CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE VIEW: Weaknesses without Software Fault Patterns

View ID: 999
Structure: Implicit Slice
Status: Incomplete
Presentation Filter:
+ View Data

View Objective

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in coverage by the current software fault pattern model.

View Filter: .[contains(name(), 'Weakness')][not(.//Taxonomy_Mapping/@Mapped_Taxonomy_Name='Software Fault Patterns')]

+ View Audience
StakeholderDescription
Applied_Researchers
Academic_Researchers
Software_Vendors
+ Relationships
Weakness BaseWeakness Base Absolute Path Traversal - (36)
Weakness BaseWeakness Base Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
Weakness BaseWeakness Base Access of Memory Location After End of Buffer - (788)
Weakness BaseWeakness Base Access of Memory Location Before Start of Buffer - (786)
Weakness BaseWeakness Base Access of Resource Using Incompatible Type ('Type Confusion') - (843)
Weakness BaseWeakness Base Access of Uninitialized Pointer - (824)
Weakness VariantWeakness Variant Access to Critical Private Variable via Public Method - (767)
Weakness BaseWeakness Base Addition of Data Structure Sentinel - (464)
Weakness BaseWeakness Base Algorithmic Complexity - (407)
Weakness VariantWeakness Variant Allocation of File Descriptors or Handles Without Limits or Throttling - (774)
Weakness BaseWeakness Base Allocation of Resources Without Limits or Throttling - (770)
Weakness ClassWeakness Class Always-Incorrect Control Flow Implementation - (670)
Weakness VariantWeakness Variant Apple '.DS_Store' - (71)
Weakness BaseWeakness Base Argument Injection or Modification - (88)
Weakness VariantWeakness Variant Array Declared Public, Final, and Static - (582)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Creating Debug Binary - (11)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Missing Custom Error Page - (12)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Not Using Input Validation Framework - (554)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Password in Configuration File - (13)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Use of Identity Impersonation - (556)
Weakness VariantWeakness Variant Assigning instead of Comparing - (481)
Weakness BaseWeakness Base Assignment of a Fixed Address to a Pointer - (587)
Weakness VariantWeakness Variant Assignment to Variable without Use ('Unused Variable') - (563)
Weakness ClassWeakness Class Asymmetric Resource Consumption (Amplification) - (405)
Weakness VariantWeakness Variant Attempt to Access Child of a Non-structure Pointer - (588)
Weakness VariantWeakness Variant Authentication Bypass by Alternate Name - (289)
Weakness VariantWeakness Variant Authentication Bypass by Assumed-Immutable Data - (302)
Weakness BaseWeakness Base Authentication Bypass by Capture-replay - (294)
Weakness BaseWeakness Base Authentication Bypass by Primary Weakness - (305)
Weakness BaseWeakness Base Authentication Bypass by Spoofing - (290)
Weakness ClassWeakness Class Authentication Bypass Issues - (592)
Weakness BaseWeakness Base Authentication Bypass Using an Alternate Path or Channel - (288)
Weakness VariantWeakness Variant Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created - (593)
Weakness BaseWeakness Base Authorization Bypass Through User-Controlled Key - (639)
Weakness VariantWeakness Variant Authorization Bypass Through User-Controlled SQL Primary Key - (566)
Weakness BaseWeakness Base Behavioral Change in New Version or Environment - (439)
Weakness VariantWeakness Variant Buffer Access Using Size of Source Buffer - (806)
Weakness BaseWeakness Base Buffer Access with Incorrect Length Value - (805)
Weakness BaseWeakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)
Weakness VariantWeakness Variant Buffer Over-read - (126)
Weakness VariantWeakness Variant Buffer Under-read - (127)
Weakness BaseWeakness Base Buffer Underwrite ('Buffer Underflow') - (124)
Weakness VariantWeakness Variant Call to Non-ubiquitous API - (589)
Weakness VariantWeakness Variant Call to Thread run() instead of start() - (572)
Weakness ClassWeakness Class Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - (300)
Weakness VariantWeakness Variant Cleartext Storage in a File or on Disk - (313)
Weakness VariantWeakness Variant Cleartext Storage in the Registry - (314)
Weakness BaseWeakness Base Cleartext Storage of Sensitive Information - (312)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in a Cookie - (315)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in Executable - (318)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in GUI - (317)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in Memory - (316)
Weakness BaseWeakness Base Cleartext Transmission of Sensitive Information - (319)
Weakness BaseWeakness Base Client-Side Enforcement of Server-Side Security - (602)
Weakness VariantWeakness Variant clone() Method Without super.clone() - (580)
Weakness VariantWeakness Variant Cloneable Class Containing Sensitive Information - (498)
Weakness ClassWeakness Class Coding Standards Violation - (710)
Weakness BaseWeakness Base Collapse of Data into Unsafe Value - (182)
Weakness VariantWeakness Variant Command Shell in Externally Accessible Directory - (553)
Weakness VariantWeakness Variant Comparing instead of Assigning - (482)
Weakness VariantWeakness Variant Comparison of Classes by Name - (486)
Weakness BaseWeakness Base Comparison of Object References Instead of Object Contents - (595)
Weakness BaseWeakness Base Compiler Optimization Removal or Modification of Security-critical Code - (733)
Weakness BaseWeakness Base Compiler Removal of Code to Clear Buffers - (14)
Weakness ClassWeakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
Weakness ClassWeakness Class Containment Errors (Container Errors) - (216)
Weakness BaseWeakness Base Context Switching Race Condition - (368)
Weakness ClassWeakness Class Covert Channel - (514)
Weakness BaseWeakness Base Covert Storage Channel - (515)
Weakness BaseWeakness Base Covert Timing Channel - (385)
Weakness VariantWeakness Variant Creation of chroot Jail Without Changing Working Directory - (243)
Weakness BaseWeakness Base Creation of Temporary File in Directory with Incorrect Permissions - (379)
Weakness BaseWeakness Base Creation of Temporary File With Insecure Permissions - (378)
Weakness VariantWeakness Variant Critical Public Variable Without Final Modifier - (493)
Weakness VariantWeakness Variant Critical Variable Declared Public - (766)
Weakness BaseWeakness Base Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
Weakness BaseWeakness Base Dangling Database Cursor ('Cursor Injection') - (619)
Weakness VariantWeakness Variant Dead Code - (561)
Weakness BaseWeakness Base Deadlock - (833)
Weakness BaseWeakness Base Declaration of Catch for Generic Exception - (396)
Weakness BaseWeakness Base Declaration of Throws for Generic Exception - (397)
Weakness BaseWeakness Base Deletion of Data Structure Sentinel - (463)
Weakness BaseWeakness Base Deployment of Wrong Handler - (430)
DeprecatedDeprecated DEPRECATED (Duplicate): Covert Timing Channel - (516)
