CWE - VIEW GRAPH: CWE-1000: Natural Hierarchy (Draft 9)

Home > CWE List > VIEW GRAPH: CWE-1000: Natural Hierarchy (Draft 9)

View the CWE List

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

(CWE-1000)

View Definition

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

VIEW GRAPH: CWE-1000: Natural Hierarchy (Draft 9)

View ID

Status: Draft

1000 (View)

Objective

This view (graph) attempts to classify weaknesses based on their inherent characteristics, in a way that is as independent of particular languages, technologies, and frameworks as possible. Ideally, it will only cover weakness-to-weakness relationships, with minimal overlap. Its development is borrowing from - and contributing to - vulnerability theory, which will help CWE become more consistent. Once stable, this hierarchy should be useful in mapping to CWE and identifying theoretical gaps.

View Data

	CWEs in this view		Total CWEs
Total	675	out of	695
Views	0	out of	14
Categories	61	out of	64
Weaknesses	602	out of	605
Compound_Elements	12	out of	12

Expand All | Collapse All

VIEW GRAPH: CWE-1000: Natural Hierarchy

LocationLocation - (1)

ConfigurationConfiguration - (16)

CodeCode - (17)

Source CodeSource Code - (18)

Data HandlingData Handling - (19)

Type ErrorsType Errors - (136)

Representation ErrorsRepresentation Errors - (137)

Cleansing, Canonicalization, and Comparison ErrorsCleansing, Canonicalization, and Comparison Errors - (171)

Failure to Sanitize Special ElementsFailure to Sanitize Special Elements - (138)

General Special Element ProblemsGeneral Special Element Problems - (139)

Technology-Specific Special ElementsTechnology-Specific Special Elements - (169)

Improper Null TerminationImproper Null Termination - (170)

Failure to Sanitize DelimitersFailure to Sanitize Delimiters - (140)

Failure to Sanitize Parameter/Argument DelimitersFailure to Sanitize Parameter/Argument Delimiters - (141)

Failure to Sanitize Value DelimitersFailure to Sanitize Value Delimiters - (142)

Failure to Sanitize Record DelimitersFailure to Sanitize Record Delimiters - (143)

Failure to Sanitize Line DelimitersFailure to Sanitize Line Delimiters - (144)

Failure to Sanitize Section DelimitersFailure to Sanitize Section Delimiters - (145)

Failure to Sanitize Expression/Command DelimitersFailure to Sanitize Expression/Command Delimiters - (146)

Failure to Sanitize Input TerminatorsFailure to Sanitize Input Terminators - (147)

Failure to Sanitize Input LeadersFailure to Sanitize Input Leaders - (148)

Failure to Sanitize Quoting SyntaxFailure to Sanitize Quoting Syntax - (149)

Failure to Sanitize Escape, Meta, or Control SequencesFailure to Sanitize Escape, Meta, or Control Sequences - (150)

Failure to Sanitize Comment ElementFailure to Sanitize Comment Element - (151)

Failure to Sanitize Macro SymbolFailure to Sanitize Macro Symbol - (152)

Failure to Sanitize Substitution CharacterFailure to Sanitize Substitution Character - (153)

Failure to Sanitize Variable Name DelimiterFailure to Sanitize Variable Name Delimiter - (154)

Failure to Sanitize Wildcard or Matching SymbolFailure to Sanitize Wildcard or Matching Symbol - (155)

Failure to Sanitize WhitespaceFailure to Sanitize Whitespace - (156)

Failure to Sanitize Paired DelimitersFailure to Sanitize Paired Delimiters - (157)

Failure to Sanitize Null Byte or NUL CharacterFailure to Sanitize Null Byte or NUL Character - (158)

Failure to Sanitize Special ElementFailure to Sanitize Special Element - (159)

Failure to Sanitize Leading Special ElementFailure to Sanitize Leading Special Element - (160)

Failure to Sanitize Multiple Leading Special ElementsFailure to Sanitize Multiple Leading Special Elements - (161)

Failure to Sanitize Trailing Special ElementFailure to Sanitize Trailing Special Element - (162)

Failure to Sanitize Multiple Trailing Special ElementsFailure to Sanitize Multiple Trailing Special Elements - (163)

Failure to Sanitize Internal Special ElementFailure to Sanitize Internal Special Element - (164)

Failure to Sanitize Multiple Internal Special ElementsFailure to Sanitize Multiple Internal Special Elements - (165)

Failure to Handle Missing Special ElementFailure to Handle Missing Special Element - (166)

Failure to Handle Additional Special ElementFailure to Handle Additional Special Element - (167)

