CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: SFP Secondary Cluster: Tainted Input to Variable

Category ID: 994
Status: Incomplete
+ Description

Description Summary

This category identifies Software Fault Patterns (SFPs) within the Tainted Input to Variable cluster.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory896SFP Primary Cluster: Tainted Input
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base15External Control of System or Configuration Setting
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class20Improper Input Validation
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base454External Initialization of Trusted Variables or Data Stores
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant496Public Data Assigned to Private Array-Typed Field
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant502Deserialization of Untrusted Data
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant566Authorization Bypass Through User-Controlled SQL Primary Key
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base606Unchecked Input for Loop Condition
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant616Incomplete Identification of Uploaded File Variables (PHP)
Software Fault Pattern (SFP) Clusters (primary)888
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29Internal CWE Team

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017