CWE - VIEW LIST: CWE-629: Weaknesses in OWASP Top Ten (Draft 9)

Home > CWE List > VIEW LIST: CWE-629: Weaknesses in OWASP Top Ten (Draft 9)

View the CWE List

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

(CWE-629)

View Definition

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

VIEW LIST: CWE-629: Weaknesses in OWASP Top Ten (Draft 9)

View ID

Status: Draft

629 (View)

Objective

CWE nodes in this view (slice) are associated with the OWASP Top Ten.

View Data

	CWEs in this view		Total CWEs
Total	24	out of	695
Views	0	out of	14
Categories	0	out of	64
Weaknesses	21	out of	605
Compound_Elements	3	out of	12

Authentication Bypass by Alternate Path/Channel - (288)

Cross-Site Request Forgery (CSRF) - (352)

Direct Request ('Forced Browsing') - (425)

External Control of Assumed-Immutable Web Parameter - (472)

Failure to Encrypt Sensitive Data - (311)

Failure to Sanitize CRLF Sequences (aka 'CRLF Injection') - (93)

Failure to Sanitize Data into a Control Plane (aka 'Command Injection') - (77)

Failure to Sanitize Data into an OS Command (aka 'OS Command Injection') - (78)

Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection') - (90)

Failure to Sanitize Data into SQL Queries (aka 'SQL Injection') - (89)

Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS)) - (79)

Information Leak (Information Disclosure) - (200)

Insufficient Authentication - (287)

Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection') - (95)

Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion') - (98)

Insufficiently Protected Credentials - (522)

Missing or Inconsistent Access Control - (285)

Missing Required Cryptographic Step - (325)

Path Traversal - (22)

Reflection Attack in an Authentication Protocol - (301)

Unrestricted File Upload - (434)

Use of Hard-coded Cryptographic Key - (321)

Weak Encryption - (326)

XML Injection (aka Blind XPath Injection) - (91)

Page Last Updated: April 11, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us