CWE - VIEW LIST: CWE-2000: Comprehensive CWE Dictionary (1.6)

Home > CWE List > VIEW LIST: CWE-2000: Comprehensive CWE Dictionary (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-2000: Comprehensive CWE Dictionary

Comprehensive CWE Dictionary

Definition in a New Window

View ID: 2000 (View: Implicit Slice)

Status: Draft

View Data

View Objective

This view (slice) covers all the elements in CWE.

View Filter: true()

View Metrics

	CWEs in this view		Total CWEs
Total	791	out of	791
Views	22	out of	22
Categories	106	out of	106
Weaknesses	651	out of	651
Compound_Elements	12	out of	12

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated View Structure

Weakness Base Absolute Path Traversal - (36)

Weakness Base Acceptance of Extraneous Untrusted Data With Trusted Data - (349)

Weakness Class Access Control (Authorization) Issues - (284)

Weakness Base Access Control Bypass Through User-Controlled Key - (639)

Weakness Variant Access Control Bypass Through User-Controlled SQL Primary Key - (566)

Weakness Base Access of Memory Location After End of Buffer - (788)

Weakness Base Access of Memory Location Before Start of Buffer - (786)

Weakness Variant Access to Critical Private Variable via Public Method - (767)

Weakness Base Addition of Data Structure Sentinel - (464)

Weakness Base Algorithmic Complexity - (407)

Weakness Variant Allocation of File Descriptors or Handles Without Limits or Throttling - (774)

Weakness Base Allocation of Resources Without Limits or Throttling - (770)

Weakness Class Always-Incorrect Control Flow Implementation - (670)

Weakness Variant Apple '.DS_Store' - (71)

Weakness Base Argument Injection or Modification - (88)

Weakness Variant Array Declared Public, Final, and Static - (582)

Category ASP.NET Environment Issues - (10)

Weakness Variant ASP.NET Misconfiguration: Creating Debug Binary - (11)

Weakness Variant ASP.NET Misconfiguration: Missing Custom Error Page - (12)

Weakness Variant ASP.NET Misconfiguration: Not Using Input Validation Framework - (554)

Weakness Variant ASP.NET Misconfiguration: Password in Configuration File - (13)

Weakness Variant ASP.NET Misconfiguration: Use of Identity Impersonation - (556)

Weakness Variant Assigning instead of Comparing - (481)

Weakness Base Assignment of a Fixed Address to a Pointer - (587)

Weakness Class Asymmetric Resource Consumption (Amplification) - (405)

Weakness Variant Attempt to Access Child of a Non-structure Pointer - (588)

Weakness Variant Authentication Bypass by Alternate Name - (289)

Weakness Variant Authentication Bypass by Assumed-Immutable Data - (302)

Weakness Base Authentication Bypass by Capture-replay - (294)

Weakness Base Authentication Bypass by Primary Weakness - (305)

Weakness Base Authentication Bypass by Spoofing - (290)

Weakness Class Authentication Bypass Issues - (592)

Weakness Base Authentication Bypass Using an Alternate Path or Channel - (288)

Weakness Variant Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created - (593)

Weakness Base Behavioral Change in New Version or Environment - (439)

Weakness Base Behavioral Discrepancy Information Leak - (205)

Category Behavioral Problems - (438)

Compound Element: Composite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Variant Buffer Over-read - (126)

Weakness Variant Buffer Under-read - (127)

Weakness Base Buffer Underwrite ('Buffer Underflow') - (124)

Category Byte/Object Code - (503)

Weakness Variant Call to Non-ubiquitous API - (589)

Weakness Variant Call to Thread run() instead of start() - (572)

Category CERT C Secure Coding Section 01 - Preprocessor (PRE) - (735)

Category CERT C Secure Coding Section 02 - Declarations and Initialization (DCL) - (736)

Category CERT C Secure Coding Section 03 - Expressions (EXP) - (737)

Category CERT C Secure Coding Section 04 - Integers (INT) - (738)

Category CERT C Secure Coding Section 05 - Floating Point (FLP) - (739)

Category CERT C Secure Coding Section 06 - Arrays (ARR) - (740)

Category CERT C Secure Coding Section 07 - Characters and Strings (STR) - (741)

Category CERT C Secure Coding Section 08 - Memory Management (MEM) - (742)

Category CERT C Secure Coding Section 09 - Input Output (FIO) - (743)

Category CERT C Secure Coding Section 10 - Environment (ENV) - (744)

Category CERT C Secure Coding Section 11 - Signals (SIG) - (745)

Category CERT C Secure Coding Section 12 - Error Handling (ERR) - (746)

Category CERT C Secure Coding Section 49 - Miscellaneous (MSC) - (747)

Category CERT C Secure Coding Section 50 - POSIX (POS) - (748)

Category Certificate Issues - (295)

View Chain Elements - (679)

Weakness Class Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - (300)

Category Channel and Path Errors - (417)

Category Channel Errors - (418)

Category Cleansing, Canonicalization, and Comparison Errors - (171)

Weakness Base Cleartext Storage of Sensitive Information - (312)

Weakness Base Cleartext Transmission of Sensitive Information - (319)

Weakness Base Client-Side Enforcement of Server-Side Security - (602)

Weakness Variant clone() Method Without super.clone() - (580)

Category Code - (17)

Weakness Class Coding Standards Violation - (710)

Weakness Base Collapse of Data Into Unsafe Value - (182)

Weakness Variant Command Shell in Externally Accessible Directory - (553)

Weakness Variant Comparing instead of Assigning - (482)

Weakness Variant Comparison of Classes by Name - (486)

Weakness Base Comparison of Object References Instead of Object Contents - (595)

Weakness Base Compiler Optimization Removal or Modification of Security-critical Code - (733)

Weakness Base Compiler Removal of Code to Clear Buffers - (14)

View Composites - (678)

View Comprehensive CWE Dictionary - (2000)

Category Concurrency Issues - (557)

Category Configuration - (16)

Weakness Class Containment Errors (Container Errors) - (216)

Weakness Base Context Switching Race Condition - (368)

Weakness Class Covert Channel - (514)

Weakness Base Covert Storage Channel - (515)

Weakness Base Covert Timing Channel - (385)

Weakness Base Creation of Temporary File in Directory with Incorrect Permissions - (379)

