CWE - VIEW LIST: CWE-679: Chain Elements (2.1)

Home > CWE List > VIEW LIST: CWE-679: Chain Elements (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS
CWRAF
T-Shirt

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Coverage Claims Representation
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-679: Chain Elements

Chain Elements

Definition in a New Window

View ID: 679 (View: Implicit Slice)

Status: Draft

View Data

View Objective

This view (slice) displays only weakness elements that are part of a chain.

View Filter: (.//Relationship_Nature='CanPrecede') or (@ID = //Relationship_Target_ID[../Relationship_Nature='CanPrecede'])

View Metrics

	CWEs in this view		Total CWEs
Total	117	out of	886
Views	0	out of	27
Categories	1	out of	157
Weaknesses	116	out of	693
Compound_Elements	0	out of	9

Content History

Modifications
Modification Date	Modifier	Organization	Source
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated View_Filter, View_Structure

Weakness Base Access of Resource Using Incompatible Type ('Type Confusion') - (843)

Weakness Base Access of Uninitialized Pointer - (824)

Weakness Variant Assigning instead of Comparing - (481)

Weakness Variant Authentication Bypass by Alternate Name - (289)

Weakness Base Buffer Access with Incorrect Length Value - (805)

Weakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Variant Buffer Over-read - (126)

Weakness Base Buffer Underwrite ('Buffer Underflow') - (124)

Category Cleansing, Canonicalization, and Comparison Errors - (171)

Weakness Base Client-Side Enforcement of Server-Side Security - (602)

Weakness Variant Cloneable Class Containing Sensitive Information - (498)

Weakness Base Collapse of Data into Unsafe Value - (182)

Weakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)

Weakness Base Deployment of Wrong Handler - (430)

Weakness Class Detection of Error Condition Without Action - (390)

Weakness Base Direct Request ('Forced Browsing') - (425)

Weakness Variant Double Free - (415)

Weakness Base Double-Checked Locking - (609)

Weakness Base Download of Code Without Integrity Check - (494)

Weakness Class Encoding Error - (172)

Weakness Base Excessive Iteration - (834)

Weakness Base Expired Pointer Dereference - (825)

Weakness Variant Exposed IOCTL with Insufficient Access Control - (782)

Weakness Variant Exposure of Data Element to Wrong Session - (488)

Weakness Class Exposure of Resource to Wrong Sphere - (668)

Weakness Base External Control of Assumed-Immutable Web Parameter - (472)

Weakness Class External Control of File Name or Path - (73)

Weakness Variant Free of Memory not on the Heap - (590)

Weakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)

Weakness Class Improper Authentication - (287)

Weakness Variant Improper Clearing of Heap Memory Before Release ('Heap Inspection') - (244)

Weakness Base Improper Control of Document Type Definition - (827)

Weakness Base Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') - (98)

Weakness Class Improper Control of Generation of Code ('Code Injection') - (94)

Weakness Class Improper Encoding or Escaping of Output - (116)

Weakness Variant Improper Handling of Alternate Encoding - (173)

Weakness Base Improper Handling of Case Sensitivity - (178)

Weakness Base Improper Handling of Extra Values - (231)

Weakness Base Improper Handling of Length Parameter Inconsistency - (130)

Weakness Class Improper Input Validation - (20)

Weakness Class Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)

Weakness Base Improper Link Resolution Before File Access ('Link Following') - (59)

Weakness Base Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)

Weakness Base Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)

Weakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)

Weakness Class Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - (74)

Weakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness Base Improper Null Termination - (170)

Weakness Base Improper Output Neutralization for Logs - (117)

Weakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness Base Improper Resolution of Path Equivalence - (41)

Weakness Class Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)

Weakness Base Improper Synchronization - (662)

Weakness Base Improper Validation of Array Index - (129)

Weakness Base Incomplete Blacklist - (184)

Weakness Class Incorrect Calculation - (682)

Weakness Base Incorrect Calculation of Buffer Size - (131)

Weakness Base Incorrect Conversion between Numeric Types - (681)

Weakness Class Incorrect Regular Expression - (185)

Weakness Class Incorrect Resource Transfer Between Spheres - (669)

Weakness Class Information Exposure - (200)

Weakness Base Information Exposure Through an Error Message - (209)

Weakness Base Information Exposure Through Timing Discrepancy - (208)

Weakness Class Insufficient Comparison - (697)

Weakness Base Insufficient Resource Pool - (410)

Weakness Base Insufficient Session Expiration - (613)

Weakness Base Integer Overflow or Wraparound - (190)

Weakness Base Missing Critical Step in Authentication - (304)

Weakness Class Missing Custom Error Page - (756)

Weakness Base Missing Handler - (431)

Weakness Base Missing Initialization - (456)

Weakness Base Modification of Assumed-Immutable Data (MAID) - (471)

Weakness Base NULL Pointer Dereference - (476)

Weakness Base Numeric Range Comparison Without Minimum Check - (839)

Weakness Base Off-by-one Error - (193)

Weakness Base Operation on a Resource after Expiration or Release - (672)

Weakness Base Out-of-bounds Read - (125)

Weakness Base Out-of-bounds Write - (787)

Weakness Base Partial Comparison - (187)

Weakness Variant Path Equivalence: '/multiple/trailing/slash//' - (52)

Weakness Variant Path Equivalence: 'filename ' (Trailing Space) - (46)

Weakness Variant Path Traversal: '....' (Multiple Dot) - (33)

Weakness Variant Path Traversal: '....//' - (34)

Weakness Variant Path Traversal: '.../...//' - (35)

Weakness Base Permissive Whitelist - (183)

Weakness Variant PHP External Variable Modification - (473)

Weakness Base Premature Release of Resource During Expected Lifetime - (826)

Weakness Base Race Condition Enabling Link Following - (363)

Weakness Variant Reachable Assertion - (617)

Weakness Base Reliance on Security Through Obscurity - (656)

Weakness Base Return of Stack Variable Address - (562)

Weakness Variant Sensitive Data Under Web Root - (219)

Weakness Variant Serializable Class Containing Sensitive Data - (499)

Weakness Base Signal Handler Race Condition - (364)

Weakness Variant Signal Handler Use of a Non-reentrant Function - (479)

Weakness Variant Signed to Unsigned Conversion Error - (195)

Weakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)

Weakness Base Uncaught Exception in Servlet - (600)

Weakness Base Unchecked Input for Loop Condition - (606)

Weakness Base Unchecked Return Value - (252)

Weakness Variant Uncontrolled Memory Allocation - (789)

Weakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)

Weakness Variant Unparsed Raw Web Content Delivery - (433)

Weakness Variant Unrestricted Recursive Entity References in DTDs ('XML Bomb') - (776)

Weakness Base Unrestricted Upload of File with Dangerous Type - (434)

Weakness Base Unsynchronized Access to Shared Data in a Multithreaded Context - (567)

Weakness Base Untrusted Pointer Dereference - (822)

Weakness Base Use After Free - (416)

Weakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)

Weakness Base Use of Hard-coded Cryptographic Key - (321)

Weakness Base Use of Hard-coded Password - (259)

Weakness Base Use of Inherently Dangerous Function - (242)

Weakness Base Use of Out-of-range Pointer Offset - (823)

Weakness Variant Use of sizeof() on a Pointer Type - (467)

Weakness Base Wrap-around Error - (128)

Weakness Base Write-what-where Condition - (123)

Page Last Updated: September 12, 2011


	CWE is a Software Assurance strategic initiative co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us