CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE VIEW: Weaknesses without Software Fault Patterns

View ID: 999
Type: Implicit
Status: Incomplete
+ Objective
CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in coverage by the current software fault pattern model.
+ Audience
StakeholderDescription
Applied Researchers
Academic Researchers
Software Vendors
+ Filter
/Weakness_Catalog/Weaknesses/Weakness[not(./Taxonomy_Mappings/Taxonomy_Mapping/@Taxonomy_Name='Software Fault Patterns')]
+ Membership
NatureTypeIDName
HasMemberVariantVariant5J2EE Misconfiguration: Data Transmission Without Encryption
HasMemberVariantVariant6J2EE Misconfiguration: Insufficient Session-ID Length
HasMemberVariantVariant7J2EE Misconfiguration: Missing Custom Error Page
HasMemberVariantVariant9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
HasMemberVariantVariant11ASP.NET Misconfiguration: Creating Debug Binary
HasMemberVariantVariant12ASP.NET Misconfiguration: Missing Custom Error Page
HasMemberVariantVariant13ASP.NET Misconfiguration: Password in Configuration File
HasMemberBaseBase41Improper Resolution of Path Equivalence
HasMemberCompositeComposite61UNIX Symbolic Link (Symlink) Following
HasMemberBaseBase66Improper Handling of File Names that Identify Virtual Resources
HasMemberVariantVariant69Improper Handling of Windows ::DATA Alternate Data Stream
HasMemberDeprecatedDeprecated71DEPRECATED: Apple '.DS_Store'
HasMemberVariantVariant72Improper Handling of Apple HFS+ Alternate Data Stream Path
HasMemberClassClass75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
HasMemberBaseBase76Improper Neutralization of Equivalent Special Elements
HasMemberBaseBase88Argument Injection or Modification
HasMemberDeprecatedDeprecated92DEPRECATED: Improper Sanitization of Custom Special Characters
HasMemberClassClass94Improper Control of Generation of Code ('Code Injection')
HasMemberVariantVariant97Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
HasMemberBaseBase98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
HasMemberVariantVariant106Struts: Plug-in Framework not in Use
HasMemberVariantVariant107Struts: Unused Validation Form
HasMemberBaseBase114Process Control
HasMemberBaseBase115Misinterpretation of Input
HasMemberClassClass116Improper Encoding or Escaping of Output
HasMemberBaseBase130Improper Handling of Length Parameter Inconsistency
HasMemberBaseBase131Incorrect Calculation of Buffer Size
HasMemberDeprecatedDeprecated132DEPRECATED (Duplicate): Miscalculated Null Termination
HasMemberVariantVariant150Improper Neutralization of Escape, Meta, or Control Sequences
HasMemberBaseBase166Improper Handling of Missing Special Element
HasMemberBaseBase167Improper Handling of Additional Special Element
HasMemberBaseBase168Improper Handling of Inconsistent Special Elements
HasMemberClassClass172Encoding Error
HasMemberVariantVariant173Improper Handling of Alternate Encoding
HasMemberVariantVariant174Double Decoding of the Same Data
HasMemberVariantVariant175Improper Handling of Mixed Encoding
HasMemberVariantVariant176Improper Handling of Unicode Encoding
HasMemberVariantVariant177Improper Handling of URL Encoding (Hex Encoding)
HasMemberBaseBase178Improper Handling of Case Sensitivity
HasMemberBaseBase179Incorrect Behavior Order: Early Validation
HasMemberBaseBase180Incorrect Behavior Order: Validate Before Canonicalize
HasMemberBaseBase181Incorrect Behavior Order: Validate Before Filter
HasMemberBaseBase182Collapse of Data into Unsafe Value
HasMemberBaseBase183Permissive Whitelist
HasMemberBaseBase184Incomplete Blacklist
HasMemberClassClass185Incorrect Regular Expression
HasMemberBaseBase186Overly Restrictive Regular Expression
HasMemberBaseBase187Partial Comparison
HasMemberBaseBase188Reliance on Data/Memory Layout
HasMemberClassClass192Integer Coercion Error
HasMemberBaseBase193Off-by-one Error
HasMemberBaseBase198Use of Incorrect Byte Ordering
HasMemberClassClass200Information Exposure
HasMemberVariantVariant201Information Exposure Through Sent Data