Weakness Base Creation of Temporary File With Insecure Permissions - (378)

Category Credentials Management - (255)

Weakness Variant Critical Public Variable Without Final Modifier - (493)

Weakness Variant Critical Variable Declared Public - (766)

Weakness Base Cross-boundary Cleansing Information Leak - (212)

Compound Element: Composite Cross-Site Request Forgery (CSRF) - (352)

Category Cryptographic Issues - (310)

Weakness Base Dangerous Handler not Disabled During Sensitive Operations - (432)

Weakness Base Dangling Database Cursor ('Cursor Injection') - (619)

Category Data Handling - (19)

Weakness Variant Data Leak Between Sessions - (488)

Category Data Structure Issues - (461)

Weakness Variant Dead Code - (561)

Weakness Base Declaration of Catch for Generic Exception - (396)

Weakness Base Declaration of Throws for Generic Exception - (397)

Weakness Base Deletion of Data Structure Sentinel - (463)

Weakness Base Deployment of Wrong Handler - (430)

Deprecated DEPRECATED (Duplicate): Covert Timing Channel - (516)

Deprecated DEPRECATED (Duplicate): Failure to provide confidentiality for stored data - (218)

Deprecated DEPRECATED (Duplicate): General Information Management Problems - (225)

Deprecated DEPRECATED (Duplicate): HTTP response splitting - (443)

Deprecated DEPRECATED (Duplicate): Miscalculated Null Termination - (132)

Deprecated DEPRECATED (Duplicate): Proxied Trusted Channel - (423)

View Deprecated Entries - (604)

Deprecated DEPRECATED: Failure to Protect Stored Data from Modification - (217)

Deprecated DEPRECATED: General Special Element Problems - (139)

Deprecated DEPRECATED: Improper Sanitization of Custom Special Characters - (92)

Deprecated DEPRECATED: Incorrect Initialization - (458)

Deprecated DEPRECATED: Often Misused: Path Manipulation - (249)

Weakness Variant Deserialization of Untrusted Data - (502)

Weakness Class Detection of Error Condition Without Action - (390)

View Development Concepts - (699)

Weakness Base Direct Request ('Forced Browsing') - (425)

Weakness Base Direct Use of Unsafe JNI - (111)

Weakness Class Discrepancy Information Leaks - (203)

Weakness Base Divide By Zero - (369)

Weakness Variant Double Decoding of the Same Data - (174)

Weakness Variant Double Free - (415)

Weakness Base Double-Checked Locking - (609)

Weakness Variant Doubled Character XSS Manipulations - (85)

Weakness Base Download of Code Without Integrity Check - (494)

Weakness Base Duplicate Key in Associative List (Alist) - (462)

Weakness Class Duplicate Operations on Resource - (675)

Weakness Base Dynamic Variable Evaluation - (627)

Weakness Variant EJB Bad Practices: Use of AWT Swing - (575)

Weakness Variant EJB Bad Practices: Use of Class Loader - (578)

Weakness Variant EJB Bad Practices: Use of Java I/O - (576)

Weakness Variant EJB Bad Practices: Use of Sockets - (577)

Weakness Variant EJB Bad Practices: Use of Synchronization Primitives - (574)

Weakness Class Embedded Malicious Code - (506)

Weakness Variant Empty Password in Configuration File - (258)

Weakness Variant Empty Synchronized Block - (585)

Weakness Class Encoding Error - (172)

Category Environment - (2)

Category Error Conditions, Return Values, Status Codes - (389)

Category Error Handling - (388)

Weakness Base Error Message Information Leak - (209)

Weakness Base Executable Regular Expression Error - (624)

Weakness Class Execution with Unnecessary Privileges - (250)

Weakness Base Expected Behavior Violation - (440)

Weakness Variant Explicit Call to Finalize() - (586)

Weakness Base Exposed Dangerous Method or Function - (749)

Weakness Variant Exposed IOCTL with Insufficient Access Control - (782)

Weakness Base Exposed Unsafe ActiveX Method - (618)

Weakness Class Exposure of Resource to Wrong Sphere - (668)

Weakness Variant Expression is Always False - (570)

Weakness Variant Expression is Always True - (571)

Category Expression Issues - (569)

Weakness Variant External Behavioral Inconsistency Information Leak - (207)

Weakness Base External Control of Assumed-Immutable Web Parameter - (472)

Weakness Class External Control of Critical State Data - (642)

Weakness Class External Control of File Name or Path - (73)

Weakness Base External Control of System or Configuration Setting - (15)

Weakness Class External Influence of Sphere Definition - (673)

Weakness Base External Initialization of Trusted Variables - (454)

Weakness Class Externally Controlled Reference to a Resource in Another Sphere - (610)

Weakness Base Failure to Add Integrity Check Value - (353)

Weakness Base Failure to Catch All Exceptions in Servlet - (600)

Weakness Variant Failure to Change Working Directory in chroot Jail - (243)

Weakness Variant Failure to Clear Heap Memory Before Release ('Heap Inspection') - (244)

Weakness Class Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness Class Failure to Control Generation of Code ('Code Injection') - (94)

Weakness Base Failure to Encrypt Sensitive Data - (311)

Weakness Class Failure to Follow Specification - (573)

Weakness Class Failure to Fulfill API Contract ('API Abuse') - (227)

Weakness Variant Failure to Handle Alternate Encoding - (173)

Weakness Class Failure to Handle Exceptional Conditions - (703)

Weakness Base Failure to Handle Incomplete Element - (239)

Weakness Base Failure to Handle Missing Parameter - (234)

Weakness Variant Failure to Handle Mixed Encoding - (175)

Weakness Variant Failure to Handle Unicode Encoding - (176)

Weakness Variant Failure to Handle URL Encoding (Hex Encoding) - (177)

Weakness Variant Failure to Handle Windows ::DATA Alternate Data Stream - (69)

Weakness Base Failure to Preserve Web Page Structure ('Cross-site Scripting') - (79)

Weakness Class Failure to Protect Alternate Path - (424)

Weakness Base Failure to Provide Specified Functionality - (684)

Weakness Base Failure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness Base Failure to Report Error in Status Code - (392)

Weakness Base Failure to Resolve Case Sensitivity - (178)

Weakness Variant Failure to Resolve Encoded URI Schemes in a Web Page - (84)