DeprecatedDeprecated DEPRECATED (Duplicate): Failure to provide confidentiality for stored data - (218)
DeprecatedDeprecated DEPRECATED (Duplicate): General Information Management Problems - (225)
DeprecatedDeprecated DEPRECATED (Duplicate): HTTP response splitting - (443)
DeprecatedDeprecated DEPRECATED (Duplicate): Miscalculated Null Termination - (132)
DeprecatedDeprecated DEPRECATED (Duplicate): Proxied Trusted Channel - (423)
DeprecatedDeprecated DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision - (247)
DeprecatedDeprecated DEPRECATED (Duplicate): Trusting Self-reported DNS Name - (292)
DeprecatedDeprecated DEPRECATED: Failure to Protect Stored Data from Modification - (217)
DeprecatedDeprecated DEPRECATED: Improper Sanitization of Custom Special Characters - (92)
DeprecatedDeprecated DEPRECATED: Incorrect Initialization - (458)
DeprecatedDeprecated DEPRECATED: Often Misused: Path Manipulation - (249)
DeprecatedDeprecated DEPRECATED: State Synchronization Error - (373)
Weakness VariantWeakness Variant Deserialization of Untrusted Data - (502)
Weakness ClassWeakness Class Detection of Error Condition Without Action - (390)
Weakness BaseWeakness Base Direct Request ('Forced Browsing') - (425)
Weakness BaseWeakness Base Direct Use of Unsafe JNI - (111)
Weakness BaseWeakness Base Divide By Zero - (369)
Weakness VariantWeakness Variant Double Decoding of the Same Data - (174)
Weakness VariantWeakness Variant Double Free - (415)
Weakness BaseWeakness Base Double-Checked Locking - (609)
Weakness VariantWeakness Variant Doubled Character XSS Manipulations - (85)
Weakness BaseWeakness Base Download of Code Without Integrity Check - (494)
Weakness BaseWeakness Base Duplicate Key in Associative List (Alist) - (462)
Weakness ClassWeakness Class Duplicate Operations on Resource - (675)
Weakness BaseWeakness Base Dynamic Variable Evaluation - (627)
Weakness VariantWeakness Variant EJB Bad Practices: Use of AWT Swing - (575)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Class Loader - (578)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Java I/O - (576)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Sockets - (577)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Synchronization Primitives - (574)
Weakness ClassWeakness Class Embedded Malicious Code - (506)
Weakness VariantWeakness Variant Empty Password in Configuration File - (258)
Weakness VariantWeakness Variant Empty Synchronized Block - (585)
Weakness ClassWeakness Class Encoding Error - (172)
Weakness BaseWeakness Base Excessive Iteration - (834)
Weakness BaseWeakness Base Executable Regular Expression Error - (624)
Weakness BaseWeakness Base Execution After Redirect (EAR) - (698)
Weakness ClassWeakness Class Execution with Unnecessary Privileges - (250)
Weakness BaseWeakness Base Expected Behavior Violation - (440)
Weakness BaseWeakness Base Expired Pointer Dereference - (825)
Weakness VariantWeakness Variant Explicit Call to Finalize() - (586)
Weakness BaseWeakness Base Exposed Dangerous Method or Function - (749)
Weakness VariantWeakness Variant Exposed IOCTL with Insufficient Access Control - (782)
Weakness BaseWeakness Base Exposed Unsafe ActiveX Method - (618)
Weakness VariantWeakness Variant Exposure of Access Control List Files to an Unauthorized Control Sphere - (529)
Weakness VariantWeakness Variant Exposure of Backup File to an Unauthorized Control Sphere - (530)
Weakness VariantWeakness Variant Exposure of Core Dump File to an Unauthorized Control Sphere - (528)
Weakness VariantWeakness Variant Exposure of CVS Repository to an Unauthorized Control Sphere - (527)
Weakness VariantWeakness Variant Exposure of Data Element to Wrong Session - (488)
Weakness BaseWeakness Base Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') - (403)
Weakness ClassWeakness Class Exposure of Private Information ('Privacy Violation') - (359)
Weakness ClassWeakness Class Exposure of Resource to Wrong Sphere - (668)
Weakness VariantWeakness Variant Exposure of Sensitive Data Through Data Queries - (202)
Weakness VariantWeakness Variant Exposure of System Data to an Unauthorized Control Sphere - (497)
Weakness VariantWeakness Variant Expression is Always False - (570)
Weakness VariantWeakness Variant Expression is Always True - (571)
Weakness BaseWeakness Base External Control of Assumed-Immutable Web Parameter - (472)
Weakness ClassWeakness Class External Control of Critical State Data - (642)
Weakness ClassWeakness Class External Control of File Name or Path - (73)
Weakness BaseWeakness Base External Control of System or Configuration Setting - (15)
Weakness ClassWeakness Class External Influence of Sphere Definition - (673)
Weakness BaseWeakness Base External Initialization of Trusted Variables or Data Stores - (454)
Weakness ClassWeakness Class Externally Controlled Reference to a Resource in Another Sphere - (610)
Weakness VariantWeakness Variant Failure to Handle Incomplete Element - (239)
Weakness VariantWeakness Variant Failure to Handle Missing Parameter - (234)
Weakness VariantWeakness Variant Failure to Sanitize Paired Delimiters - (157)
Weakness ClassWeakness Class Failure to Sanitize Special Element - (159)
Weakness ClassWeakness Class Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - (75)
Weakness BaseWeakness Base File and Directory Information Exposure - (538)
Weakness BaseWeakness Base Files or Directories Accessible to External Parties - (552)
Weakness VariantWeakness Variant finalize() Method Declared Public - (583)
Weakness VariantWeakness Variant finalize() Method Without super.finalize() - (568)
Weakness VariantWeakness Variant Free of Memory not on the Heap - (590)
Weakness VariantWeakness Variant Free of Pointer not at Start of Buffer - (761)
Weakness VariantWeakness Variant Function Call With Incorrect Argument Type - (686)
Weakness VariantWeakness Variant Function Call With Incorrect Number of Arguments - (685)
Weakness VariantWeakness Variant Function Call With Incorrect Order of Arguments - (683)
Weakness VariantWeakness Variant Function Call With Incorrect Variable or Reference as Argument - (688)
Weakness VariantWeakness Variant Function Call With Incorrectly Specified Argument Value - (687)
Weakness BaseWeakness Base Function Call with Incorrectly Specified Arguments - (628)
Weakness BaseWeakness Base Guessable CAPTCHA - (804)
Weakness VariantWeakness Variant Heap-based Buffer Overflow - (122)
Weakness ClassWeakness Class Hidden Functionality - (912)
Weakness ClassWeakness Class Improper Access Control - (284)
Weakness ClassWeakness Class Improper Access of Indexable Resource ('Range Error') - (118)
Weakness VariantWeakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)
Weakness ClassWeakness Class Improper Authentication - (287)
Weakness ClassWeakness Class Improper Authorization - (285)
Weakness BaseWeakness Base Improper Authorization in Handler for Custom URL Scheme - (939)
Weakness BaseWeakness Base Improper Certificate Validation - (295)
Weakness VariantWeakness Variant Improper Check for Certificate Revocation - (299)
Weakness BaseWeakness Base Improper Check for Dropped Privileges - (273)
Weakness ClassWeakness Class Improper Check for Unusual or Exceptional Conditions - (754)