HasMemberVariantVariant202Exposure of Sensitive Data Through Data Queries
HasMemberClassClass203Information Exposure Through Discrepancy
HasMemberBaseBase204Response Discrepancy Information Exposure
HasMemberBaseBase205Information Exposure Through Behavioral Discrepancy
HasMemberVariantVariant206Information Exposure of Internal State Through Behavioral Inconsistency
HasMemberVariantVariant207Information Exposure Through an External Behavioral Inconsistency
HasMemberBaseBase208Information Exposure Through Timing Discrepancy
HasMemberBaseBase211Information Exposure Through Externally-Generated Error Message
HasMemberBaseBase212Improper Cross-boundary Removal of Sensitive Data
HasMemberBaseBase213Intentional Information Exposure
HasMemberClassClass216Containment Errors (Container Errors)
HasMemberDeprecatedDeprecated217DEPRECATED: Failure to Protect Stored Data from Modification
HasMemberDeprecatedDeprecated218DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
HasMemberVariantVariant219Sensitive Data Under Web Root
HasMemberVariantVariant220Sensitive Data Under FTP Root
HasMemberClassClass221Information Loss or Omission
HasMemberBaseBase222Truncation of Security-relevant Information
HasMemberBaseBase223Omission of Security-relevant Information
HasMemberBaseBase224Obscured Security-relevant Information by Alternate Name
HasMemberDeprecatedDeprecated225DEPRECATED (Duplicate): General Information Management Problems
HasMemberClassClass228Improper Handling of Syntactically Invalid Structure
HasMemberBaseBase229Improper Handling of Values
HasMemberVariantVariant230Improper Handling of Missing Values
HasMemberVariantVariant231Improper Handling of Extra Values
HasMemberVariantVariant232Improper Handling of Undefined Values
HasMemberBaseBase233Improper Handling of Parameters
HasMemberVariantVariant234Failure to Handle Missing Parameter
HasMemberVariantVariant235Improper Handling of Extra Parameters
HasMemberVariantVariant236Improper Handling of Undefined Parameters
HasMemberBaseBase237Improper Handling of Structural Elements
HasMemberVariantVariant238Improper Handling of Incomplete Structural Elements
HasMemberVariantVariant239Failure to Handle Incomplete Element
HasMemberBaseBase240Improper Handling of Inconsistent Structural Elements
HasMemberBaseBase241Improper Handling of Unexpected Data Type
HasMemberDeprecatedDeprecated249DEPRECATED: Often Misused: Path Manipulation
HasMemberClassClass250Execution with Unnecessary Privileges
HasMemberVariantVariant258Empty Password in Configuration File
HasMemberVariantVariant260Password in Configuration File
HasMemberVariantVariant261Weak Cryptography for Passwords
HasMemberVariantVariant262Not Using Password Aging
HasMemberBaseBase263Password Aging with Long Expiration
HasMemberBaseBase266Incorrect Privilege Assignment
HasMemberBaseBase267Privilege Defined With Unsafe Actions
HasMemberBaseBase268Privilege Chaining
HasMemberClassClass269Improper Privilege Management
HasMemberBaseBase270Privilege Context Switching Error
HasMemberClassClass271Privilege Dropping / Lowering Errors
HasMemberBaseBase274Improper Handling of Insufficient Privileges
HasMemberVariantVariant276Incorrect Default Permissions
HasMemberVariantVariant277Insecure Inherited Permissions
HasMemberVariantVariant278Insecure Preserved Inherited Permissions
HasMemberVariantVariant279Incorrect Execution-Assigned Permissions
HasMemberBaseBase281Improper Preservation of Permissions
HasMemberClassClass282Improper Ownership Management
HasMemberBaseBase283Unverified Ownership
HasMemberClassClass284Improper Access Control
HasMemberClassClass286Incorrect User Management
HasMemberClassClass287Improper Authentication
HasMemberBaseBase288Authentication Bypass Using an Alternate Path or Channel
HasMemberVariantVariant289Authentication Bypass by Alternate Name
HasMemberBaseBase290Authentication Bypass by Spoofing
HasMemberVariantVariant291Reliance on IP Address for Authentication
HasMemberBaseBase294Authentication Bypass by Capture-replay
HasMemberBaseBase295Improper Certificate Validation