Weakness Base Failure to Resolve Equivalent Special Elements into a Different Plane - (76)

Weakness Base Failure to Resolve Inconsistent Special Elements - (168)

Weakness Base Failure to Restrict Excessive Authentication Attempts - (307)

Weakness Variant Failure to Sanitize Alternate XSS Syntax - (87)

Weakness Base Failure to Sanitize CRLF Sequences ('CRLF Injection') - (93)

Weakness Base Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)

Weakness Class Failure to Sanitize Data into a Different Plane ('Injection') - (74)

Weakness Base Failure to Sanitize Data into LDAP Queries ('LDAP Injection') - (90)

Weakness Base Failure to Sanitize Data within XPath Expressions ('XPath injection') - (643)

Weakness Base Failure to Sanitize Data within XQuery Expressions ('XQuery Injection') - (652)

Weakness Base Failure to Sanitize Delimiters - (140)

Weakness Variant Failure to Sanitize Escape, Meta, or Control Sequences - (150)

Weakness Variant Failure to Sanitize Expression/Command Delimiters - (146)

Weakness Variant Failure to Sanitize Input Leaders - (148)

Weakness Variant Failure to Sanitize Invalid Characters in Identifiers in Web Pages - (86)

Weakness Variant Failure to Sanitize Line Delimiters - (144)

Weakness Variant Failure to Sanitize Null Byte or NUL Character - (158)

Weakness Variant Failure to Sanitize Paired Delimiters - (157)

Weakness Variant Failure to Sanitize Parameter/Argument Delimiters - (141)

Weakness Variant Failure to Sanitize Quoting Syntax - (149)

Weakness Variant Failure to Sanitize Record Delimiters - (143)

Weakness Variant Failure to Sanitize Script in Attributes in a Web Page - (83)

Weakness Variant Failure to Sanitize Section Delimiters - (145)

Weakness Base Failure to Sanitize Server-Side Includes (SSI) Within a Web Page - (97)

Weakness Class Failure to Sanitize Special Element - (159)

Weakness Class Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - (75)

Weakness Variant Failure to Sanitize Value Delimiters - (142)

Weakness Base Failure to Use a Standardized Error Handling Mechanism - (544)

Weakness Class Failure to Use Complete Mediation - (638)

Weakness Class Failure to Use Economy of Mechanism - (637)

Weakness Base File and Directory Information Leaks - (538)

Category File Descriptor Exhaustion - (769)

Weakness Base Files or Directories Accessible to External Parties - (552)

Weakness Variant finalize() Method Declared Public - (583)

Weakness Variant finalize() Method Without super.finalize() - (568)

Weakness Variant Free of Memory not on the Heap - (590)

Weakness Variant Free of Pointer not at Start of Buffer - (761)

Weakness Variant Function Call With Incorrect Argument Type - (686)

Weakness Variant Function Call With Incorrect Number of Arguments - (685)

Weakness Variant Function Call With Incorrect Order of Arguments - (683)

Weakness Variant Function Call With Incorrect Variable or Reference as Argument - (688)

Weakness Variant Function Call With Incorrectly Specified Argument Value - (687)

Weakness Base Function Call with Incorrectly Specified Arguments - (628)

Category Handler Errors - (429)

Weakness Base Hard-Coded Password - (259)

Weakness Variant Heap-based Buffer Overflow - (122)

Weakness Class Improper Access Control (Authorization) - (285)

Weakness Class Improper Access of Indexable Resource ('Range Error') - (118)

Weakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)

Weakness Class Improper Authentication - (287)

Weakness Base Improper Check for Certificate Revocation - (299)

Weakness Base Improper Check for Dropped Privileges - (273)

Weakness Class Improper Check for Exceptional Conditions - (754)

Weakness Variant Improper Cleanup on Thrown Exception - (460)

Weakness Class Improper Control of a Resource Through its Lifetime - (664)

Compound Element: Composite Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') - (98)

Weakness Base Improper Control of Resource Identifiers ('Resource Injection') - (99)

Weakness Class Improper Encoding or Escaping of Output - (116)

Weakness Class Improper Enforcement of Message or Data Structure - (707)

Weakness Base Improper Following of Chain of Trust for Certificate Validation - (296)

Weakness Base Improper Handling of Additional Special Element - (167)

Weakness Variant Improper Handling of Apple HFS+ Alternate Data Stream Path - (72)

Weakness Class Improper Handling of Exceptional Conditions - (755)

Weakness Base Improper Handling of Extra Parameters - (235)

Weakness Base Improper Handling of Extra Values - (231)

Weakness Base Improper Handling of File Names that Identify Virtual Resources - (66)

Weakness Base Improper Handling of Highly Compressed Data (Data Amplification) - (409)

Weakness Base Improper Handling of Incomplete Structural Elements - (238)

Weakness Base Improper Handling of Inconsistent Structural Elements - (240)

Weakness Variant Improper Handling of Insufficient Entropy in TRNG - (333)

Weakness Base Improper Handling of Insufficient Permissions or Privileges - (280)

Weakness Base Improper Handling of Insufficient Privileges - (274)

Weakness Base Improper Handling of Length Parameter Inconsistency - (130)

Weakness Base Improper Handling of Missing Special Element - (166)

Weakness Base Improper Handling of Missing Values - (230)

Weakness Class Improper Handling of Structural Elements - (237)

Weakness Class Improper Handling of Syntactically Invalid Structure - (228)

Weakness Base Improper Handling of Undefined Parameters - (236)

Weakness Base Improper Handling of Undefined Values - (232)

Weakness Base Improper Handling of Unexpected Data Type - (241)

Weakness Class Improper Handling of Values - (229)

Weakness Variant Improper Handling of Windows Device Names - (67)

Weakness Base Improper Initialization - (665)

Weakness Class Improper Input Validation - (20)

Weakness Base Improper Link Resolution Before File Access ('Link Following') - (59)

Weakness Base Improper Null Termination - (170)

Weakness Base Improper Output Sanitization for Logs - (117)

Weakness Class Improper Ownership Management - (282)

Weakness Base Improper Preservation of Permissions - (281)

Weakness Base Improper Privilege Management - (269)

Weakness Base Improper Resolution of Path Equivalence - (41)

Weakness Base Improper Resource Shutdown or Release - (404)