Failure to Resolve Inconsistent Special ElementsFailure to Resolve Inconsistent Special Elements - (168)

Addition of Data Structure SentinelAddition of Data Structure Sentinel - (464)

Reliance on Data/Memory LayoutReliance on Data/Memory Layout - (188)

Use of Incorrect Byte OrderingUse of Incorrect Byte Ordering - (198)

Structure and Validity ProblemsStructure and Validity Problems - (228)

Improper Handling of ValuesImproper Handling of Values - (229)

Failure to Handle Missing ValueFailure to Handle Missing Value - (230)

Failure to Handle Extra ValueFailure to Handle Extra Value - (231)

Failure to Handle Undefined ValueFailure to Handle Undefined Value - (232)

Parameter ProblemsParameter Problems - (233)

Failure to Handle Missing ParameterFailure to Handle Missing Parameter - (234)

Failure to Handle Extra ParameterFailure to Handle Extra Parameter - (235)

Failure to Handle Undefined ParameterFailure to Handle Undefined Parameter - (236)

Element ProblemsElement Problems - (237)

Failure to Handle Missing ElementFailure to Handle Missing Element - (238)

Failure to Handle Incomplete ElementFailure to Handle Incomplete Element - (239)

Failure to Resolve Inconsistent ElementsFailure to Resolve Inconsistent Elements - (240)

Failure to Handle Wrong Data TypeFailure to Handle Wrong Data Type - (241)

Numeric ErrorsNumeric Errors - (189)

Integer Coercion ErrorInteger Coercion Error - (192)

Integer Overflow (Wrap or Wraparound)Integer Overflow (Wrap or Wraparound) - (190)

Divide By ZeroDivide By Zero - (369)

Incorrect Conversion between Numeric TypesIncorrect Conversion between Numeric Types - (681)

Signed to Unsigned Conversion ErrorSigned to Unsigned Conversion Error - (195)

Unsigned to Signed Conversion ErrorUnsigned to Signed Conversion Error - (196)

Numeric Truncation ErrorNumeric Truncation Error - (197)

Incorrect CalculationIncorrect Calculation - (682)

Information Management ErrorsInformation Management Errors - (199)

Information Leak (Information Disclosure)Information Leak (Information Disclosure) - (200)

Information Leak Through Sent DataInformation Leak Through Sent Data - (201)

Privacy Leak through Data QueriesPrivacy Leak through Data Queries - (202)

Discrepancy Information LeaksDiscrepancy Information Leaks - (203)

Response Discrepancy Information LeakResponse Discrepancy Information Leak - (204)

Behavioral Discrepancy Information LeakBehavioral Discrepancy Information Leak - (205)

Internal Behavioral Inconsistency Information LeakInternal Behavioral Inconsistency Information Leak - (206)

External Behavioral Inconsistency Information LeakExternal Behavioral Inconsistency Information Leak - (207)

Timing Discrepancy Information LeakTiming Discrepancy Information Leak - (208)

Error Message Information LeaksError Message Information Leaks - (209)

Cross-boundary Cleansing Information LeakCross-boundary Cleansing Information Leak - (212)

Intended Information LeakIntended Information Leak - (213)

Process Environment Information LeakProcess Environment Information Leak - (214)

Information Leak Through Debug InformationInformation Leak Through Debug Information - (215)

Sensitive Information Uncleared Before ReleaseSensitive Information Uncleared Before Release - (226)

Information Leak of System DataInformation Leak of System Data - (497)

Information Leak Through CachingInformation Leak Through Caching - (524)

Information Leak Through Browser CachingInformation Leak Through Browser Caching - (525)

Information Leak Through Environmental VariablesInformation Leak Through Environmental Variables - (526)

File and Directory Information LeaksFile and Directory Information Leaks - (538)

Information Leak Through CVS RepositoryInformation Leak Through CVS Repository - (527)

Information Leak Through Core Dump FilesInformation Leak Through Core Dump Files - (528)

Information Leak Through Access Control List FilesInformation Leak Through Access Control List Files - (529)

Information Leak Through Backup (.~bk) FilesInformation Leak Through Backup (.~bk) Files - (530)

Information Leak Through Log FilesInformation Leak Through Log Files - (532)

Information Leak Through Server Log FilesInformation Leak Through Server Log Files - (533)

Information Leak Through Debug Log FilesInformation Leak Through Debug Log Files - (534)

Information Leak Through Cleanup Log FilesInformation Leak Through Cleanup Log Files - (542)

Information Leak Through Persistent CookiesInformation Leak Through Persistent Cookies - (539)

Information Leak Through Source CodeInformation Leak Through Source Code - (540)