Weakness ClassWeakness Class Improper Check or Handling of Exceptional Conditions - (703)
Weakness VariantWeakness Variant Improper Cleanup on Thrown Exception - (460)
Weakness VariantWeakness Variant Improper Clearing of Heap Memory Before Release ('Heap Inspection') - (244)
Weakness ClassWeakness Class Improper Control of a Resource Through its Lifetime - (664)
Weakness BaseWeakness Base Improper Control of Document Type Definition - (827)
Weakness BaseWeakness Base Improper Control of Dynamically-Identified Variables - (914)
Weakness ClassWeakness Class Improper Control of Dynamically-Managed Code Resources - (913)
Weakness BaseWeakness Base Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - (98)
Weakness ClassWeakness Class Improper Control of Generation of Code ('Code Injection') - (94)
Weakness ClassWeakness Class Improper Control of Interaction Frequency - (799)
Weakness BaseWeakness Base Improper Control of Resource Identifiers ('Resource Injection') - (99)
Weakness BaseWeakness Base Improper Cross-boundary Removal of Sensitive Data - (212)
Weakness ClassWeakness Class Improper Encoding or Escaping of Output - (116)
Weakness BaseWeakness Base Improper Enforcement of a Single, Unique Action - (837)
Weakness BaseWeakness Base Improper Enforcement of Behavioral Workflow - (841)
Weakness ClassWeakness Class Improper Enforcement of Message Integrity During Transmission in a Communication Channel - (924)
Weakness ClassWeakness Class Improper Enforcement of Message or Data Structure - (707)
Weakness VariantWeakness Variant Improper Export of Android Application Components - (926)
Weakness ClassWeakness Class Improper Filtering of Special Elements - (790)
Weakness BaseWeakness Base Improper Following of a Certificate's Chain of Trust - (296)
Weakness ClassWeakness Class Improper Following of Specification by Caller - (573)
Weakness ClassWeakness Class Improper Fulfillment of API Contract ('API Abuse') - (227)
Weakness BaseWeakness Base Improper Handling of Additional Special Element - (167)
Weakness VariantWeakness Variant Improper Handling of Alternate Encoding - (173)
Weakness VariantWeakness Variant Improper Handling of Apple HFS+ Alternate Data Stream Path - (72)
Weakness BaseWeakness Base Improper Handling of Case Sensitivity - (178)
Weakness ClassWeakness Class Improper Handling of Exceptional Conditions - (755)
Weakness VariantWeakness Variant Improper Handling of Extra Parameters - (235)
Weakness VariantWeakness Variant Improper Handling of Extra Values - (231)
Weakness BaseWeakness Base Improper Handling of File Names that Identify Virtual Resources - (66)
Weakness BaseWeakness Base Improper Handling of Highly Compressed Data (Data Amplification) - (409)
Weakness VariantWeakness Variant Improper Handling of Incomplete Structural Elements - (238)
Weakness BaseWeakness Base Improper Handling of Inconsistent Special Elements - (168)
Weakness VariantWeakness Variant Improper Handling of Inconsistent Structural Elements - (240)
Weakness VariantWeakness Variant Improper Handling of Insufficient Entropy in TRNG - (333)
Weakness BaseWeakness Base Improper Handling of Insufficient Permissions or Privileges - (280)
Weakness BaseWeakness Base Improper Handling of Insufficient Privileges - (274)
Weakness BaseWeakness Base Improper Handling of Length Parameter Inconsistency - (130)
Weakness BaseWeakness Base Improper Handling of Missing Special Element - (166)
Weakness VariantWeakness Variant Improper Handling of Missing Values - (230)
Weakness VariantWeakness Variant Improper Handling of Mixed Encoding - (175)
Weakness BaseWeakness Base Improper Handling of Parameters - (233)
Weakness BaseWeakness Base Improper Handling of Structural Elements - (237)
Weakness ClassWeakness Class Improper Handling of Syntactically Invalid Structure - (228)
Weakness VariantWeakness Variant Improper Handling of Undefined Parameters - (236)
Weakness VariantWeakness Variant Improper Handling of Undefined Values - (232)
Weakness BaseWeakness Base Improper Handling of Unexpected Data Type - (241)
Weakness VariantWeakness Variant Improper Handling of Unicode Encoding - (176)
Weakness VariantWeakness Variant Improper Handling of URL Encoding (Hex Encoding) - (177)
Weakness BaseWeakness Base Improper Handling of Values - (229)
Weakness VariantWeakness Variant Improper Handling of Windows ::DATA Alternate Data Stream - (69)
Weakness VariantWeakness Variant Improper Handling of Windows Device Names - (67)
Weakness ClassWeakness Class Improper Initialization - (665)
Weakness ClassWeakness Class Improper Input Validation - (20)
Weakness ClassWeakness Class Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)
Weakness BaseWeakness Base Improper Link Resolution Before File Access ('Link Following') - (59)
Weakness BaseWeakness Base Improper Locking - (667)
Weakness VariantWeakness Variant Improper Neutralization of Alternate XSS Syntax - (87)
Weakness VariantWeakness Variant Improper Neutralization of Comment Delimiters - (151)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)
Weakness BaseWeakness Base Improper Neutralization of Data within XPath Expressions ('XPath Injection') - (643)
Weakness BaseWeakness Base Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') - (652)
Weakness BaseWeakness Base Improper Neutralization of Delimiters - (140)
Weakness BaseWeakness Base Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)
Weakness BaseWeakness Base Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - (96)
Weakness VariantWeakness Variant Improper Neutralization of Encoded URI Schemes in a Web Page - (84)
Weakness BaseWeakness Base Improper Neutralization of Equivalent Special Elements - (76)
Weakness VariantWeakness Variant Improper Neutralization of Escape, Meta, or Control Sequences - (150)
Weakness VariantWeakness Variant Improper Neutralization of Expression/Command Delimiters - (146)
Weakness VariantWeakness Variant Improper Neutralization of HTTP Headers for Scripting Syntax - (644)
Weakness BaseWeakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Weakness VariantWeakness Variant Improper Neutralization of Input Leaders - (148)
Weakness VariantWeakness Variant Improper Neutralization of Input Terminators - (147)
Weakness VariantWeakness Variant Improper Neutralization of Internal Special Elements - (164)
Weakness VariantWeakness Variant Improper Neutralization of Invalid Characters in Identifiers in Web Pages - (86)
Weakness VariantWeakness Variant Improper Neutralization of Leading Special Elements - (160)
Weakness VariantWeakness Variant Improper Neutralization of Line Delimiters - (144)
Weakness VariantWeakness Variant Improper Neutralization of Macro Symbols - (152)
Weakness VariantWeakness Variant Improper Neutralization of Multiple Internal Special Elements - (165)
Weakness VariantWeakness Variant Improper Neutralization of Multiple Leading Special Elements - (161)
Weakness VariantWeakness Variant Improper Neutralization of Multiple Trailing Special Elements - (163)
Weakness VariantWeakness Variant Improper Neutralization of Null Byte or NUL Character - (158)
Weakness VariantWeakness Variant Improper Neutralization of Parameter/Argument Delimiters - (141)