Weakness Variant Improper Sanitization of Comment Delimiters - (151)

Weakness Base Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)

Weakness Base Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection') - (96)

Weakness Variant Improper Sanitization of HTTP Headers for Scripting Syntax - (644)

Weakness Variant Improper Sanitization of Input Terminators - (147)

Weakness Variant Improper Sanitization of Internal Special Elements - (164)

Weakness Variant Improper Sanitization of Leading Special Elements - (160)

Weakness Variant Improper Sanitization of Macro Symbols - (152)

Weakness Variant Improper Sanitization of Multiple Internal Special Elements - (165)

Weakness Variant Improper Sanitization of Multiple Leading Special Elements - (161)

Weakness Variant Improper Sanitization of Multiple Trailing Special Elements - (163)

Weakness Variant Improper Sanitization of Script in an Error Message Web Page - (81)

Weakness Variant Improper Sanitization of Script in Attributes of IMG Tags in a Web Page - (82)

Weakness Variant Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS) - (80)

Weakness Class Improper Sanitization of Special Elements - (138)

Weakness Class Improper Sanitization of Special Elements used in a Command ('Command Injection') - (77)

Weakness Base Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness Base Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness Variant Improper Sanitization of Substitution Characters - (153)

Weakness Variant Improper Sanitization of Trailing Special Elements - (162)

Weakness Variant Improper Sanitization of Variable Name Delimiters - (154)

Weakness Variant Improper Sanitization of Whitespace - (156)

Weakness Variant Improper Sanitization of Wildcards or Matching Symbols - (155)

Weakness Base Improper Validation of Array Index - (129)

Weakness Base Improper Validation of Certificate Expiration - (298)

Weakness Base Improper Validation of Host-specific Certificate Data - (297)

Weakness Base Improper Validation of Integrity Check Value - (354)

Weakness Base Improper Verification of Cryptographic Signature - (347)

Weakness Base Improperly Implemented Security Check for Standard - (358)

Weakness Base Improperly Trusted Reverse DNS - (350)

Weakness Class Inadequate Encryption Strength - (326)

Category Inadvertently Introduced Weakness - (518)

Weakness Base Incomplete Blacklist - (184)

Compound Element: Chain Incomplete Blacklist to Cross-Site Scripting - (692)

Weakness Base Incomplete Cleanup - (459)

Weakness Variant Incomplete Identification of Uploaded File Variables (PHP) - (616)

Weakness Base Incomplete Internal State Distinction - (372)

Weakness Base Incomplete Model of Endpoint Features - (437)

Weakness Base Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)

Weakness Class Incorrect Behavior Order - (696)

Weakness Base Incorrect Behavior Order: Authorization Before Parsing and Canonicalization - (551)

Weakness Base Incorrect Behavior Order: Early Amplification - (408)

Weakness Base Incorrect Behavior Order: Early Validation - (179)

Weakness Base Incorrect Behavior Order: Validate Before Canonicalize - (180)

Weakness Base Incorrect Behavior Order: Validate Before Filter - (181)

Weakness Variant Incorrect Block Delimitation - (483)

Weakness Class Incorrect Calculation - (682)

Weakness Base Incorrect Calculation of Buffer Size - (131)

Weakness Base Incorrect Calculation of Multi-Byte String Length - (135)

Weakness Base Incorrect Check of Function Return Value - (253)

Weakness Class Incorrect Control Flow Scoping - (705)

Weakness Base Incorrect Conversion between Numeric Types - (681)

Weakness Variant Incorrect Default Permissions - (276)

Weakness Variant Incorrect Execution-Assigned Permissions - (279)

Weakness Base Incorrect Implementation of Authentication Algorithm - (303)

Weakness Base Incorrect Ownership Assignment - (708)

Weakness Class Incorrect Permission Assignment for Critical Resource - (732)

Weakness Base Incorrect Pointer Scaling - (468)

Weakness Base Incorrect Privilege Assignment - (266)

Weakness Class Incorrect Regular Expression - (185)

Weakness Class Incorrect Resource Transfer Between Spheres - (669)

Weakness Base Incorrect Semantic Object Comparison - (596)

Weakness Variant Incorrect Short Circuit Evaluation - (768)

Weakness Class Incorrect Type Conversion or Cast - (704)

Weakness Base Incorrect Use of Privileged APIs - (648)

Weakness Class Incorrect User Management - (286)

Weakness Class Indicator of Poor Code Quality - (398)

Weakness Class Information Leak (Information Disclosure) - (200)

Weakness Variant Information Leak of System Data - (497)

Weakness Variant Information Leak Through Access Control List Files - (529)

Weakness Variant Information Leak Through Backup (.~bk) Files - (530)

Weakness Variant Information Leak Through Browser Caching - (525)

Weakness Variant Information Leak Through Caching - (524)

Weakness Variant Information Leak through Class Cloning - (498)

Weakness Variant Information Leak Through Cleanup Log Files - (542)

Weakness Variant Information Leak Through Comments - (615)

Weakness Variant Information Leak Through Core Dump Files - (528)

Weakness Variant Information Leak Through CVS Repository - (527)

Weakness Variant Information Leak Through Debug Information - (215)

Weakness Variant Information Leak Through Debug Log Files - (534)

Weakness Variant Information Leak Through Directory Listing - (548)

Weakness Variant Information Leak Through Environmental Variables - (526)

Weakness Variant Information Leak Through Include Source Code - (541)

Weakness Variant Information Leak Through Indexing of Private Data - (612)

Weakness Variant Information Leak Through Java Runtime Error Message - (537)

Weakness Variant Information Leak Through Log Files - (532)

Weakness Variant Information Leak Through Persistent Cookies - (539)

Weakness Variant Information Leak Through Query Strings in GET Request - (598)

Weakness Variant Information Leak Through Sent Data - (201)

Weakness Variant Information Leak Through Server Error Message - (550)

Weakness Variant Information Leak Through Server Log Files - (533)

Weakness Variant Information Leak Through Servlet Runtime Error Message - (536)

Weakness Variant Information Leak Through Shell Error Message - (535)

Weakness Variant Information Leak Through Source Code - (540)

Weakness Variant Information Leak Through Test Code - (531)

Weakness Variant Information Leak through WSDL File - (651)