HasMemberBaseBase296Improper Following of a Certificate's Chain of Trust
HasMemberVariantVariant297Improper Validation of Certificate with Host Mismatch
HasMemberVariantVariant298Improper Validation of Certificate Expiration
HasMemberBaseBase299Improper Check for Certificate Revocation
HasMemberClassClass300Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
HasMemberVariantVariant301Reflection Attack in an Authentication Protocol
HasMemberVariantVariant302Authentication Bypass by Assumed-Immutable Data
HasMemberBaseBase303Incorrect Implementation of Authentication Algorithm
HasMemberBaseBase304Missing Critical Step in Authentication
HasMemberBaseBase305Authentication Bypass by Primary Weakness
HasMemberBaseBase308Use of Single-factor Authentication
HasMemberBaseBase309Use of Password System for Primary Authentication
HasMemberVariantVariant318Cleartext Storage of Sensitive Information in Executable
HasMemberBaseBase322Key Exchange without Entity Authentication
HasMemberBaseBase323Reusing a Nonce, Key Pair in Encryption
HasMemberBaseBase324Use of a Key Past its Expiration Date
HasMemberBaseBase325Missing Required Cryptographic Step
HasMemberClassClass326Inadequate Encryption Strength
HasMemberBaseBase327Use of a Broken or Risky Cryptographic Algorithm
HasMemberBaseBase328Reversible One-Way Hash
HasMemberVariantVariant329Not Using a Random IV with CBC Mode
HasMemberClassClass330Use of Insufficiently Random Values
HasMemberBaseBase331Insufficient Entropy
HasMemberVariantVariant332Insufficient Entropy in PRNG
HasMemberVariantVariant333Improper Handling of Insufficient Entropy in TRNG
HasMemberBaseBase334Small Space of Random Values
HasMemberBaseBase335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase336Same Seed in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase337Predictable Seed in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase339Small Seed Space in PRNG
HasMemberClassClass340Predictability Problems
HasMemberBaseBase341Predictable from Observable State
HasMemberBaseBase342Predictable Exact Value from Previous Values
HasMemberBaseBase343Predictable Value Range from Previous Values
HasMemberBaseBase344Use of Invariant Value in Dynamically Changing Context
HasMemberClassClass345Insufficient Verification of Data Authenticity
HasMemberBaseBase346Origin Validation Error
HasMemberBaseBase347Improper Verification of Cryptographic Signature
HasMemberBaseBase348Use of Less Trusted Source
HasMemberBaseBase349Acceptance of Extraneous Untrusted Data With Trusted Data
HasMemberBaseBase351Insufficient Type Distinction
HasMemberCompositeComposite352Cross-Site Request Forgery (CSRF)
HasMemberBaseBase353Missing Support for Integrity Check
HasMemberBaseBase354Improper Validation of Integrity Check Value
HasMemberBaseBase356Product UI does not Warn User of Unsafe Actions
HasMemberBaseBase357Insufficient UI Warning of Dangerous Operations
HasMemberBaseBase358Improperly Implemented Security Check for Standard
HasMemberClassClass359Exposure of Private Information ('Privacy Violation')
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase368Context Switching Race Condition
HasMemberBaseBase372Incomplete Internal State Distinction
HasMemberDeprecatedDeprecated373DEPRECATED: State Synchronization Error
HasMemberBaseBase377Insecure Temporary File
HasMemberBaseBase378Creation of Temporary File With Insecure Permissions
HasMemberBaseBase379Creation of Temporary File in Directory with Incorrect Permissions
HasMemberCompositeComposite384Session Fixation
HasMemberBaseBase385Covert Timing Channel
HasMemberBaseBase386Symbolic Name not Mapping to Correct Object
HasMemberBaseBase395Use of NullPointerException Catch to Detect NULL Pointer Dereference
HasMemberClassClass402Transmission of Private Resources into a New Sphere ('Resource Leak')
HasMemberClassClass405Asymmetric Resource Consumption (Amplification)
HasMemberBaseBase406Insufficient Control of Network Message Volume (Network Amplification)
HasMemberBaseBase407Algorithmic Complexity
HasMemberBaseBase408Incorrect Behavior Order: Early Amplification