Weakness VariantWeakness Variant Improper Neutralization of Quoting Syntax - (149)
Weakness VariantWeakness Variant Improper Neutralization of Record Delimiters - (143)
Weakness VariantWeakness Variant Improper Neutralization of Script in an Error Message Web Page - (81)
Weakness VariantWeakness Variant Improper Neutralization of Script in Attributes in a Web Page - (83)
Weakness VariantWeakness Variant Improper Neutralization of Script in Attributes of IMG Tags in a Web Page - (82)
Weakness VariantWeakness Variant Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) - (80)
Weakness VariantWeakness Variant Improper Neutralization of Section Delimiters - (145)
Weakness VariantWeakness Variant Improper Neutralization of Server-Side Includes (SSI) Within a Web Page - (97)
Weakness ClassWeakness Class Improper Neutralization of Special Elements - (138)
Weakness ClassWeakness Class Improper Neutralization of Special Elements in Data Query Logic - (943)
Weakness ClassWeakness Class Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - (74)
Weakness ClassWeakness Class Improper Neutralization of Special Elements used in a Command ('Command Injection') - (77)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Weakness VariantWeakness Variant Improper Neutralization of Substitution Characters - (153)
Weakness VariantWeakness Variant Improper Neutralization of Trailing Special Elements - (162)
Weakness VariantWeakness Variant Improper Neutralization of Value Delimiters - (142)
Weakness VariantWeakness Variant Improper Neutralization of Variable Name Delimiters - (154)
Weakness VariantWeakness Variant Improper Neutralization of Whitespace - (156)
Weakness VariantWeakness Variant Improper Neutralization of Wildcards or Matching Symbols - (155)
Weakness BaseWeakness Base Improper Null Termination - (170)
Weakness BaseWeakness Base Improper Output Neutralization for Logs - (117)
Weakness ClassWeakness Class Improper Ownership Management - (282)
Weakness BaseWeakness Base Improper Preservation of Permissions - (281)
Weakness BaseWeakness Base Improper Privilege Management - (269)
Weakness ClassWeakness Class Improper Protection of Alternate Path - (424)
Weakness BaseWeakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)
Weakness BaseWeakness Base Improper Resolution of Path Equivalence - (41)
Weakness BaseWeakness Base Improper Resource Locking - (413)
Weakness BaseWeakness Base Improper Resource Shutdown or Release - (404)
Weakness ClassWeakness Class Improper Restriction of Communication Channel to Intended Endpoints - (923)
Weakness BaseWeakness Base Improper Restriction of Excessive Authentication Attempts - (307)
Weakness BaseWeakness Base Improper Restriction of Names for Files and Other Resources - (641)
Weakness ClassWeakness Class Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)
Weakness BaseWeakness Base Improper Restriction of Power Consumption - (920)
Weakness VariantWeakness Variant Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') - (776)
Weakness VariantWeakness Variant Improper Restriction of XML External Entity Reference ('XXE') - (611)
Weakness BaseWeakness Base Improper Synchronization - (662)
Weakness BaseWeakness Base Improper Update of Reference Count - (911)
Weakness BaseWeakness Base Improper Validation of Array Index - (129)
Weakness VariantWeakness Variant Improper Validation of Certificate Expiration - (298)
Weakness VariantWeakness Variant Improper Validation of Certificate with Host Mismatch - (297)
Weakness VariantWeakness Variant Improper Validation of Function Hook Arguments - (622)
Weakness BaseWeakness Base Improper Validation of Integrity Check Value - (354)
Weakness BaseWeakness Base Improper Verification of Cryptographic Signature - (347)
Weakness VariantWeakness Variant Improper Verification of Intent by Broadcast Receiver - (925)
Weakness BaseWeakness Base Improper Verification of Source of a Communication Channel - (940)
Weakness BaseWeakness Base Improperly Controlled Modification of Dynamically-Determined Object Attributes - (915)
Weakness BaseWeakness Base Improperly Implemented Security Check for Standard - (358)
Weakness ClassWeakness Class Inadequate Encryption Strength - (326)
Weakness BaseWeakness Base Inappropriate Encoding for Output Context - (838)
Weakness ClassWeakness Class Inclusion of Functionality from Untrusted Control Sphere - (829)
Weakness BaseWeakness Base Inclusion of Web Functionality from an Untrusted Source - (830)
Weakness BaseWeakness Base Incomplete Blacklist - (184)
Weakness BaseWeakness Base Incomplete Cleanup - (459)
Weakness VariantWeakness Variant Incomplete Filtering of Multiple Instances of Special Elements - (794)
Weakness VariantWeakness Variant Incomplete Filtering of One or More Instances of Special Elements - (792)
Weakness BaseWeakness Base Incomplete Filtering of Special Elements - (791)
Weakness VariantWeakness Variant Incomplete Identification of Uploaded File Variables (PHP) - (616)
Weakness BaseWeakness Base Incomplete Internal State Distinction - (372)
Weakness BaseWeakness Base Incomplete Model of Endpoint Features - (437)
Weakness BaseWeakness Base Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)
Weakness ClassWeakness Class Incorrect Authorization - (863)
Weakness ClassWeakness Class Incorrect Behavior Order - (696)
Weakness BaseWeakness Base Incorrect Behavior Order: Authorization Before Parsing and Canonicalization - (551)
Weakness BaseWeakness Base Incorrect Behavior Order: Early Amplification - (408)
Weakness BaseWeakness Base Incorrect Behavior Order: Early Validation - (179)
Weakness BaseWeakness Base Incorrect Behavior Order: Validate Before Canonicalize - (180)
Weakness BaseWeakness Base Incorrect Behavior Order: Validate Before Filter - (181)
Weakness VariantWeakness Variant Incorrect Block Delimitation - (483)
Weakness ClassWeakness Class Incorrect Calculation - (682)
Weakness BaseWeakness Base Incorrect Calculation of Buffer Size - (131)
Weakness BaseWeakness Base Incorrect Calculation of Multi-Byte String Length - (135)
Weakness BaseWeakness Base Incorrect Check of Function Return Value - (253)
Weakness ClassWeakness Class Incorrect Control Flow Scoping - (705)
Weakness BaseWeakness Base Incorrect Conversion between Numeric Types - (681)
Weakness VariantWeakness Variant Incorrect Default Permissions - (276)
Weakness VariantWeakness Variant Incorrect Execution-Assigned Permissions - (279)
Weakness BaseWeakness Base Incorrect Implementation of Authentication Algorithm - (303)
Weakness BaseWeakness Base Incorrect Ownership Assignment - (708)
Weakness ClassWeakness Class Incorrect Permission Assignment for Critical Resource - (732)
Weakness BaseWeakness Base Incorrect Pointer Scaling - (468)
Weakness BaseWeakness Base Incorrect Privilege Assignment - (266)
Weakness BaseWeakness Base Incorrect Provision of Specified Functionality - (684)
Weakness ClassWeakness Class Incorrect Regular Expression - (185)
Weakness ClassWeakness Class Incorrect Resource Transfer Between Spheres - (669)
Weakness BaseWeakness Base Incorrect Semantic Object Comparison - (596)