Weakness Variant Information Leak Through XML External Entity File Disclosure - (611)

Weakness Class Information Loss or Omission - (221)

Category Information Management Errors - (199)

Category Initialization and Cleanup Errors - (452)

Weakness Base Insecure Default Variable Initialization - (453)

Weakness Variant Insecure Inherited Permissions - (277)

Category Insecure Interaction Between Components - (751)

Weakness Variant Insecure Preserved Inherited Permissions - (278)

Weakness Base Insecure Temporary File - (377)

Weakness Class Insufficient Comparison - (697)

Weakness Base Insufficient Compartmentalization - (653)

Weakness Class Insufficient Control Flow Management - (691)

Weakness Base Insufficient Control of Network Message Volume (Network Amplification) - (406)

Weakness Class Insufficient Encapsulation - (485)

Weakness Base Insufficient Entropy - (331)

Weakness Variant Insufficient Entropy in PRNG - (332)

Weakness Variant Insufficient Filtering of File and Other Resource Names for Executable Content - (641)

Weakness Base Insufficient Locking - (667)

Weakness Base Insufficient Logging - (778)

Weakness Base Insufficient Psychological Acceptability - (655)

Weakness Base Insufficient Resource Locking - (413)

Weakness Base Insufficient Resource Pool - (410)

Weakness Base Insufficient Session Expiration - (613)

Weakness Base Insufficient Synchronization - (662)

Weakness Base Insufficient Type Distinction - (351)

Weakness Base Insufficient UI Warning of Dangerous Operations - (357)

Weakness Class Insufficient Verification of Data Authenticity - (345)

Weakness Base Insufficiently Protected Credentials - (522)

Category Integer Coercion Error - (192)

Weakness Base Integer Overflow or Wraparound - (190)

Compound Element: Chain Integer Overflow to Buffer Overflow - (680)

Weakness Base Integer Underflow (Wrap or Wraparound) - (191)

Weakness Base Intended Information Leak - (213)

Category Intentionally Introduced Nonmalicious Weakness - (513)

Category Intentionally Introduced Weakness - (505)

Weakness Class Interaction Error - (435)

Weakness Variant Internal Behavioral Inconsistency Information Leak - (206)

Weakness Base Interpretation Conflict - (436)

Weakness Variant J2EE Bad Practices: Direct Management of Connections - (245)

Weakness Variant J2EE Bad Practices: Direct Use of Sockets - (246)

Weakness Variant J2EE Bad Practices: Direct Use of Threads - (383)

Weakness Variant J2EE Bad Practices: Non-serializable Object Stored in Session - (579)

Weakness Variant J2EE Bad Practices: Use of System.exit() - (382)

Category J2EE Environment Issues - (4)

Weakness Variant J2EE Framework: Saving Unserializable Objects to Disk - (594)

Weakness Variant J2EE Misconfiguration: Data Transmission Without Encryption - (5)

Weakness Variant J2EE Misconfiguration: Entity Bean Declared Remote - (8)

Weakness Variant J2EE Misconfiguration: Insufficient Session-ID Length - (6)

Weakness Variant J2EE Misconfiguration: Missing Custom Error Page - (7)

Weakness Variant J2EE Misconfiguration: Plaintext Password in Configuration File - (555)

Weakness Variant J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)

Category J2EE Time and State Issues - (381)

Weakness Base Key Exchange without Entity Authentication - (322)

Category Key Management Errors - (320)

Weakness Class Lack of Administrator Control over Security - (671)

Weakness Base Least Privilege Violation - (272)

Weakness Base Leftover Debug Code - (489)

Category Location - (1)

Weakness Base Logging of Excessive Data - (779)

Weakness Base Logic/Time Bomb - (511)

Category Mac Virtual File Problems - (70)

Weakness Base Misinterpretation of Input - (115)

Weakness Variant Mismatched Memory Management Routines - (762)

Weakness Base Missing Check for Certificate Revocation after Initial Check - (370)

Weakness Base Missing Critical Step in Authentication - (304)

Weakness Class Missing Custom Error Page - (756)

Weakness Variant Missing Default Case in Switch Statement - (478)

Weakness Base Missing Handler - (431)

Weakness Base Missing Initialization - (456)

Weakness Base Missing Lock Check - (414)

Weakness Variant Missing Password Field Masking - (549)

Weakness Base Missing Reference to Active Allocated Resource - (771)

Weakness Variant Missing Reference to Active File Descriptor or Handle - (773)

Weakness Variant Missing Release of File Descriptor or Handle after Effective Lifetime - (775)

Weakness Base Missing Release of Resource after Effective Lifetime - (772)

Weakness Base Missing Required Cryptographic Step - (325)

Weakness Base Missing XML Validation - (112)

Category Mobile Code Issues - (490)

Weakness Base Modification of Assumed-Immutable Data (MAID) - (471)

Category Motivation/Intent - (504)

Weakness Base Multiple Binds to the Same Port - (605)

Weakness Base Multiple Interpretations of UI Input - (450)

Weakness Variant Multiple Locks of a Critical Resource - (764)

Weakness Variant Multiple Unlocks of a Critical Resource - (765)

Weakness Base Mutable Objects Passed by Reference - (374)

View Named Chains - (709)

Category .NET Environment Issues - (519)

Weakness Variant .NET Misconfiguration: Use of Impersonation - (520)

Weakness Variant No Authentication for Critical Function - (306)

Weakness Base Non-exit on Failed Initialization - (455)

Weakness Base Non-Replicating Malicious Code - (508)

Weakness Class Not Failing Securely ('Failing Open') - (636)

Weakness Variant Not Using a Random IV with CBC Mode - (329)

Weakness Variant Not Using Password Aging - (262)

Weakness Variant Null Byte Interaction Error (Poison Null Byte) - (626)

Weakness Base NULL Pointer Dereference - (476)

Category Numeric Errors - (189)

Weakness Base Numeric Truncation Error - (197)

Weakness Base Object Model Violation: Just One of Equals and Hashcode Defined - (581)

Weakness Base Obscured Security-relevant Information by Alternate Name - (224)

Weakness Base Obsolete Feature in UI - (448)

Weakness Base Off-by-one Error - (193)

Category Often Misused: Arguments and Parameters - (559)

Category Often Misused: String Management - (251)

Weakness Base Omission of Security-relevant Information - (223)