HasMemberBaseBase409Improper Handling of Highly Compressed Data (Data Amplification)
HasMemberBaseBase410Insufficient Resource Pool
HasMemberBaseBase419Unprotected Primary Channel
HasMemberBaseBase420Unprotected Alternate Channel
HasMemberBaseBase421Race Condition During Access to Alternate Channel
HasMemberDeprecatedDeprecated423DEPRECATED (Duplicate): Proxied Trusted Channel
HasMemberCompositeComposite426Untrusted Search Path
HasMemberBaseBase427Uncontrolled Search Path Element
HasMemberBaseBase428Unquoted Search Path or Element
HasMemberBaseBase430Deployment of Wrong Handler
HasMemberBaseBase432Dangerous Signal Handler not Disabled During Sensitive Operations
HasMemberVariantVariant433Unparsed Raw Web Content Delivery
HasMemberBaseBase434Unrestricted Upload of File with Dangerous Type
HasMemberClassClass435Improper Interaction Between Multiple Entities
HasMemberBaseBase436Interpretation Conflict
HasMemberBaseBase437Incomplete Model of Endpoint Features
HasMemberBaseBase439Behavioral Change in New Version or Environment
HasMemberBaseBase440Expected Behavior Violation
HasMemberClassClass441Unintended Proxy or Intermediary ('Confused Deputy')
HasMemberDeprecatedDeprecated443DEPRECATED (Duplicate): HTTP response splitting
HasMemberBaseBase444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
HasMemberBaseBase446UI Discrepancy for Security Feature
HasMemberBaseBase447Unimplemented or Unsupported Feature in UI
HasMemberBaseBase448Obsolete Feature in UI
HasMemberBaseBase449The UI Performs the Wrong Action
HasMemberBaseBase450Multiple Interpretations of UI Input
HasMemberClassClass451User Interface (UI) Misrepresentation of Critical Information
HasMemberBaseBase453Insecure Default Variable Initialization
HasMemberBaseBase455Non-exit on Failed Initialization
HasMemberDeprecatedDeprecated458DEPRECATED: Incorrect Initialization
HasMemberVariantVariant460Improper Cleanup on Thrown Exception
HasMemberBaseBase462Duplicate Key in Associative List (Alist)
HasMemberBaseBase463Deletion of Data Structure Sentinel
HasMemberBaseBase464Addition of Data Structure Sentinel
HasMemberBaseBase470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberBaseBase471Modification of Assumed-Immutable Data (MAID)
HasMemberBaseBase472External Control of Assumed-Immutable Web Parameter
HasMemberVariantVariant473PHP External Variable Modification
HasMemberBaseBase480Use of Incorrect Operator
HasMemberVariantVariant483Incorrect Block Delimitation
HasMemberVariantVariant487Reliance on Package-level Scope
HasMemberVariantVariant488Exposure of Data Element to Wrong Session
HasMemberVariantVariant492Use of Inner Class Containing Sensitive Data
HasMemberClassClass506Embedded Malicious Code
HasMemberBaseBase507Trojan Horse
HasMemberBaseBase508Non-Replicating Malicious Code
HasMemberBaseBase509Replicating Malicious Code (Virus or Worm)
HasMemberBaseBase510Trapdoor
HasMemberBaseBase511Logic/Time Bomb
HasMemberBaseBase512Spyware
HasMemberClassClass514Covert Channel
HasMemberBaseBase515Covert Storage Channel
HasMemberDeprecatedDeprecated516DEPRECATED (Duplicate): Covert Timing Channel
HasMemberVariantVariant520.NET Misconfiguration: Use of Impersonation
HasMemberBaseBase521Weak Password Requirements
HasMemberBaseBase522Insufficiently Protected Credentials
HasMemberVariantVariant524Information Exposure Through Caching
HasMemberVariantVariant525Information Exposure Through Browser Caching
HasMemberVariantVariant527Exposure of CVS Repository to an Unauthorized Control Sphere
HasMemberVariantVariant528Exposure of Core Dump File to an Unauthorized Control Sphere
HasMemberVariantVariant529Exposure of Access Control List Files to an Unauthorized Control Sphere
HasMemberVariantVariant530Exposure of Backup File to an Unauthorized Control Sphere
HasMemberVariantVariant535Information Exposure Through Shell Error Message
HasMemberVariantVariant536Information Exposure Through Servlet Runtime Error Message
HasMemberVariantVariant537Information Exposure Through Java Runtime Error Message
HasMemberBaseBase538File and Directory Information Exposure
