-Site Request Forgery (CSRF)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base353Missing Support for Integrity Check
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base354Improper Validation of Integrity Check Value
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base364Signal Handler Race Condition
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base367Time-of-check Time-of-use (TOCTOU) Race Condition
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base369Divide By Zero
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class390Detection of Error Condition Without Action
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base392Missing Report of Error Condition
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base393Return of Wrong Status Code
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base400Uncontrolled Resource Consumption ('Resource Exhaustion')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base406Insufficient Control of Network Message Volume (Network Amplification)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base407Algorithmic Complexity
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base408Incorrect Behavior Order: Early Amplification
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base409Improper Handling of Highly Compressed Data (Data Amplification)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base434Unrestricted Upload of File with Dangerous Type
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base451User Interface (UI) Misrepresentation of Critical Information
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base453Insecure Default Variable Initialization
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base454External Initialization of Trusted Variables or Data Stores
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base455Non-exit on Failed Initialization
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base456Missing Initialization of a Variable
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant467Use of sizeof() on a Pointer Type
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base468Incorrect Pointer Scaling
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base469Use of Pointer Subtraction to Determine Size
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base476NULL Pointer Dereference
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant478Missing Default Case in Switch Statement
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base480Use of Incorrect Operator
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant483Incorrect Block Delimitation
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base484Omitted Break Statement in Switch
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant486Comparison of Classes by Name
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base494Download of Code Without Integrity Check
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant495Private Array-Typed Field Returned From A Public Method
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant496Public Data Assigned to Private Array-Typed Field
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant498Cloneable Class Containing Sensitive Information
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant499Serializable Class Containing Sensitive Data
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant502Deserialization of Untrusted Data
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base521Weak Password Requirements
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base522Insufficiently Protected Credentials
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant545Use of Dynamic Class Loading
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant546Suspicious Comment
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant547Use of Hard-coded, Security-relevant Constants
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant561Dead Code
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant563Assignment to Variable without Use ('Unused Variable')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base567Unsynchronized Access to Shared Data in a Multithreaded Context
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base587Assignment of a Fixed Address to a Pointer
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base595Comparison of Object References Instead of Object Contents
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant601URL Redirection to Untrusted Site ('Open Redirect')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base602Client-Side Enforcement of Server-Side Security
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base605Multiple Binds to the Same Port
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant617Reachable Assertion
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base621Variable Extraction Error
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base627Dynamic Variable Evaluation
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base628Function Call with Incorrectly Specified Arguments
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class642External Control of Critical State Data
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base648Incorrect Use of Privileged APIs
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base667Improper Locking
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base672Operation on a Resource after Expiration or Release
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base674Uncontrolled Recursion
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base676Use of Potentially Dangerous Function
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base681Incorrect Conversion between Numeric Types
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base698Execution After Redirect (EAR)
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base708Incorrect Ownership Assignment
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class732Incorrect Permission Assignment for Critical Resource
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class756Missing Custom Error Page
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base763Release of Invalid Pointer or Reference
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base770Allocation of Resources Without Limits or Throttling
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base772Missing Release of Resource after Effective Lifetime
CWE Cross-section (primary)884
HasMemberWeakness VariantWeakness Variant783Operator Precedence Logic Error
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base786Access of Memory Location Before Start of Buffer
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base788Access of Memory Location After End of Buffer
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base798Use of Hard-coded Credentials
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base805Buffer Access with Incorrect Length Value
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base807Reliance on Untrusted Inputs in a Security Decision
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base822Untrusted Pointer Dereference
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base825Expired Pointer Dereference
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class829Inclusion of Functionality from Untrusted Control Sphere
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base835Loop with Unreachable Exit Condition ('Infinite Loop')
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base838Inappropriate Encoding for Output Context
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base839Numeric Range Comparison Without Minimum Check
CWE Cross-section (primary)884
HasMemberWeakness BaseWeakness Base841Improper Enforcement of Behavioral Workflow
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class862Missing Authorization
CWE Cross-section (primary)884
HasMemberWeakness ClassWeakness Class863Incorrect Authorization
CWE Cross-section (primary)884
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2011-12-15 MITRE Internal CWE Team
Page Last Updated: June 23, 2014