Weakness Base Omitted Break Statement in Switch - (484)

Weakness Base Operation on Resource in Wrong Phase of Lifetime - (666)

Weakness Variant Operator Precedence Logic Error - (783)

Weakness Base Origin Validation Error - (346)

Category Other Intentional, Nonmalicious Weakness - (517)

Weakness Base Out-of-bounds Read - (125)

Weakness Base Out-of-bounds Write - (787)

Weakness Base Overly Restrictive Account Lockout Mechanism - (645)

Weakness Base Overly Restrictive Regular Expression - (186)

Category OWASP Top Ten 2004 Category A1 - Unvalidated Input - (722)

Category OWASP Top Ten 2004 Category A10 - Insecure Configuration Management - (731)

Category OWASP Top Ten 2004 Category A2 - Broken Access Control - (723)

Category OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management - (724)

Category OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws - (725)

Category OWASP Top Ten 2004 Category A5 - Buffer Overflows - (726)

Category OWASP Top Ten 2004 Category A6 - Injection Flaws - (727)

Category OWASP Top Ten 2004 Category A7 - Improper Error Handling - (728)

Category OWASP Top Ten 2004 Category A8 - Insecure Storage - (729)

Category OWASP Top Ten 2004 Category A9 - Denial of Service - (730)

Category OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS) - (712)

Category OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access - (721)

Category OWASP Top Ten 2007 Category A2 - Injection Flaws - (713)

Category OWASP Top Ten 2007 Category A3 - Malicious File Execution - (714)

Category OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference - (715)

Category OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) - (716)

Category OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling - (717)

Category OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management - (718)

Category OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage - (719)

Category OWASP Top Ten 2007 Category A9 - Insecure Communications - (720)

Weakness Class Parameter Problems - (233)

Weakness Base Partial Comparison - (187)

Weakness Base Passing Mutable Objects to an Untrusted Method - (375)

Weakness Base Password Aging with Long Expiration - (263)

Weakness Variant Password in Configuration File - (260)

Weakness Variant Path Equivalence: ' filename (Leading Space) - (47)

Weakness Variant Path Equivalence: '/./' (Single Dot Directory) - (55)

Weakness Variant Path Equivalence: '//multiple/leading/slash' - (50)

Weakness Variant Path Equivalence: '/multiple//internal/slash' - (51)

Weakness Variant Path Equivalence: '/multiple/trailing/slash//' - (52)

Weakness Variant Path Equivalence: '\multiple\\internal\backslash' - (53)

Weakness Variant Path Equivalence: 'fakedir/../realdir/filename' - (57)

Weakness Variant Path Equivalence: 'file name' (Internal Whitespace) - (48)

Weakness Variant Path Equivalence: 'filedir*' (Wildcard) - (56)

Weakness Variant Path Equivalence: 'filedir\' (Trailing Backslash) - (54)

Weakness Variant Path Equivalence: 'filename ' (Trailing Space) - (46)

Weakness Variant Path Equivalence: 'file.name' (Internal Dot) - (44)

Weakness Variant Path Equivalence: 'file...name' (Multiple Internal Dot) - (45)

Weakness Variant Path Equivalence: 'filename....' (Multiple Trailing Dot) - (43)

Weakness Variant Path Equivalence: 'filename.' (Trailing Dot) - (42)

Weakness Variant Path Equivalence: 'filename/' (Trailing Slash) - (49)

Weakness Variant Path Equivalence: Windows 8.3 Filename - (58)

Weakness Class Path Traversal - (22)

Weakness Variant Path Traversal: '....' (Multiple Dot) - (33)

Weakness Variant Path Traversal: '...' (Triple Dot) - (32)

Weakness Variant Path Traversal: '....//' - (34)

Weakness Variant Path Traversal: '.../...//' - (35)

Weakness Variant Path Traversal: '/../filedir' - (25)

Weakness Variant Path Traversal: '/absolute/pathname/here' - (37)

Weakness Variant Path Traversal: '/dir/../filename' - (26)

Weakness Variant Path Traversal: '../filedir' - (24)

Weakness Variant Path Traversal: '\..\filename' - (29)

Weakness Variant Path Traversal: '\\UNC\share\name\' (Windows UNC Share) - (40)

Weakness Variant Path Traversal: '\absolute\pathname\here' - (38)

Weakness Variant Path Traversal: '\dir\..\filename' - (30)

Weakness Variant Path Traversal: '..\filedir' - (28)

Weakness Variant Path Traversal: 'C:dirname' - (39)

Weakness Variant Path Traversal: 'dir/../../filename' - (27)

Weakness Variant Path Traversal: 'dir\..\..\filename' - (31)

Category Pathname Traversal and Equivalence Errors - (21)

Category Permission Issues - (275)

Compound Element: Composite Permission Race Condition During Resource Copy - (689)

Category Permissions, Privileges, and Access Controls - (264)

Weakness Base Permissive Regular Expression - (625)

Weakness Base Permissive Whitelist - (183)

Weakness Variant PHP External Variable Modification - (473)

Weakness Variant Plaintext Storage in a Cookie - (315)

Weakness Variant Plaintext Storage in a File or on Disk - (313)

Weakness Variant Plaintext Storage in Executable - (318)

Weakness Variant Plaintext Storage in GUI - (317)

Weakness Variant Plaintext Storage in Memory - (316)

Weakness Variant Plaintext Storage in the Registry - (314)

Weakness Variant Plaintext Storage of a Password - (256)

Category Pointer Issues - (465)

Category Porous Defenses - (753)

Weakness Class Predictability Problems - (340)

Weakness Base Predictable Exact Value from Previous Values - (342)

Weakness Base Predictable from Observable State - (341)

Weakness Base Predictable Seed in PRNG - (337)

Weakness Base Predictable Value Range from Previous Values - (343)

Weakness Variant Privacy Leak through Data Queries - (202)

Weakness Class Privacy Violation - (359)

Weakness Variant Private Array-Typed Field Returned From A Public Method - (495)

Category Privilege / Sandbox Issues - (265)

Weakness Base Privilege Chaining - (268)

Weakness Base Privilege Context Switching Error - (270)

Weakness Base Privilege Defined With Unsafe Actions - (267)

Weakness Class Privilege Dropping / Lowering Errors - (271)