HasMemberVariantVariant539Information Exposure Through Persistent Cookies
HasMemberVariantVariant540Information Exposure Through Source Code
HasMemberVariantVariant541Information Exposure Through Include Source Code
HasMemberBaseBase544Missing Standardized Error Handling Mechanism
HasMemberDeprecatedDeprecated545DEPRECATED: Use of Dynamic Class Loading
HasMemberVariantVariant546Suspicious Comment
HasMemberVariantVariant547Use of Hard-coded, Security-relevant Constants
HasMemberVariantVariant548Information Exposure Through Directory Listing
HasMemberVariantVariant549Missing Password Field Masking
HasMemberVariantVariant550Information Exposure Through Server Error Message
HasMemberBaseBase551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
HasMemberBaseBase552Files or Directories Accessible to External Parties
HasMemberVariantVariant553Command Shell in Externally Accessible Directory
HasMemberVariantVariant555J2EE Misconfiguration: Plaintext Password in Configuration File
HasMemberVariantVariant556ASP.NET Misconfiguration: Use of Identity Impersonation
HasMemberVariantVariant560Use of umask() with chmod-style Argument
HasMemberClassClass573Improper Following of Specification by Caller
HasMemberBaseBase581Object Model Violation: Just One of Equals and Hashcode Defined
HasMemberVariantVariant582Array Declared Public, Final, and Static
HasMemberDeprecatedDeprecated592DEPRECATED: Authentication Bypass Issues
HasMemberVariantVariant593Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
HasMemberBaseBase595Comparison of Object References Instead of Object Contents
HasMemberBaseBase596Incorrect Semantic Object Comparison
HasMemberVariantVariant599Missing Validation of OpenSSL Certificate
HasMemberBaseBase602Client-Side Enforcement of Server-Side Security
HasMemberBaseBase603Use of Client-Side Authentication
HasMemberClassClass610Externally Controlled Reference to a Resource in Another Sphere
HasMemberVariantVariant612Information Exposure Through Indexing of Private Data
HasMemberBaseBase613Insufficient Session Expiration
HasMemberVariantVariant614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
HasMemberVariantVariant615Information Exposure Through Comments
HasMemberBaseBase618Exposed Unsafe ActiveX Method
HasMemberVariantVariant623Unsafe ActiveX Control Marked Safe For Scripting
HasMemberBaseBase625Permissive Regular Expression
HasMemberVariantVariant626Null Byte Interaction Error (Poison Null Byte)
HasMemberBaseBase627Dynamic Variable Evaluation
HasMemberBaseBase628Function Call with Incorrectly Specified Arguments
HasMemberClassClass636Not Failing Securely ('Failing Open')
HasMemberClassClass637Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
HasMemberBaseBase639Authorization Bypass Through User-Controlled Key
HasMemberBaseBase640Weak Password Recovery Mechanism for Forgotten Password
HasMemberBaseBase645Overly Restrictive Account Lockout Mechanism
HasMemberVariantVariant646Reliance on File Name or Extension of Externally-Supplied File
HasMemberVariantVariant647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberBaseBase648Incorrect Use of Privileged APIs
HasMemberBaseBase649Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
HasMemberVariantVariant650Trusting HTTP Permission Methods on the Server Side
HasMemberVariantVariant651Information Exposure Through WSDL File
HasMemberBaseBase653Insufficient Compartmentalization
HasMemberBaseBase654Reliance on a Single Factor in a Security Decision
HasMemberBaseBase655Insufficient Psychological Acceptability
HasMemberBaseBase656Reliance on Security Through Obscurity
HasMemberClassClass657Violation of Secure Design Principles
HasMemberBaseBase663Use of a Non-reentrant Function in a Concurrent Context
HasMemberClassClass664Improper Control of a Resource Through its Lifetime
HasMemberBaseBase666Operation on Resource in Wrong Phase of Lifetime
HasMemberClassClass668Exposure of Resource to Wrong Sphere
HasMemberClassClass669Incorrect Resource Transfer Between Spheres
HasMemberClassClass670Always-Incorrect Control Flow Implementation
