CWE - VIEW GRAPH: CWE-700: Seven Pernicious Kingdoms (1.6)

Home > CWE List > VIEW GRAPH: CWE-700: Seven Pernicious Kingdoms (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-700: Seven Pernicious Kingdoms

Seven Pernicious Kingdoms

Definition in a New Window

View ID: 700 (View: Graph)

Status: Incomplete

View Data

View Objective

This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.

View Metrics

	CWEs in this view		Total CWEs
Total	96	out of	791
Views	0	out of	22
Categories	7	out of	106
Weaknesses	87	out of	651
Compound_Elements	2	out of	12

View Audience

Stakeholder	Description
Developers	This view is useful for developers because it is organized around concepts with which developers are familiar, and it focuses on weaknesses that can be detected using source code analysis tools.

Alternate Terms

7PK:	"7PK" is frequently used by the MITRE team as an abbreviation.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	2	Environment	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	20	Improper Input Validation	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	227	Failure to Fulfill API Contract ('API Abuse')	Seven Pernicious Kingdoms (primary)700
HasMember	Category	254	Security Features	Seven Pernicious Kingdoms (primary)700
HasMember	Category	361	Time and State	Seven Pernicious Kingdoms (primary)700
HasMember	Category	388	Error Handling	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	398	Indicator of Poor Code Quality	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	485	Insufficient Encapsulation	Seven Pernicious Kingdoms (primary)700

Expand All | Collapse All

700 - Seven Pernicious Kingdoms

CategoryEnvironment - (2)Environment - (2)

Weakness VariantASP.NET Misconfiguration: Creating Debug Binary - (11)ASP.NET Misconfiguration: Creating Debug Binary - (11)

Weakness VariantASP.NET Misconfiguration: Missing Custom Error Page - (12)ASP.NET Misconfiguration: Missing Custom Error Page - (12)

Weakness VariantASP.NET Misconfiguration: Password in Configuration File - (13)ASP.NET Misconfiguration: Password in Configuration File - (13)

Weakness BaseCompiler Removal of Code to Clear Buffers - (14)Compiler Removal of Code to Clear Buffers - (14)

Weakness VariantJ2EE Misconfiguration: Data Transmission Without Encryption - (5)J2EE Misconfiguration: Data Transmission Without Encryption - (5)

Weakness VariantJ2EE Misconfiguration: Entity Bean Declared Remote - (8)J2EE Misconfiguration: Entity Bean Declared Remote - (8)

Weakness VariantJ2EE Misconfiguration: Insufficient Session-ID Length - (6)J2EE Misconfiguration: Insufficient Session-ID Length - (6)

Weakness VariantJ2EE Misconfiguration: Missing Custom Error Page - (7)J2EE Misconfiguration: Missing Custom Error Page - (7)

Weakness VariantJ2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)

CategoryError Handling - (388)Error Handling - (388)

Weakness BaseDeclaration of Catch for Generic Exception - (396)Declaration of Catch for Generic Exception - (396)

Weakness BaseDeclaration of Throws for Generic Exception - (397)Declaration of Throws for Generic Exception - (397)

Weakness BaseUnchecked Error Condition - (391)Unchecked Error Condition - (391)

Weakness BaseUse of NullPointerException Catch to Detect NULL Pointer Dereference - (395)Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)

Weakness ClassFailure to Fulfill API Contract ('API Abuse') - (227)Failure to Fulfill API Contract ('API Abuse') - (227)

Weakness ClassExecution with Unnecessary Privileges - (250)Execution with Unnecessary Privileges - (250)

Weakness VariantFailure to Change Working Directory in chroot Jail - (243)Failure to Change Working Directory in chroot Jail - (243)

Weakness VariantFailure to Clear Heap Memory Before Release ('Heap Inspection') - (244)Failure to Clear Heap Memory Before Release ('Heap Inspection') - (244)

Weakness VariantJ2EE Bad Practices: Direct Management of Connections - (245)J2EE Bad Practices: Direct Management of Connections - (245)

Weakness VariantJ2EE Bad Practices: Direct Use of Sockets - (246)J2EE Bad Practices: Direct Use of Sockets - (246)