Weakness Class PRNG Seed Error - (335)

Weakness Base Process Control - (114)

Weakness Variant Process Environment Information Leak - (214)

Weakness Base Product UI does not Warn User of Unsafe Actions - (356)

Weakness Base Product-External Error Message Information Leak - (211)

Weakness Base Product-Generated Error Message Information Leak - (210)

Weakness Class Protection Mechanism Failure - (693)

Weakness Variant Public cloneable() Method Without Final ('Object Hijack') - (491)

Weakness Variant Public Data Assigned to Private Array-Typed Field - (496)

Weakness Variant Public Static Field Not Marked Final - (500)

Weakness Variant Public Static Final Field References Mutable Object - (607)

Weakness Class Race Condition - (362)

Weakness Base Race Condition During Access to Alternate Channel - (421)

Weakness Base Race Condition Enabling Link Following - (363)

Weakness Base Race Condition in Switch - (365)

Weakness Base Race Condition within a Thread - (366)

Weakness Variant Reachable Assertion - (617)

Weakness Base Redirect Without Exit - (698)

Weakness Variant Reflection Attack in an Authentication Protocol - (301)

Weakness Variant Regular Expression without Anchors - (777)

Weakness Base Relative Path Traversal - (23)

Weakness Base Release of Invalid Pointer or Reference - (763)

Weakness Base Reliance on a Single Factor in a Security Decision - (654)

Weakness Base Reliance on Cookies without Validation and Integrity Checking - (565)

Weakness Variant Reliance on Cookies without Validation and Integrity Checking in a Security Decision - (784)

Weakness Base Reliance on Data/Memory Layout - (188)

Weakness Variant Reliance on DNS Lookups in a Security Decision - (247)

Weakness Variant Reliance on File Name or Extension of Externally-Supplied File - (646)

Weakness Base Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)

Weakness Variant Reliance on Package-level Scope - (487)

Weakness Base Reliance on Security through Obscurity - (656)

Weakness Class Reliance on Undefined, Unspecified, or Implementation-Defined Behavior - (758)

Weakness Base Replicating Malicious Code (Virus or Worm) - (509)

Category Representation Errors - (137)

View Research Concepts - (1000)

Category Resource Locking Problems - (411)

Category Resource Management Errors - (399)

View Resource-specific Weaknesses - (631)

Weakness Base Response Discrepancy Information Leak - (204)

Weakness Base Return Inside Finally Block - (584)

Weakness Base Return of Pointer Value Outside of Expected Range - (466)

Weakness Base Return of Stack Variable Address - (562)

Weakness Base Return of Wrong Status Code - (393)

Weakness Base Reusing a Nonce, Key Pair in Encryption - (323)

Weakness Base Reversible One-Way Hash - (328)

Category Risky Resource Management - (752)

Weakness Base Same Seed in PRNG - (336)

Category Security Features - (254)

Weakness Class Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') - (757)

Weakness Variant Sensitive Cookie in HTTPS Session Without 'Secure' Attribute - (614)

Weakness Variant Sensitive Data Storage in Improperly Locked Memory - (591)

Weakness Variant Sensitive Data Under FTP Root - (220)

Weakness Variant Sensitive Data Under Web Root - (219)

Weakness Base Sensitive Information Uncleared Before Release - (226)

Weakness Variant Serializable Class Containing Sensitive Data - (499)

Compound Element: Composite Session Fixation - (384)

View Seven Pernicious Kingdoms - (700)

Category Signal Errors - (387)

Weakness Base Signal Handler Race Condition - (364)

Weakness Variant Signed to Unsigned Conversion Error - (195)

Weakness Base Small Seed Space in PRNG - (339)

Weakness Base Small Space of Random Values - (334)

Category Source Code - (18)

Weakness Base Spyware - (512)

Weakness Variant SQL Injection: Hibernate - (564)

Weakness Variant Stack-based Buffer Overflow - (121)

Category State Issues - (371)

Weakness Base State Synchronization Error - (373)

Weakness Base Storing Passwords in a Recoverable Format - (257)

Category String Errors - (133)

Category Struts Validation Problems - (101)

Weakness Variant Struts: Duplicate Validation Forms - (102)

Weakness Variant Struts: Form Bean Does Not Extend Validation Class - (104)

Weakness Variant Struts: Form Field Without Validator - (105)

Weakness Variant Struts: Incomplete validate() Method Definition - (103)

Weakness Variant Struts: Non-private Field in ActionForm Class - (608)

Weakness Variant Struts: Plug-in Framework not in Use - (106)

Weakness Variant Struts: Unused Validation Form - (107)

Weakness Variant Struts: Unvalidated Action Form - (108)

Weakness Variant Struts: Validator Turned Off - (109)

Weakness Variant Struts: Validator Without Form Field - (110)

Weakness Variant Suspicious Comment - (546)

Weakness Base Symbolic Name not Mapping to Correct Object - (386)

Category Technology-specific Environment Issues - (3)

Category Technology-Specific Input Validation Problems - (100)

Category Technology-Specific Special Elements - (169)

Category Technology-Specific Time and State Issues - (380)

Category Temporary File Issues - (376)

Weakness Base The UI Performs the Wrong Action - (449)

Category Time and State - (361)

Weakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)

Weakness Base Timing Discrepancy Information Leak - (208)

Weakness Class Transmission of Private Resources into a New Sphere ('Resource Leak') - (402)

Weakness Base Trapdoor - (510)

Weakness Base Trojan Horse - (507)

Weakness Base Truncation of Security-relevant Information - (222)

Weakness Base Trust Boundary Violation - (501)

Weakness Variant Trust of OpenSSL Certificate Without Validation - (599)

Weakness Base Trust of System Event Data - (360)

Weakness Variant Trusting HTTP Permission Methods on the Server Side - (650)

Weakness Variant Trusting Self-reported DNS Name - (292)

Compound Element: Composite Trusting Self-reported IP Address - (291)

Category Type Errors - (136)

Weakness Base UI Discrepancy for Security Feature - (446)

Weakness Base UI Misrepresentation of Critical Information - (451)

Weakness Base Uncaught Exception - (248)

Weakness Base Unchecked Error Condition - (391)

Weakness Base Unchecked Input for Loop Condition - (606)

Weakness Base Unchecked Return Value - (252)

