CWE - VIEW LIST: CWE-679: Chain Elements (Draft 9)

Home > CWE List > VIEW LIST: CWE-679: Chain Elements (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

(CWE-679)

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

VIEW LIST: CWE-679: Chain Elements (Draft 9)

View ID

Status: Draft

679 (View)

Objective

This view (slice) displays only weakness elements that are part of a chain.

View Data

Filter Used: (.//Relationship_Nature='CanPrecede') or (@*[contains(name(),'ID')] = //Relationship_Target_ID[../Relationship_Nature='CanPrecede'])

	CWEs in this view		Total CWEs
Total	43	out of	695
Views	0	out of	14
Categories	1	out of	64
Weaknesses	36	out of	605
Compound_Elements	6	out of	12

Authentication Bypass by Alternate Name - (289)

Cleansing, Canonicalization, and Comparison Errors - (171)

Design Principle Violation: Client-Side Enforcement of Server-Side Security - (602)

Design Principle Violation: Reliance on Security through Obscurity - (656)

Detection of Error Condition Without Action - (390)

Download of Untrusted Mobile Code Without Integrity Check - (494)

Error Message Information Leaks - (209)

External Control of Assumed-Immutable Web Parameter - (472)

Failure to Catch All Exceptions (Missing Catch Block) - (600)

Failure to Handle Alternate Encoding - (173)

Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak') - (401)

Failure to Resolve Case Sensitivity - (178)

Failure to Sanitize CRLF Sequences (aka 'CRLF Injection') - (93)

Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting') - (113)

Failure to Sanitize Data into an OS Command (aka 'OS Command Injection') - (78)

Failure to Sanitize Data into SQL Queries (aka 'SQL Injection') - (89)

Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS)) - (79)

Hard-Coded Password - (259)

Heap-based Buffer Overflow - (122)

Improper Null Termination - (170)

Incomplete Blacklist - (184)

Incomplete Blacklist to Cross-Site Scripting - (692)

Incorrect Output Sanitization for Logs - (117)

Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion') - (98)

Integer Overflow (Wrap or Wraparound) - (190)

Integer Overflow to Buffer Overflow - (680)

Missing Initialization - (456)

Modification of Assumed-Immutable Data (MAID) - (471)

NULL Pointer Dereference - (476)

Off-by-one Error - (193)

Path Equivalence: '/multiple/trailing/slash//' - (52)

Path Equivalence: 'filename ' (Trailing Space) - (46)

PHP External Variable Modification - (473)

Reachable Assertion - (617)

Signed to Unsigned Conversion Error - (195)

Unbounded Transfer ('Classic Buffer Overflow') - (120)

Unchecked Return Value - (252)

Unchecked Return Value to NULL Pointer Dereference - (690)

Unparsed Raw Web Content Delivery - (433)

Unrestricted File Upload - (434)

Use After Free - (416)

Use of Hard-coded Cryptographic Key - (321)

Write-what-where Condition - (123)

Page Last Updated: April 11, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us