CategoryOften Misused: String Management - (251)Often Misused: String Management - (251)

Weakness BaseUncaught Exception - (248)Uncaught Exception - (248)

Weakness BaseUnchecked Return Value - (252)Unchecked Return Value - (252)

Weakness BaseUse of Inherently Dangerous Function - (242)Use of Inherently Dangerous Function - (242)

Weakness VariantUse of getlogin() in Multithreaded Application - (558)Use of getlogin() in Multithreaded Application - (558)

Weakness ClassImproper Input Validation - (20)Improper Input Validation - (20)

Compound Element: CompositeBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness ClassFailure to Fulfill API Contract ('API Abuse') - (227)Failure to Fulfill API Contract ('API Abuse') - (227)

Weakness BaseUse of Inherently Dangerous Function - (242)Use of Inherently Dangerous Function - (242)

Weakness BaseDirect Use of Unsafe JNI - (111)Direct Use of Unsafe JNI - (111)

Weakness ClassExternal Control of File Name or Path - (73)External Control of File Name or Path - (73)

Weakness BaseExternal Control of System or Configuration Setting - (15)External Control of System or Configuration Setting - (15)

Weakness ClassFailure to Constrain Operations within the Bounds of a Memory Buffer - (119)Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness BaseFailure to Preserve Web Page Structure ('Cross-site Scripting') - (79)Failure to Preserve Web Page Structure ('Cross-site Scripting') - (79)

Weakness BaseFailure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)

Weakness BaseImproper Control of Resource Identifiers ('Resource Injection') - (99)Improper Control of Resource Identifiers ('Resource Injection') - (99)

Weakness BaseImproper Null Termination - (170)Improper Null Termination - (170)

Weakness BaseImproper Output Sanitization for Logs - (117)Improper Output Sanitization for Logs - (117)

Weakness ClassImproper Sanitization of Special Elements used in a Command ('Command Injection') - (77)Improper Sanitization of Special Elements used in a Command ('Command Injection') - (77)

Weakness BaseImproper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness BaseInteger Overflow or Wraparound - (190)Integer Overflow or Wraparound - (190)

Weakness BaseMissing XML Validation - (112)Missing XML Validation - (112)

Weakness BaseProcess Control - (114)Process Control - (114)

Weakness BaseReturn of Pointer Value Outside of Expected Range - (466)Return of Pointer Value Outside of Expected Range - (466)

Weakness VariantStruts: Duplicate Validation Forms - (102)Struts: Duplicate Validation Forms - (102)

Weakness VariantStruts: Form Bean Does Not Extend Validation Class - (104)Struts: Form Bean Does Not Extend Validation Class - (104)

Weakness VariantStruts: Form Field Without Validator - (105)Struts: Form Field Without Validator - (105)

Weakness VariantStruts: Incomplete validate() Method Definition - (103)Struts: Incomplete validate() Method Definition - (103)

Weakness VariantStruts: Plug-in Framework not in Use - (106)Struts: Plug-in Framework not in Use - (106)

Weakness VariantStruts: Unused Validation Form - (107)Struts: Unused Validation Form - (107)

Weakness VariantStruts: Unvalidated Action Form - (108)Struts: Unvalidated Action Form - (108)

Weakness VariantStruts: Validator Turned Off - (109)Struts: Validator Turned Off - (109)

Weakness VariantStruts: Validator Without Form Field - (110)Struts: Validator Without Form Field - (110)

Weakness BaseUncontrolled Format String - (134)Uncontrolled Format String - (134)

Weakness BaseUse of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)

Weakness VariantUse of Path Manipulation Function without Maximum-sized Buffer - (785)Use of Path Manipulation Function without Maximum-sized Buffer - (785)

Weakness ClassIndicator of Poor Code Quality - (398)Indicator of Poor Code Quality - (398)

Weakness VariantDouble Free - (415)Double Free - (415)

Weakness BaseFailure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)Failure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness BaseImproper Resource Shutdown or Release - (404)Improper Resource Shutdown or Release - (404)

