CWE - VIEW LIST: CWE-635: Weaknesses Used by NVD (1.6)

Home > CWE List > VIEW LIST: CWE-635: Weaknesses Used by NVD (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-635: Weaknesses Used by NVD

Weaknesses Used by NVD

Definition in a New Window

View ID: 635 (View: Explicit Slice)

Status: Draft

View Data

View Objective

CWE nodes in this view (slice) are used by NIST to categorize vulnerabilities within NVD.

View Metrics

	CWEs in this view		Total CWEs
Total	19	out of	791
Views	0	out of	22
Categories	6	out of	106
Weaknesses	12	out of	651
Compound_Elements	1	out of	12

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	16	Configuration	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	20	Improper Input Validation	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	22	Path Traversal	Weaknesses Used by NVD (primary)635
HasMember	Weakness Base	59	Improper Link Resolution Before File Access ('Link Following')	Weaknesses Used by NVD (primary)635
HasMember	Weakness Base	78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')	Weaknesses Used by NVD (primary)635
HasMember	Weakness Base	79	Failure to Preserve Web Page Structure ('Cross-site Scripting')	Weaknesses Used by NVD (primary)635
HasMember	Weakness Base	89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	94	Failure to Control Generation of Code ('Code Injection')	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	119	Failure to Constrain Operations within the Bounds of a Memory Buffer	Weaknesses Used by NVD (primary)635
HasMember	Weakness Base	134	Uncontrolled Format String	Weaknesses Used by NVD (primary)635
HasMember	Category	189	Numeric Errors	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	200	Information Leak (Information Disclosure)	Weaknesses Used by NVD (primary)635
HasMember	Category	255	Credentials Management	Weaknesses Used by NVD (primary)635
HasMember	Category	264	Permissions, Privileges, and Access Controls	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	287	Improper Authentication	Weaknesses Used by NVD (primary)635
HasMember	Category	310	Cryptographic Issues	Weaknesses Used by NVD (primary)635
HasMember	Compound Element: Composite	352	Cross-Site Request Forgery (CSRF)	Weaknesses Used by NVD (primary)635
HasMember	Weakness Class	362	Race Condition	Weaknesses Used by NVD (primary)635
HasMember	Category	399	Resource Management Errors	Weaknesses Used by NVD (primary)635

References

NIST. "CWE - Common Weakness Enumeration". <http://nvd.nist.gov/cwe.cfm>.

Maintenance Notes

The set of CWE elements as used in NVD was created in summer of 2007. Since then, CWE has grown, so it is expected that this list will change. The current organization as used by NVD is captured in the following image.

NVD cross-section of CWE

<http://nvd.nist.gov/images/cwe_cross_section_large.jpg>

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Maintenance Notes, Relationships, References, View Structure

Category Configuration - (16)

Category Credentials Management - (255)

Compound Element: Composite Cross-Site Request Forgery (CSRF) - (352)

Category Cryptographic Issues - (310)

Weakness Class Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness Class Failure to Control Generation of Code ('Code Injection') - (94)

Weakness Base Failure to Preserve Web Page Structure ('Cross-site Scripting') - (79)

Weakness Class Improper Authentication - (287)

Weakness Class Improper Input Validation - (20)

Weakness Base Improper Link Resolution Before File Access ('Link Following') - (59)

Weakness Base Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness Base Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness Class Information Leak (Information Disclosure) - (200)

Category Numeric Errors - (189)

Weakness Class Path Traversal - (22)

Category Permissions, Privileges, and Access Controls - (264)

Weakness Class Race Condition - (362)

Category Resource Management Errors - (399)

Weakness Base Uncontrolled Format String - (134)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us