Weakness VariantWeakness Variant Incorrect Short Circuit Evaluation - (768)
Weakness BaseWeakness Base Incorrect Synchronization - (821)
Weakness ClassWeakness Class Incorrect Type Conversion or Cast - (704)
Weakness BaseWeakness Base Incorrect Use of Privileged APIs - (648)
Weakness ClassWeakness Class Incorrect User Management - (286)
Weakness BaseWeakness Base Incorrectly Specified Destination in a Communication Channel - (941)
Weakness ClassWeakness Class Indicator of Poor Code Quality - (398)
Weakness ClassWeakness Class Information Exposure - (200)
Weakness VariantWeakness Variant Information Exposure of Internal State Through Behavioral Inconsistency - (206)
Weakness BaseWeakness Base Information Exposure Through an Error Message - (209)
Weakness VariantWeakness Variant Information Exposure Through an External Behavioral Inconsistency - (207)
Weakness BaseWeakness Base Information Exposure Through Behavioral Discrepancy - (205)
Weakness VariantWeakness Variant Information Exposure Through Browser Caching - (525)
Weakness VariantWeakness Variant Information Exposure Through Caching - (524)
Weakness VariantWeakness Variant Information Exposure Through Cleanup Log Files - (542)
Weakness VariantWeakness Variant Information Exposure Through Comments - (615)
Weakness VariantWeakness Variant Information Exposure Through Debug Information - (215)
Weakness VariantWeakness Variant Information Exposure Through Debug Log Files - (534)
Weakness VariantWeakness Variant Information Exposure Through Directory Listing - (548)
Weakness ClassWeakness Class Information Exposure Through Discrepancy - (203)
Weakness VariantWeakness Variant Information Exposure Through Environmental Variables - (526)
Weakness BaseWeakness Base Information Exposure Through Externally-generated Error Message - (211)
Weakness VariantWeakness Variant Information Exposure Through Include Source Code - (541)
Weakness VariantWeakness Variant Information Exposure Through Indexing of Private Data - (612)
Weakness VariantWeakness Variant Information Exposure Through Java Runtime Error Message - (537)
Weakness VariantWeakness Variant Information Exposure Through Log Files - (532)
Weakness VariantWeakness Variant Information Exposure Through Persistent Cookies - (539)
Weakness VariantWeakness Variant Information Exposure Through Process Environment - (214)
Weakness VariantWeakness Variant Information Exposure Through Query Strings in GET Request - (598)
Weakness BaseWeakness Base Information Exposure Through Self-generated Error Message - (210)
Weakness VariantWeakness Variant Information Exposure Through Sent Data - (201)
Weakness VariantWeakness Variant Information Exposure Through Server Error Message - (550)
Weakness VariantWeakness Variant Information Exposure Through Server Log Files - (533)
Weakness VariantWeakness Variant Information Exposure Through Servlet Runtime Error Message - (536)
Weakness VariantWeakness Variant Information Exposure Through Shell Error Message - (535)
Weakness VariantWeakness Variant Information Exposure Through Source Code - (540)
Weakness VariantWeakness Variant Information Exposure Through Test Code - (531)
Weakness BaseWeakness Base Information Exposure Through Timing Discrepancy - (208)
Weakness VariantWeakness Variant Information Exposure Through WSDL File - (651)
Weakness ClassWeakness Class Information Loss or Omission - (221)
Weakness BaseWeakness Base Insecure Default Variable Initialization - (453)
Weakness VariantWeakness Variant Insecure Inherited Permissions - (277)
Weakness VariantWeakness Variant Insecure Preserved Inherited Permissions - (278)
Weakness ClassWeakness Class Insecure Storage of Sensitive Information - (922)
Weakness BaseWeakness Base Insecure Temporary File - (377)
Weakness ClassWeakness Class Insufficient Comparison - (697)
Weakness BaseWeakness Base Insufficient Compartmentalization - (653)
Weakness ClassWeakness Class Insufficient Control Flow Management - (691)
Weakness BaseWeakness Base Insufficient Control of Network Message Volume (Network Amplification) - (406)
Weakness ClassWeakness Class Insufficient Encapsulation - (485)
Weakness BaseWeakness Base Insufficient Entropy - (331)
Weakness VariantWeakness Variant Insufficient Entropy in PRNG - (332)
Weakness BaseWeakness Base Insufficient Logging - (778)
Weakness BaseWeakness Base Insufficient Psychological Acceptability - (655)
Weakness BaseWeakness Base Insufficient Resource Pool - (410)
Weakness BaseWeakness Base Insufficient Session Expiration - (613)
Weakness BaseWeakness Base Insufficient Type Distinction - (351)
Weakness BaseWeakness Base Insufficient UI Warning of Dangerous Operations - (357)
Weakness ClassWeakness Class Insufficient Verification of Data Authenticity - (345)
Weakness BaseWeakness Base Insufficiently Protected Credentials - (522)
Weakness BaseWeakness Base Integer Overflow or Wraparound - (190)
Weakness BaseWeakness Base Integer Underflow (Wrap or Wraparound) - (191)
Weakness BaseWeakness Base Intentional Information Exposure - (213)
Weakness ClassWeakness Class Interaction Error - (435)
Weakness BaseWeakness Base Interpretation Conflict - (436)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Management of Connections - (245)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Sockets - (246)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Threads - (383)
Weakness VariantWeakness Variant J2EE Bad Practices: Non-serializable Object Stored in Session - (579)
Weakness VariantWeakness Variant J2EE Bad Practices: Use of System.exit() - (382)
Weakness VariantWeakness Variant J2EE Framework: Saving Unserializable Objects to Disk - (594)
Weakness VariantWeakness Variant J2EE Misconfiguration: Data Transmission Without Encryption - (5)
Weakness VariantWeakness Variant J2EE Misconfiguration: Entity Bean Declared Remote - (8)
Weakness VariantWeakness Variant J2EE Misconfiguration: Insufficient Session-ID Length - (6)
Weakness VariantWeakness Variant J2EE Misconfiguration: Missing Custom Error Page - (7)
Weakness VariantWeakness Variant J2EE Misconfiguration: Plaintext Password in Configuration File - (555)
Weakness VariantWeakness Variant J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)
Weakness BaseWeakness Base Key Exchange without Entity Authentication - (322)
Weakness ClassWeakness Class Lack of Administrator Control over Security - (671)
Weakness BaseWeakness Base Least Privilege Violation - (272)
Weakness BaseWeakness Base Leftover Debug Code - (489)
Weakness BaseWeakness Base Logging of Excessive Data - (779)
Weakness BaseWeakness Base Logic/Time Bomb - (511)
Weakness BaseWeakness Base Loop with Unreachable Exit Condition ('Infinite Loop') - (835)
Weakness BaseWeakness Base Misinterpretation of Input - (115)
Weakness VariantWeakness Variant Mismatched Memory Management Routines - (762)
Weakness VariantWeakness Variant Missing Authentication for Critical Function - (306)
Weakness ClassWeakness Class Missing Authorization - (862)
Weakness BaseWeakness Base Missing Check for Certificate Revocation after Initial Check - (370)
Weakness BaseWeakness Base Missing Critical Step in Authentication - (304)
Weakness ClassWeakness Class Missing Custom Error Page - (756)