Weakness BaseNULL Pointer Dereference - (476)NULL Pointer Dereference - (476)

Weakness BaseUndefined Behavior for Input to API - (475)Undefined Behavior for Input to API - (475)

Weakness BaseUse After Free - (416)Use After Free - (416)

Weakness BaseUse of Function with Inconsistent Implementations - (474)Use of Function with Inconsistent Implementations - (474)

Weakness BaseUse of Obsolete Functions - (477)Use of Obsolete Functions - (477)

Weakness VariantUse of Uninitialized Variable - (457)Use of Uninitialized Variable - (457)

Weakness ClassInsufficient Encapsulation - (485)Insufficient Encapsulation - (485)

Weakness VariantComparison of Classes by Name - (486)Comparison of Classes by Name - (486)

Weakness VariantCritical Public Variable Without Final Modifier - (493)Critical Public Variable Without Final Modifier - (493)

Weakness VariantData Leak Between Sessions - (488)Data Leak Between Sessions - (488)

Weakness VariantInformation Leak of System Data - (497)Information Leak of System Data - (497)

Weakness BaseLeftover Debug Code - (489)Leftover Debug Code - (489)

CategoryMobile Code Issues - (490)Mobile Code Issues - (490)

Weakness VariantPrivate Array-Typed Field Returned From A Public Method - (495)Private Array-Typed Field Returned From A Public Method - (495)

Weakness VariantPublic Data Assigned to Private Array-Typed Field - (496)Public Data Assigned to Private Array-Typed Field - (496)

Weakness VariantPublic cloneable() Method Without Final ('Object Hijack') - (491)Public cloneable() Method Without Final ('Object Hijack') - (491)

Weakness BaseTrust Boundary Violation - (501)Trust Boundary Violation - (501)

Weakness VariantUse of Inner Class Containing Sensitive Data - (492)Use of Inner Class Containing Sensitive Data - (492)

CategorySecurity Features - (254)Security Features - (254)

Weakness VariantEmpty Password in Configuration File - (258)Empty Password in Configuration File - (258)

Weakness BaseHard-Coded Password - (259)Hard-Coded Password - (259)

Weakness ClassImproper Access Control (Authorization) - (285)Improper Access Control (Authorization) - (285)

Weakness BaseLeast Privilege Violation - (272)Least Privilege Violation - (272)

Weakness VariantPassword in Configuration File - (260)Password in Configuration File - (260)

Weakness VariantPlaintext Storage of a Password - (256)Plaintext Storage of a Password - (256)

Weakness ClassPrivacy Violation - (359)Privacy Violation - (359)

Weakness ClassUse of Insufficiently Random Values - (330)Use of Insufficiently Random Values - (330)

Weakness VariantWeak Cryptography for Passwords - (261)Weak Cryptography for Passwords - (261)

CategoryTime and State - (361)Time and State - (361)

Weakness BaseInsecure Temporary File - (377)Insecure Temporary File - (377)

Weakness VariantJ2EE Bad Practices: Direct Use of Threads - (383)J2EE Bad Practices: Direct Use of Threads - (383)

Weakness VariantJ2EE Bad Practices: Use of System.exit() - (382)J2EE Bad Practices: Use of System.exit() - (382)

Compound Element: CompositeSession Fixation - (384)Session Fixation - (384)

Weakness BaseExternal Control of Assumed-Immutable Web Parameter - (472)External Control of Assumed-Immutable Web Parameter - (472)

Weakness BaseOrigin Validation Error - (346)Origin Validation Error - (346)

Weakness BaseUnintended Proxy/Intermediary - (441)Unintended Proxy/Intermediary - (441)

Weakness BaseSignal Handler Race Condition - (364)Signal Handler Race Condition - (364)

CategoryTemporary File Issues - (376)Temporary File Issues - (376)

Weakness BaseTime-of-check Time-of-use (TOCTOU) Race Condition - (367)Time-of-check Time-of-use (TOCTOU) Race Condition - (367)

Weakness BaseUnrestricted Externally Accessible Lock - (412)Unrestricted Externally Accessible Lock - (412)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us