Compound Element: Chain Unchecked Return Value to NULL Pointer Dereference - (690)

Weakness Base Uncontrolled Format String - (134)

Weakness Variant Uncontrolled Memory Allocation - (789)

Weakness Base Uncontrolled Recursion - (674)

Weakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)

Weakness Base Uncontrolled Search Path Element - (427)

Weakness Base Undefined Behavior for Input to API - (475)

Weakness Base Unexpected Sign Extension - (194)

Weakness Base Unexpected Status Code or Return Value - (394)

Weakness Base Unimplemented or Unsupported Feature in UI - (447)

Weakness Base Unintended Proxy/Intermediary - (441)

Weakness Base UNIX File Descriptor Leak - (403)

Weakness Variant UNIX Hard Link - (62)

Category UNIX Path Link Problems - (60)

Compound Element: Composite UNIX Symbolic Link (Symlink) Following - (61)

Weakness Variant Unparsed Raw Web Content Delivery - (433)

Weakness Base Unprotected Alternate Channel - (420)

Weakness Base Unprotected Primary Channel - (419)

Weakness Variant Unprotected Transport of Credentials - (523)

Weakness Variant Unprotected Windows Messaging Channel ('Shatter') - (422)

Weakness Base Unquoted Search Path or Element - (428)

Weakness Base Unrestricted Externally Accessible Lock - (412)

Compound Element: Composite Unrestricted File Upload - (434)

Weakness Variant Unrestricted Recursive Entity References in DTDs ('XML Bomb') - (776)

Weakness Variant Unsafe ActiveX Control Marked Safe For Scripting - (623)

Weakness Variant Unsafe Function Call from a Signal Handler - (479)

Weakness Variant Unsigned to Signed Conversion Error - (196)

Weakness Base Unsynchronized Access to Shared Data - (567)

Compound Element: Composite Untrusted Search Path - (426)

Weakness Variant Unused Variable - (563)

Weakness Variant Unvalidated Function Hook Arguments - (622)

Weakness Base Unverified Ownership - (283)

Weakness Variant Unverified Password Change - (620)

Weakness Variant URL Redirection to Untrusted Site ('Open Redirect') - (601)

Weakness Base Use After Free - (416)

Weakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)

Weakness Base Use of a Key Past its Expiration Date - (324)

Weakness Base Use of a Non-reentrant Function in an Unsynchronized Context - (663)

Weakness Class Use of a One-Way Hash with a Predictable Salt - (760)

Weakness Class Use of a One-Way Hash without a Salt - (759)

Weakness Base Use of a Resource after Expiration or Release - (672)

Weakness Base Use of Client-Side Authentication - (603)

Weakness Base Use of Cryptographically Weak PRNG - (338)

Weakness Variant Use of Dynamic Class Loading - (545)

Weakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)

Weakness Base Use of Function with Inconsistent Implementations - (474)

Weakness Variant Use of getlogin() in Multithreaded Application - (558)

Weakness Base Use of Hard-coded Cryptographic Key - (321)

Weakness Variant Use of Hard-coded, Security-relevant Constants - (547)

Weakness Base Use of Incorrect Byte Ordering - (198)

Weakness Base Use of Incorrect Operator - (480)

Weakness Class Use of Incorrectly-Resolved Name or Reference - (706)

Weakness Base Use of Inherently Dangerous Function - (242)

Weakness Variant Use of Inner Class Containing Sensitive Data - (492)

Weakness Class Use of Insufficiently Random Values - (330)

Weakness Base Use of Invariant Value in Dynamically Changing Context - (344)

Weakness Base Use of Less Trusted Source - (348)

Weakness Base Use of Low-Level Functionality - (695)

Weakness Base Use of Multiple Resources with Duplicate Identifier - (694)

Weakness Variant Use of Non-Canonical URL Paths for Authorization Decisions - (647)

Weakness Base Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)

Weakness Base Use of Obsolete Functions - (477)

Weakness Base Use of Password System for Primary Authentication - (309)

Weakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)

Weakness Base Use of Pointer Subtraction to Determine Size - (469)

Weakness Base Use of Potentially Dangerous Function - (676)

Weakness Variant Use of RSA Algorithm without OAEP - (780)

Weakness Base Use of Single-factor Authentication - (308)

Weakness Variant Use of Singleton Pattern in a Non-thread-safe Manner - (543)

Weakness Variant Use of sizeof() on a Pointer Type - (467)

Weakness Variant Use of umask() with chmod-style Argument - (560)

Weakness Variant Use of Uninitialized Variable - (457)

Weakness Variant Use of Wrong Operator in String Comparison - (597)

Category User Interface Errors - (445)

Category User Interface Security Issues - (355)

Weakness Variant Using Referer Field for Authentication - (293)

Weakness Base Variable Extraction Error - (621)

Weakness Class Violation of Secure Design Principles - (657)

Weakness Variant Weak Cryptography for Passwords - (261)

Weakness Base Weak Password Recovery Mechanism for Forgotten Password - (640)

Weakness Base Weak Password Requirements - (521)

View Weakness Base Elements - (677)

View Weaknesses Addressed by the CERT C Secure Coding Standard - (734)

View Weaknesses Examined by SAMATE - (630)

View Weaknesses in OWASP Top Ten (2004) - (711)

View Weaknesses in OWASP Top Ten (2007) - (629)

View Weaknesses in Software Written in C - (658)

View Weaknesses in Software Written in C++ - (659)

View Weaknesses in Software Written in Java - (660)

View Weaknesses in Software Written in PHP - (661)

View Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors - (750)

View Weaknesses Introduced During Design - (701)

View Weaknesses Introduced During Implementation - (702)

Category Weaknesses that Affect Files or Directories - (632)

Category Weaknesses that Affect Memory - (633)

Category Weaknesses that Affect System Processes - (634)

View Weaknesses Used by NVD - (635)

Category Web Problems - (442)

Weakness Variant Windows Hard Link - (65)

Category Windows Path Link Problems - (63)

Weakness Variant Windows Shortcut Following (.LNK) - (64)

Category Windows Virtual File Problems - (68)

Weakness Base Wrap-around Error - (128)

Weakness Base Write-what-where Condition - (123)

Weakness Base XML Injection (aka Blind XPath Injection) - (91)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us