CWE - VIEW LIST: CWE-631: Resource-specific Weaknesses (1.6)

Home > CWE List > VIEW LIST: CWE-631: Resource-specific Weaknesses (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-631: Resource-specific Weaknesses

Resource-specific Weaknesses

Definition in a New Window

View ID: 631 (View: Graph)

Status: Draft

View Data

View Objective

CWE nodes in this view (graph) occur when the application handles particular system resources.

View Metrics

	CWEs in this view		Total CWEs
Total	62	out of	791
Views	0	out of	22
Categories	11	out of	106
Weaknesses	46	out of	651
Compound_Elements	5	out of	12

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	632	Weaknesses that Affect Files or Directories	Resource-specific Weaknesses (primary)631
HasMember	Category	633	Weaknesses that Affect Memory	Resource-specific Weaknesses (primary)631
HasMember	Category	634	Weaknesses that Affect System Processes	Resource-specific Weaknesses (primary)631
MemberOf	View	699	Development Concepts	Development Concepts (primary)699

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Relationships, View Structure

Weakness Class Access Control (Authorization) Issues - (284)

Weakness Variant Apple '.DS_Store' - (71)

Weakness Base Argument Injection or Modification - (88)

Compound Element: Composite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Variant Call to Thread run() instead of start() - (572)

Weakness Base Compiler Removal of Code to Clear Buffers - (14)

Weakness Variant Double Free - (415)

Weakness Variant Failure to Change Working Directory in chroot Jail - (243)

Weakness Variant Failure to Clear Heap Memory Before Release ('Heap Inspection') - (244)

Weakness Class Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness Variant Failure to Handle Windows ::DATA Alternate Data Stream - (69)

Weakness Base Failure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness Base Failure to Resolve Case Sensitivity - (178)

Weakness Base Files or Directories Accessible to External Parties - (552)

Weakness Variant Heap-based Buffer Overflow - (122)

Weakness Base Improper Check for Dropped Privileges - (273)

Compound Element: Composite Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') - (98)

Weakness Variant Improper Handling of Apple HFS+ Alternate Data Stream Path - (72)

Weakness Variant Improper Handling of Windows Device Names - (67)

Weakness Base Improper Link Resolution Before File Access ('Link Following') - (59)

Weakness Class Improper Ownership Management - (282)

Weakness Base Improper Resolution of Path Equivalence - (41)

Weakness Base Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection') - (96)

Weakness Base Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness Base Improper Validation of Array Index - (129)

Weakness Base Incorrect Privilege Assignment - (266)

Weakness Variant Information Leak Through Server Log Files - (533)

Weakness Variant J2EE Bad Practices: Direct Use of Threads - (383)

Category Mac Virtual File Problems - (70)

Category Often Misused: String Management - (251)

Weakness Variant Password in Configuration File - (260)

Weakness Class Path Traversal - (22)

Category Permission Issues - (275)

Weakness Variant Plaintext Storage in Memory - (316)

Weakness Base Process Control - (114)

Weakness Variant Process Environment Information Leak - (214)

Weakness Base Race Condition During Access to Alternate Channel - (421)

Weakness Base Race Condition within a Thread - (366)

Weakness Base Release of Invalid Pointer or Reference - (763)

Weakness Variant Sensitive Data Storage in Improperly Locked Memory - (591)

Weakness Base Sensitive Information Uncleared Before Release - (226)

Category Signal Errors - (387)

Weakness Base Signal Handler Race Condition - (364)

Category Temporary File Issues - (376)

Weakness Base Uncontrolled Format String - (134)

Weakness Base UNIX File Descriptor Leak - (403)

Weakness Variant UNIX Hard Link - (62)

Category UNIX Path Link Problems - (60)

Compound Element: Composite UNIX Symbolic Link (Symlink) Following - (61)

Weakness Variant Unprotected Windows Messaging Channel ('Shatter') - (422)

Compound Element: Composite Unrestricted File Upload - (434)

Weakness Variant Unsafe Function Call from a Signal Handler - (479)

Compound Element: Composite Untrusted Search Path - (426)

Weakness Base Use After Free - (416)

Weakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)

Category Weaknesses that Affect Files or Directories - (632)

Category Weaknesses that Affect Memory - (633)

Category Weaknesses that Affect System Processes - (634)

Weakness Variant Windows Hard Link - (65)

Category Windows Path Link Problems - (63)

Weakness Variant Windows Shortcut Following (.LNK) - (64)

Category Windows Virtual File Problems - (68)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us