Weakness VariantWeakness Variant Missing Default Case in Switch Statement - (478)
Weakness BaseWeakness Base Missing Encryption of Sensitive Data - (311)
Weakness BaseWeakness Base Missing Handler - (431)
Weakness BaseWeakness Base Missing Initialization of a Variable - (456)
Weakness BaseWeakness Base Missing Initialization of Resource - (909)
Weakness BaseWeakness Base Missing Lock Check - (414)
Weakness VariantWeakness Variant Missing Password Field Masking - (549)
Weakness BaseWeakness Base Missing Reference to Active Allocated Resource - (771)
Weakness VariantWeakness Variant Missing Reference to Active File Descriptor or Handle - (773)
Weakness VariantWeakness Variant Missing Release of File Descriptor or Handle after Effective Lifetime - (775)
Weakness BaseWeakness Base Missing Release of Resource after Effective Lifetime - (772)
Weakness BaseWeakness Base Missing Report of Error Condition - (392)
Weakness BaseWeakness Base Missing Required Cryptographic Step - (325)
Weakness BaseWeakness Base Missing Standardized Error Handling Mechanism - (544)
Weakness BaseWeakness Base Missing Support for Integrity Check - (353)
Weakness BaseWeakness Base Missing Synchronization - (820)
Weakness VariantWeakness Variant Missing Validation of OpenSSL Certificate - (599)
Weakness BaseWeakness Base Missing XML Validation - (112)
Weakness BaseWeakness Base Modification of Assumed-Immutable Data (MAID) - (471)
Weakness BaseWeakness Base Multiple Binds to the Same Port - (605)
Weakness BaseWeakness Base Multiple Interpretations of UI Input - (450)
Weakness VariantWeakness Variant Multiple Locks of a Critical Resource - (764)
Weakness VariantWeakness Variant Multiple Unlocks of a Critical Resource - (765)
Weakness VariantWeakness Variant .NET Misconfiguration: Use of Impersonation - (520)
Weakness BaseWeakness Base Non-exit on Failed Initialization - (455)
Weakness BaseWeakness Base Non-Replicating Malicious Code - (508)
Weakness ClassWeakness Class Not Failing Securely ('Failing Open') - (636)
Weakness VariantWeakness Variant Not Using a Random IV with CBC Mode - (329)
Weakness ClassWeakness Class Not Using Complete Mediation - (638)
Weakness VariantWeakness Variant Not Using Password Aging - (262)
Weakness VariantWeakness Variant Null Byte Interaction Error (Poison Null Byte) - (626)
Weakness BaseWeakness Base NULL Pointer Dereference - (476)
Weakness BaseWeakness Base Numeric Range Comparison Without Minimum Check - (839)
Weakness BaseWeakness Base Numeric Truncation Error - (197)
Weakness BaseWeakness Base Object Model Violation: Just One of Equals and Hashcode Defined - (581)
Weakness BaseWeakness Base Obscured Security-relevant Information by Alternate Name - (224)
Weakness BaseWeakness Base Obsolete Feature in UI - (448)
Weakness BaseWeakness Base Off-by-one Error - (193)
Weakness BaseWeakness Base Omission of Security-relevant Information - (223)
Weakness BaseWeakness Base Omitted Break Statement in Switch - (484)
Weakness VariantWeakness Variant Only Filtering One Instance of a Special Element - (793)
Weakness BaseWeakness Base Only Filtering Special Elements at a Specified Location - (795)
Weakness VariantWeakness Variant Only Filtering Special Elements at an Absolute Position - (797)
Weakness VariantWeakness Variant Only Filtering Special Elements Relative to a Marker - (796)
Weakness BaseWeakness Base Operation on a Resource after Expiration or Release - (672)
Weakness BaseWeakness Base Operation on Resource in Wrong Phase of Lifetime - (666)
Weakness VariantWeakness Variant Operator Precedence Logic Error - (783)
Weakness BaseWeakness Base Origin Validation Error - (346)
Weakness BaseWeakness Base Out-of-bounds Read - (125)
Weakness BaseWeakness Base Out-of-bounds Write - (787)
Weakness VariantWeakness Variant Overly Permissive Cross-domain Whitelist - (942)
Weakness BaseWeakness Base Overly Restrictive Account Lockout Mechanism - (645)
Weakness BaseWeakness Base Overly Restrictive Regular Expression - (186)
Weakness BaseWeakness Base Partial Comparison - (187)
Weakness BaseWeakness Base Passing Mutable Objects to an Untrusted Method - (374)
Weakness BaseWeakness Base Password Aging with Long Expiration - (263)
Weakness VariantWeakness Variant Password in Configuration File - (260)
Weakness VariantWeakness Variant Path Equivalence: ' filename' (Leading Space) - (47)
Weakness VariantWeakness Variant Path Equivalence: '/./' (Single Dot Directory) - (55)
Weakness VariantWeakness Variant Path Equivalence: '//multiple/leading/slash' - (50)
Weakness VariantWeakness Variant Path Equivalence: '/multiple//internal/slash' - (51)
Weakness VariantWeakness Variant Path Equivalence: '/multiple/trailing/slash//' - (52)
Weakness VariantWeakness Variant Path Equivalence: '\multiple\\internal\backslash' - (53)
Weakness VariantWeakness Variant Path Equivalence: 'fakedir/../realdir/filename' - (57)
Weakness VariantWeakness Variant Path Equivalence: 'file name' (Internal Whitespace) - (48)
Weakness VariantWeakness Variant Path Equivalence: 'filedir*' (Wildcard) - (56)
Weakness VariantWeakness Variant Path Equivalence: 'filedir\' (Trailing Backslash) - (54)
Weakness VariantWeakness Variant Path Equivalence: 'filename ' (Trailing Space) - (46)
Weakness VariantWeakness Variant Path Equivalence: 'file.name' (Internal Dot) - (44)
Weakness VariantWeakness Variant Path Equivalence: 'file...name' (Multiple Internal Dot) - (45)
Weakness VariantWeakness Variant Path Equivalence: 'filename....' (Multiple Trailing Dot) - (43)
Weakness VariantWeakness Variant Path Equivalence: 'filename.' (Trailing Dot) - (42)
Weakness VariantWeakness Variant Path Equivalence: 'filename/' (Trailing Slash) - (49)
Weakness VariantWeakness Variant Path Equivalence: Windows 8.3 Filename - (58)
Weakness VariantWeakness Variant Path Traversal: '....' (Multiple Dot) - (33)
Weakness VariantWeakness Variant Path Traversal: '...' (Triple Dot) - (32)
Weakness VariantWeakness Variant Path Traversal: '....//' - (34)
Weakness VariantWeakness Variant Path Traversal: '.../...//' - (35)
Weakness VariantWeakness Variant Path Traversal: '/../filedir' - (25)
Weakness VariantWeakness Variant Path Traversal: '/absolute/pathname/here' - (37)
Weakness VariantWeakness Variant Path Traversal: '/dir/../filename' - (26)
Weakness VariantWeakness Variant Path Traversal: '../filedir' - (24)
Weakness VariantWeakness Variant Path Traversal: '\..\filename' - (29)
Weakness VariantWeakness Variant Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - (40)
Weakness VariantWeakness Variant Path Traversal: '\absolute\pathname\here' - (38)
Weakness VariantWeakness Variant Path Traversal: '\dir\..\filename' - (30)
Weakness VariantWeakness Variant Path Traversal: '..\filedir' - (28)
Weakness VariantWeakness Variant Path Traversal: 'C:dirname' - (39)
Weakness VariantWeakness Variant Path Traversal: 'dir/../../filename' - (27)
Weakness VariantWeakness Variant Path Traversal: 'dir\..\..\filename' - (31)
Weakness BaseWeakness Base Permissive Regular Expression - (625)
Weakness BaseWeakness Base Permissive Whitelist - (183)
Weakness VariantWeakness Variant PHP External Variable Modification - (473)