HasMemberClassClass671Lack of Administrator Control over Security
HasMemberClassClass673External Influence of Sphere Definition
HasMemberClassClass675Duplicate Operations on Resource
HasMemberChainChain680Integer Overflow to Buffer Overflow
HasMemberClassClass682Incorrect Calculation
HasMemberVariantVariant683Function Call With Incorrect Order of Arguments
HasMemberClassClass684Incorrect Provision of Specified Functionality
HasMemberVariantVariant687Function Call With Incorrectly Specified Argument Value
HasMemberVariantVariant688Function Call With Incorrect Variable or Reference as Argument
HasMemberCompositeComposite689Permission Race Condition During Resource Copy
HasMemberChainChain690Unchecked Return Value to NULL Pointer Dereference
HasMemberClassClass691Insufficient Control Flow Management
HasMemberChainChain692Incomplete Blacklist to Cross-Site Scripting
HasMemberClassClass693Protection Mechanism Failure
HasMemberBaseBase694Use of Multiple Resources with Duplicate Identifier
HasMemberBaseBase695Use of Low-Level Functionality
HasMemberClassClass696Incorrect Behavior Order
HasMemberClassClass697Insufficient Comparison
HasMemberBaseBase698Execution After Redirect (EAR)
HasMemberClassClass703Improper Check or Handling of Exceptional Conditions
HasMemberClassClass705Incorrect Control Flow Scoping
HasMemberClassClass706Use of Incorrectly-Resolved Name or Reference
HasMemberClassClass707Improper Enforcement of Message or Data Structure
HasMemberBaseBase708Incorrect Ownership Assignment
HasMemberClassClass710Improper Adherence to Coding Standards
HasMemberClassClass732Incorrect Permission Assignment for Critical Resource
HasMemberBaseBase733Compiler Optimization Removal or Modification of Security-critical Code
HasMemberBaseBase749Exposed Dangerous Method or Function
HasMemberClassClass754Improper Check for Unusual or Exceptional Conditions
HasMemberClassClass755Improper Handling of Exceptional Conditions
HasMemberClassClass756Missing Custom Error Page
HasMemberClassClass757Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
HasMemberClassClass758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
HasMemberBaseBase759Use of a One-Way Hash without a Salt
HasMemberBaseBase760Use of a One-Way Hash with a Predictable Salt
HasMemberBaseBase769Uncontrolled File Descriptor Consumption
HasMemberBaseBase770Allocation of Resources Without Limits or Throttling
HasMemberVariantVariant776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HasMemberVariantVariant777Regular Expression without Anchors
HasMemberBaseBase778Insufficient Logging
HasMemberBaseBase779Logging of Excessive Data
HasMemberVariantVariant780Use of RSA Algorithm without OAEP
HasMemberVariantVariant781Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
HasMemberVariantVariant782Exposed IOCTL with Insufficient Access Control
HasMemberVariantVariant783Operator Precedence Logic Error
HasMemberVariantVariant784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
HasMemberBaseBase786Access of Memory Location Before Start of Buffer
HasMemberBaseBase787Out-of-bounds Write
HasMemberBaseBase788Access of Memory Location After End of Buffer
HasMemberVariantVariant789Uncontrolled Memory Allocation
HasMemberClassClass790Improper Filtering of Special Elements
HasMemberBaseBase791Incomplete Filtering of Special Elements
HasMemberVariantVariant792Incomplete Filtering of One or More Instances of Special Elements
HasMemberVariantVariant793Only Filtering One Instance of a Special Element
HasMemberVariantVariant794Incomplete Filtering of Multiple Instances of Special Elements
HasMemberBaseBase795Only Filtering Special Elements at a Specified Location
HasMemberVariantVariant796Only Filtering Special Elements Relative to a Marker
HasMemberVariantVariant797Only Filtering Special Elements at an Absolute Position
HasMemberBaseBase798Use of Hard-coded Credentials
HasMemberClassClass799Improper Control of Interaction Frequency
HasMemberBaseBase804Guessable CAPTCHA
HasMemberBaseBase805Buffer Access with Incorrect Length Value