Information Leak Through Test CodeInformation Leak Through Test Code - (531)

Information Leak Through Include Source CodeInformation Leak Through Include Source Code - (541)

Information Leak Through CommentsInformation Leak Through Comments - (615)

Information Leak Through Directory ListingInformation Leak Through Directory Listing - (548)

Information Leak through WSDL FileInformation Leak through WSDL File - (651)

Information Leak Through Query Strings in GET RequestInformation Leak Through Query Strings in GET Request - (598)

Containment Errors (Container Errors)Containment Errors (Container Errors) - (216)

Failure to Protect Stored Data from ModificationFailure to Protect Stored Data from Modification - (217)

Failure to Provide Confidentiality for Stored DataFailure to Provide Confidentiality for Stored Data - (218)

Sensitive Data Under Web RootSensitive Data Under Web Root - (219)

Sensitive Data Under FTP RootSensitive Data Under FTP Root - (220)

Information Loss or OmissionInformation Loss or Omission - (221)

Truncation of Security-relevant InformationTruncation of Security-relevant Information - (222)

Omission of Security-relevant InformationOmission of Security-relevant Information - (223)

Obscured Security-relevant Information by Alternate NameObscured Security-relevant Information by Alternate Name - (224)

UI Misrepresentation of Critical InformationUI Misrepresentation of Critical Information - (451)

Incorrect Output SanitizationIncorrect Output Sanitization - (116)

Incorrect Output Sanitization for LogsIncorrect Output Sanitization for Logs - (117)

Insufficient Filtering of HTTP Headers for Scripting SyntaxInsufficient Filtering of HTTP Headers for Scripting Syntax - (644)

Range ErrorsRange Errors - (118)

Failure to Constrain Operations within the Bounds of an Allocated Memory BufferFailure to Constrain Operations within the Bounds of an Allocated Memory Buffer - (119)

String ErrorsString Errors - (133)

Often Misused: String ManagementOften Misused: String Management - (251)

Write-what-where ConditionWrite-what-where Condition - (123)

Boundary Beginning Violation ('Buffer Underwrite')Boundary Beginning Violation ('Buffer Underwrite') - (124)

Out-of-bounds ReadOut-of-bounds Read - (125)

Buffer Over-readBuffer Over-read - (126)

Buffer Under-readBuffer Under-read - (127)

Wrap-around ErrorWrap-around Error - (128)

Unchecked Array IndexingUnchecked Array Indexing - (129)

Incorrect Calculation of Buffer SizeIncorrect Calculation of Buffer Size - (131)

Miscalculated Null TerminationMiscalculated Null Termination - (132)

Return of Pointer Value Outside of Expected RangeReturn of Pointer Value Outside of Expected Range - (466)

Unbounded Transfer ('Classic Buffer Overflow')Unbounded Transfer ('Classic Buffer Overflow') - (120)

Stack-based Buffer OverflowStack-based Buffer Overflow - (121)

Heap-based Buffer OverflowHeap-based Buffer Overflow - (122)

Often Misused: Path ManipulationOften Misused: Path Manipulation - (249)

Length Parameter InconsistencyLength Parameter Inconsistency - (130)

Security FeaturesSecurity Features - (254)

Credentials ManagementCredentials Management - (255)

Weak Password Recovery MechanismWeak Password Recovery Mechanism - (640)

Permissions, Privileges, and Access ControlsPermissions, Privileges, and Access Controls - (264)

Privilege / Sandbox IssuesPrivilege / Sandbox Issues - (265)

Incorrect Privilege AssignmentIncorrect Privilege Assignment - (266)

Privilege Defined With Unsafe ActionsPrivilege Defined With Unsafe Actions - (267)

Exposed Unsafe ActiveX MethodExposed Unsafe ActiveX Method - (618)

Unsafe ActiveX Control Marked Safe For ScriptingUnsafe ActiveX Control Marked Safe For Scripting - (623)

Privilege ChainingPrivilege Chaining - (268)

Privilege Management ErrorPrivilege Management Error - (269)

Privilege Context Switching ErrorPrivilege Context Switching Error - (270)

Privilege Dropping / Lowering ErrorsPrivilege Dropping / Lowering Errors - (271)

Least Privilege ViolationLeast Privilege Violation - (272)

Failure to Check Whether Privileges Were Dropped SuccessfullyFailure to Check Whether Privileges Were Dropped Successfully - (273)

Failure to Handle Insufficient PrivilegesFailure to Handle Insufficient Privileges - (274)

Externally Controlled Reference to a Resource in Another SphereExternally Controlled Reference to a Resource in Another Sphere - (610)