Weakness BaseWeakness Base Placement of User into Incorrect Group - (842)
Weakness VariantWeakness Variant Plaintext Storage of a Password - (256)
Weakness ClassWeakness Class Predictability Problems - (340)
Weakness BaseWeakness Base Predictable Exact Value from Previous Values - (342)
Weakness BaseWeakness Base Predictable from Observable State - (341)
Weakness BaseWeakness Base Predictable Seed in PRNG - (337)
Weakness BaseWeakness Base Predictable Value Range from Previous Values - (343)
Weakness BaseWeakness Base Premature Release of Resource During Expected Lifetime - (826)
Weakness VariantWeakness Variant Private Array-Typed Field Returned From A Public Method - (495)
Weakness BaseWeakness Base Privilege Chaining - (268)
Weakness BaseWeakness Base Privilege Context Switching Error - (270)
Weakness BaseWeakness Base Privilege Defined With Unsafe Actions - (267)
Weakness ClassWeakness Class Privilege Dropping / Lowering Errors - (271)
Weakness ClassWeakness Class PRNG Seed Error - (335)
Weakness BaseWeakness Base Process Control - (114)
Weakness BaseWeakness Base Product UI does not Warn User of Unsafe Actions - (356)
Weakness ClassWeakness Class Protection Mechanism Failure - (693)
Weakness VariantWeakness Variant Public cloneable() Method Without Final ('Object Hijack') - (491)
Weakness VariantWeakness Variant Public Data Assigned to Private Array-Typed Field - (496)
Weakness VariantWeakness Variant Public Static Field Not Marked Final - (500)
Weakness VariantWeakness Variant Public Static Final Field References Mutable Object - (607)
Weakness BaseWeakness Base Race Condition During Access to Alternate Channel - (421)
Weakness BaseWeakness Base Race Condition Enabling Link Following - (363)
Weakness BaseWeakness Base Race Condition in Switch - (365)
Weakness BaseWeakness Base Race Condition within a Thread - (366)
Weakness VariantWeakness Variant Reachable Assertion - (617)
Weakness VariantWeakness Variant Reflection Attack in an Authentication Protocol - (301)
Weakness VariantWeakness Variant Regular Expression without Anchors - (777)
Weakness BaseWeakness Base Relative Path Traversal - (23)
Weakness BaseWeakness Base Release of Invalid Pointer or Reference - (763)
Weakness BaseWeakness Base Reliance on a Single Factor in a Security Decision - (654)
Weakness BaseWeakness Base Reliance on Cookies without Validation and Integrity Checking - (565)
Weakness VariantWeakness Variant Reliance on Cookies without Validation and Integrity Checking in a Security Decision - (784)
Weakness BaseWeakness Base Reliance on Data/Memory Layout - (188)
Weakness VariantWeakness Variant Reliance on File Name or Extension of Externally-Supplied File - (646)
Weakness VariantWeakness Variant Reliance on IP Address for Authentication - (291)
Weakness BaseWeakness Base Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)
Weakness VariantWeakness Variant Reliance on Package-level Scope - (487)
Weakness VariantWeakness Variant Reliance on Reverse DNS Resolution for a Security-Critical Action - (350)
Weakness BaseWeakness Base Reliance on Security Through Obscurity - (656)
Weakness ClassWeakness Class Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)
Weakness BaseWeakness Base Reliance on Untrusted Inputs in a Security Decision - (807)
Weakness BaseWeakness Base Replicating Malicious Code (Virus or Worm) - (509)
Weakness BaseWeakness Base Response Discrepancy Information Exposure - (204)
Weakness BaseWeakness Base Return Inside Finally Block - (584)
Weakness BaseWeakness Base Return of Pointer Value Outside of Expected Range - (466)
Weakness BaseWeakness Base Return of Stack Variable Address - (562)
Weakness BaseWeakness Base Return of Wrong Status Code - (393)
Weakness BaseWeakness Base Returning a Mutable Object to an Untrusted Caller - (375)
Weakness BaseWeakness Base Reusing a Nonce, Key Pair in Encryption - (323)
Weakness BaseWeakness Base Reversible One-Way Hash - (328)
Weakness BaseWeakness Base Same Seed in PRNG - (336)
Weakness ClassWeakness Class Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') - (757)
Weakness VariantWeakness Variant Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - (614)
Weakness VariantWeakness Variant Sensitive Cookie Without 'HttpOnly' Flag - (1004)
Weakness VariantWeakness Variant Sensitive Data Storage in Improperly Locked Memory - (591)
Weakness VariantWeakness Variant Sensitive Data Under FTP Root - (220)
Weakness VariantWeakness Variant Sensitive Data Under Web Root - (219)
Weakness BaseWeakness Base Sensitive Information Uncleared Before Release - (226)
Weakness VariantWeakness Variant Serializable Class Containing Sensitive Data - (499)
Weakness BaseWeakness Base Server-Side Request Forgery (SSRF) - (918)
Weakness BaseWeakness Base Signal Handler Function Associated with Multiple Signals - (831)
Weakness BaseWeakness Base Signal Handler Race Condition - (364)
Weakness VariantWeakness Variant Signal Handler Use of a Non-reentrant Function - (479)
Weakness BaseWeakness Base Signal Handler with Functionality that is not Asynchronous-Safe - (828)
Weakness VariantWeakness Variant Signed to Unsigned Conversion Error - (195)
Weakness BaseWeakness Base Small Seed Space in PRNG - (339)
Weakness BaseWeakness Base Small Space of Random Values - (334)
Weakness BaseWeakness Base Spyware - (512)
Weakness VariantWeakness Variant SQL Injection: Hibernate - (564)
Weakness VariantWeakness Variant Stack-based Buffer Overflow - (121)
Weakness BaseWeakness Base Storage of Sensitive Data in a Mechanism without Access Control - (921)
Weakness BaseWeakness Base Storing Passwords in a Recoverable Format - (257)
Weakness VariantWeakness Variant Struts: Duplicate Validation Forms - (102)
Weakness VariantWeakness Variant Struts: Form Bean Does Not Extend Validation Class - (104)
Weakness VariantWeakness Variant Struts: Form Field Without Validator - (105)
Weakness VariantWeakness Variant Struts: Incomplete validate() Method Definition - (103)
Weakness VariantWeakness Variant Struts: Non-private Field in ActionForm Class - (608)
Weakness VariantWeakness Variant Struts: Plug-in Framework not in Use - (106)
Weakness VariantWeakness Variant Struts: Unused Validation Form - (107)
Weakness VariantWeakness Variant Struts: Unvalidated Action Form - (108)
Weakness VariantWeakness Variant Struts: Validator Turned Off - (109)
Weakness VariantWeakness Variant Struts: Validator Without Form Field - (110)
Weakness VariantWeakness Variant Suspicious Comment - (546)
Weakness BaseWeakness Base Symbolic Name not Mapping to Correct Object - (386)
Weakness BaseWeakness Base The UI Performs the Wrong Action - (449)
Weakness BaseWeakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)
Weakness ClassWeakness Class Transmission of Private Resources into a New Sphere ('Resource Leak') - (402)
Weakness BaseWeakness Base Trapdoor - (510)
Weakness BaseWeakness Base Trojan Horse - (507)
Weakness BaseWeakness Base Truncation of Security-relevant Information - (222)
Weakness BaseWeakness Base Trust Boundary Violation - (501)
Weakness BaseWeakness Base Trust of System Event Data - (360)
Weakness VariantWeakness Variant Trusting HTTP Permission Methods on the Server Side - (650)