HasMemberVariantVariant806Buffer Access Using Size of Source Buffer
HasMemberBaseBase807Reliance on Untrusted Inputs in a Security Decision
HasMemberBaseBase820Missing Synchronization
HasMemberBaseBase821Incorrect Synchronization
HasMemberBaseBase822Untrusted Pointer Dereference
HasMemberBaseBase823Use of Out-of-range Pointer Offset
HasMemberBaseBase824Access of Uninitialized Pointer
HasMemberBaseBase825Expired Pointer Dereference
HasMemberBaseBase826Premature Release of Resource During Expected Lifetime
HasMemberBaseBase827Improper Control of Document Type Definition
HasMemberBaseBase828Signal Handler with Functionality that is not Asynchronous-Safe
HasMemberClassClass829Inclusion of Functionality from Untrusted Control Sphere
HasMemberBaseBase830Inclusion of Web Functionality from an Untrusted Source
HasMemberBaseBase831Signal Handler Function Associated with Multiple Signals
HasMemberBaseBase832Unlock of a Resource that is not Locked
HasMemberBaseBase833Deadlock
HasMemberBaseBase834Excessive Iteration
HasMemberBaseBase835Loop with Unreachable Exit Condition ('Infinite Loop')
HasMemberBaseBase836Use of Password Hash Instead of Password for Authentication
HasMemberBaseBase837Improper Enforcement of a Single, Unique Action
HasMemberBaseBase838Inappropriate Encoding for Output Context
HasMemberBaseBase839Numeric Range Comparison Without Minimum Check
HasMemberBaseBase841Improper Enforcement of Behavioral Workflow
HasMemberBaseBase842Placement of User into Incorrect Group
HasMemberBaseBase843Access of Resource Using Incompatible Type ('Type Confusion')
HasMemberClassClass862Missing Authorization
HasMemberClassClass863Incorrect Authorization
HasMemberBaseBase908Use of Uninitialized Resource
HasMemberBaseBase909Missing Initialization of Resource
HasMemberBaseBase910Use of Expired File Descriptor
HasMemberBaseBase911Improper Update of Reference Count
HasMemberClassClass912Hidden Functionality
HasMemberClassClass913Improper Control of Dynamically-Managed Code Resources
HasMemberBaseBase914Improper Control of Dynamically-Identified Variables
HasMemberBaseBase915Improperly Controlled Modification of Dynamically-Determined Object Attributes
HasMemberBaseBase916Use of Password Hash With Insufficient Computational Effort
HasMemberBaseBase917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
HasMemberBaseBase918Server-Side Request Forgery (SSRF)
HasMemberBaseBase920Improper Restriction of Power Consumption
HasMemberBaseBase921Storage of Sensitive Data in a Mechanism without Access Control
HasMemberClassClass922Insecure Storage of Sensitive Information
HasMemberClassClass923Improper Restriction of Communication Channel to Intended Endpoints
HasMemberClassClass924Improper Enforcement of Message Integrity During Transmission in a Communication Channel
HasMemberVariantVariant925Improper Verification of Intent by Broadcast Receiver
HasMemberVariantVariant926Improper Export of Android Application Components
HasMemberVariantVariant927Use of Implicit Intent for Sensitive Communication
HasMemberBaseBase939Improper Authorization in Handler for Custom URL Scheme
HasMemberBaseBase940Improper Verification of Source of a Communication Channel
HasMemberBaseBase941Incorrectly Specified Destination in a Communication Channel
HasMemberVariantVariant942Overly Permissive Cross-domain Whitelist
HasMemberClassClass943Improper Neutralization of Special Elements in Data Query Logic
HasMemberVariantVariant1004Sensitive Cookie Without 'HttpOnly' Flag
HasMemberBaseBase1007Insufficient Visual Distinction of Homoglyphs Presented to User
HasMemberBaseBase1021Improper Restriction of Rendered UI Layers or Frames
HasMemberVariantVariant1022Improper Restriction of Cross-Origin Permission to window.opener.location
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2014-07-29CWE Content TeamMITRE
+ View Metrics
CWEs in this viewTotal CWEs
Total411out of982
Weaknesses411out of 714
Categories0out of 237
Views0out of 31

More information is available — Please select a different filter.
Page Last Updated: November 14, 2017