Weakness BaseWeakness Base UI Discrepancy for Security Feature - (446)
Weakness BaseWeakness Base Uncaught Exception - (248)
Weakness BaseWeakness Base Uncaught Exception in Servlet - (600)
Weakness BaseWeakness Base Unchecked Error Condition - (391)
Weakness BaseWeakness Base Unchecked Input for Loop Condition - (606)
Weakness BaseWeakness Base Unchecked Return Value - (252)
Weakness VariantWeakness Variant Uncontrolled Memory Allocation - (789)
Weakness BaseWeakness Base Uncontrolled Recursion - (674)
Weakness BaseWeakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)
Weakness BaseWeakness Base Uncontrolled Search Path Element - (427)
Weakness BaseWeakness Base Undefined Behavior for Input to API - (475)
Weakness BaseWeakness Base Unexpected Sign Extension - (194)
Weakness BaseWeakness Base Unexpected Status Code or Return Value - (394)
Weakness BaseWeakness Base Unimplemented or Unsupported Feature in UI - (447)
Weakness ClassWeakness Class Unintended Proxy or Intermediary ('Confused Deputy') - (441)
Weakness VariantWeakness Variant UNIX Hard Link - (62)
Weakness BaseWeakness Base Unlock of a Resource that is not Locked - (832)
Weakness ClassWeakness Class Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') - (637)
Weakness VariantWeakness Variant Unparsed Raw Web Content Delivery - (433)
Weakness BaseWeakness Base Unprotected Alternate Channel - (420)
Weakness BaseWeakness Base Unprotected Primary Channel - (419)
Weakness VariantWeakness Variant Unprotected Transport of Credentials - (523)
Weakness VariantWeakness Variant Unprotected Windows Messaging Channel ('Shatter') - (422)
Weakness BaseWeakness Base Unquoted Search Path or Element - (428)
Weakness BaseWeakness Base Unrestricted Externally Accessible Lock - (412)
Weakness BaseWeakness Base Unrestricted Upload of File with Dangerous Type - (434)
Weakness VariantWeakness Variant Unsafe ActiveX Control Marked Safe For Scripting - (623)
Weakness VariantWeakness Variant Unsigned to Signed Conversion Error - (196)
Weakness BaseWeakness Base Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
Weakness BaseWeakness Base Untrusted Pointer Dereference - (822)
Weakness BaseWeakness Base Unverified Ownership - (283)
Weakness VariantWeakness Variant Unverified Password Change - (620)
Weakness VariantWeakness Variant URL Redirection to Untrusted Site ('Open Redirect') - (601)
Weakness BaseWeakness Base Use After Free - (416)
Weakness BaseWeakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)
Weakness BaseWeakness Base Use of a Key Past its Expiration Date - (324)
Weakness BaseWeakness Base Use of a Non-reentrant Function in a Concurrent Context - (663)
Weakness BaseWeakness Base Use of a One-Way Hash with a Predictable Salt - (760)
Weakness BaseWeakness Base Use of a One-Way Hash without a Salt - (759)
Weakness BaseWeakness Base Use of Client-Side Authentication - (603)
Weakness BaseWeakness Base Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
Weakness VariantWeakness Variant Use of Dynamic Class Loading - (545)
Weakness BaseWeakness Base Use of Expired File Descriptor - (910)
Weakness BaseWeakness Base Use of Externally-Controlled Format String - (134)
Weakness BaseWeakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
Weakness BaseWeakness Base Use of Function with Inconsistent Implementations - (474)
Weakness VariantWeakness Variant Use of getlogin() in Multithreaded Application - (558)
Weakness BaseWeakness Base Use of Hard-coded Credentials - (798)
Weakness BaseWeakness Base Use of Hard-coded Cryptographic Key - (321)
Weakness BaseWeakness Base Use of Hard-coded Password - (259)
Weakness VariantWeakness Variant Use of Hard-coded, Security-relevant Constants - (547)
Weakness VariantWeakness Variant Use of Implicit Intent for Sensitive Communication - (927)
Weakness BaseWeakness Base Use of Incorrect Byte Ordering - (198)
Weakness BaseWeakness Base Use of Incorrect Operator - (480)
Weakness ClassWeakness Class Use of Incorrectly-Resolved Name or Reference - (706)
Weakness BaseWeakness Base Use of Inherently Dangerous Function - (242)
Weakness VariantWeakness Variant Use of Inner Class Containing Sensitive Data - (492)
Weakness ClassWeakness Class Use of Insufficiently Random Values - (330)
Weakness BaseWeakness Base Use of Invariant Value in Dynamically Changing Context - (344)
Weakness BaseWeakness Base Use of Less Trusted Source - (348)
Weakness BaseWeakness Base Use of Low-Level Functionality - (695)
Weakness BaseWeakness Base Use of Multiple Resources with Duplicate Identifier - (694)
Weakness VariantWeakness Variant Use of Non-Canonical URL Paths for Authorization Decisions - (647)
Weakness BaseWeakness Base Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)
Weakness BaseWeakness Base Use of Obsolete Functions - (477)
Weakness BaseWeakness Base Use of Out-of-range Pointer Offset - (823)
Weakness BaseWeakness Base Use of Password Hash Instead of Password for Authentication - (836)
Weakness BaseWeakness Base Use of Password Hash With Insufficient Computational Effort - (916)
Weakness BaseWeakness Base Use of Password System for Primary Authentication - (309)
Weakness VariantWeakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)
Weakness BaseWeakness Base Use of Pointer Subtraction to Determine Size - (469)
Weakness BaseWeakness Base Use of Potentially Dangerous Function - (676)
Weakness VariantWeakness Variant Use of RSA Algorithm without OAEP - (780)
Weakness BaseWeakness Base Use of Single-factor Authentication - (308)
Weakness VariantWeakness Variant Use of Singleton Pattern Without Synchronization in a Multithreaded Context - (543)
Weakness VariantWeakness Variant Use of sizeof() on a Pointer Type - (467)
Weakness VariantWeakness Variant Use of umask() with chmod-style Argument - (560)
Weakness BaseWeakness Base Use of Uninitialized Resource - (908)
Weakness VariantWeakness Variant Use of Uninitialized Variable - (457)
Weakness VariantWeakness Variant Use of Wrong Operator in String Comparison - (597)
Weakness BaseWeakness Base User Interface (UI) Misrepresentation of Critical Information - (451)
Weakness VariantWeakness Variant Using Referer Field for Authentication - (293)
Weakness BaseWeakness Base Variable Extraction Error - (621)
Weakness ClassWeakness Class Violation of Secure Design Principles - (657)
Weakness VariantWeakness Variant Weak Cryptography for Passwords - (261)
Weakness BaseWeakness Base Weak Password Recovery Mechanism for Forgotten Password - (640)
Weakness BaseWeakness Base Weak Password Requirements - (521)
Weakness VariantWeakness Variant Windows Hard Link - (65)
Weakness VariantWeakness Variant Windows Shortcut Following (.LNK) - (64)
Weakness BaseWeakness Base Wrap-around Error - (128)
Weakness BaseWeakness Base Write-what-where Condition - (123)
Weakness BaseWeakness Base XML Injection (aka Blind XPath Injection) - (91)
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29Internal CWE Team
+ View Metrics
CWEs in this viewTotal CWEs
Total720out of1005
Views0out of33
Categories0out of244
Weaknesses720out of720
Compound_Elements0out of8

More information is available — Please select a different filter.
Page Last Updated: January 19, 2017