CWE - VIEW LIST: CWE-700: Seven Pernicious Kingdoms (1.6)

Home > CWE List > VIEW LIST: CWE-700: Seven Pernicious Kingdoms (1.6)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research
CWE/SANS Top 25
CWSS

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

CWE-700: Seven Pernicious Kingdoms

Seven Pernicious Kingdoms

Definition in a New Window

View ID: 700 (View: Graph)

Status: Incomplete

View Data

View Objective

This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.

View Metrics

	CWEs in this view		Total CWEs
Total	96	out of	791
Views	0	out of	22
Categories	7	out of	106
Weaknesses	87	out of	651
Compound_Elements	2	out of	12

View Audience

Stakeholder	Description
Developers	This view is useful for developers because it is organized around concepts with which developers are familiar, and it focuses on weaknesses that can be detected using source code analysis tools.

Alternate Terms

7PK:	"7PK" is frequently used by the MITRE team as an abbreviation.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	2	Environment	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	20	Improper Input Validation	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	227	Failure to Fulfill API Contract ('API Abuse')	Seven Pernicious Kingdoms (primary)700
HasMember	Category	254	Security Features	Seven Pernicious Kingdoms (primary)700
HasMember	Category	361	Time and State	Seven Pernicious Kingdoms (primary)700
HasMember	Category	388	Error Handling	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	398	Indicator of Poor Code Quality	Seven Pernicious Kingdoms (primary)700
HasMember	Weakness Class	485	Insufficient Encapsulation	Seven Pernicious Kingdoms (primary)700

Weakness Variant ASP.NET Misconfiguration: Creating Debug Binary - (11)

Weakness Variant ASP.NET Misconfiguration: Missing Custom Error Page - (12)

Weakness Variant ASP.NET Misconfiguration: Password in Configuration File - (13)

Compound Element: Composite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Variant Comparison of Classes by Name - (486)

Weakness Base Compiler Removal of Code to Clear Buffers - (14)

Weakness Variant Critical Public Variable Without Final Modifier - (493)

Weakness Variant Data Leak Between Sessions - (488)

Weakness Base Declaration of Catch for Generic Exception - (396)

Weakness Base Declaration of Throws for Generic Exception - (397)

Weakness Base Direct Use of Unsafe JNI - (111)

Weakness Variant Double Free - (415)

Weakness Variant Empty Password in Configuration File - (258)

Category Environment - (2)

Category Error Handling - (388)

Weakness Class Execution with Unnecessary Privileges - (250)

Weakness Class External Control of File Name or Path - (73)

Weakness Base External Control of System or Configuration Setting - (15)

Weakness Variant Failure to Change Working Directory in chroot Jail - (243)

Weakness Variant Failure to Clear Heap Memory Before Release ('Heap Inspection') - (244)

Weakness Class Failure to Constrain Operations within the Bounds of a Memory Buffer - (119)

Weakness Class Failure to Fulfill API Contract ('API Abuse') - (227)

Weakness Base Failure to Preserve Web Page Structure ('Cross-site Scripting') - (79)

Weakness Base Failure to Release Memory Before Removing Last Reference ('Memory Leak') - (401)

Weakness Base Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') - (113)

Weakness Base Hard-Coded Password - (259)

Weakness Class Improper Access Control (Authorization) - (285)

Weakness Base Improper Control of Resource Identifiers ('Resource Injection') - (99)

Weakness Class Improper Input Validation - (20)

Weakness Base Improper Null Termination - (170)

Weakness Base Improper Output Sanitization for Logs - (117)

Weakness Base Improper Resource Shutdown or Release - (404)

Weakness Class Improper Sanitization of Special Elements used in a Command ('Command Injection') - (77)

Weakness Base Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness Class Indicator of Poor Code Quality - (398)

Weakness Variant Information Leak of System Data - (497)

Weakness Base Insecure Temporary File - (377)

Weakness Class Insufficient Encapsulation - (485)

Weakness Base Integer Overflow or Wraparound - (190)

Weakness Variant J2EE Bad Practices: Direct Management of Connections - (245)

Weakness Variant J2EE Bad Practices: Direct Use of Sockets - (246)

Weakness Variant J2EE Bad Practices: Direct Use of Threads - (383)

Weakness Variant J2EE Bad Practices: Use of System.exit() - (382)

Weakness Variant J2EE Misconfiguration: Data Transmission Without Encryption - (5)

Weakness Variant J2EE Misconfiguration: Entity Bean Declared Remote - (8)

Weakness Variant J2EE Misconfiguration: Insufficient Session-ID Length - (6)

Weakness Variant J2EE Misconfiguration: Missing Custom Error Page - (7)

Weakness Variant J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)

Weakness Base Least Privilege Violation - (272)

Weakness Base Leftover Debug Code - (489)

Weakness Base Missing XML Validation - (112)

Category Mobile Code Issues - (490)

Weakness Base NULL Pointer Dereference - (476)

Category Often Misused: String Management - (251)

Weakness Variant Password in Configuration File - (260)

Weakness Variant Plaintext Storage of a Password - (256)

Weakness Class Privacy Violation - (359)

Weakness Variant Private Array-Typed Field Returned From A Public Method - (495)

Weakness Base Process Control - (114)

Weakness Variant Public cloneable() Method Without Final ('Object Hijack') - (491)

Weakness Variant Public Data Assigned to Private Array-Typed Field - (496)

Weakness Base Return of Pointer Value Outside of Expected Range - (466)

Category Security Features - (254)

Compound Element: Composite Session Fixation - (384)

Weakness Base Signal Handler Race Condition - (364)

Weakness Variant Struts: Duplicate Validation Forms - (102)

Weakness Variant Struts: Form Bean Does Not Extend Validation Class - (104)

Weakness Variant Struts: Form Field Without Validator - (105)

Weakness Variant Struts: Incomplete validate() Method Definition - (103)

Weakness Variant Struts: Plug-in Framework not in Use - (106)

Weakness Variant Struts: Unused Validation Form - (107)

Weakness Variant Struts: Unvalidated Action Form - (108)

Weakness Variant Struts: Validator Turned Off - (109)

Weakness Variant Struts: Validator Without Form Field - (110)

Category Temporary File Issues - (376)

Category Time and State - (361)

Weakness Base Time-of-check Time-of-use (TOCTOU) Race Condition - (367)

Weakness Base Trust Boundary Violation - (501)

Weakness Base Uncaught Exception - (248)

Weakness Base Unchecked Error Condition - (391)

Weakness Base Unchecked Return Value - (252)

Weakness Base Uncontrolled Format String - (134)

Weakness Base Undefined Behavior for Input to API - (475)

Weakness Base Unrestricted Externally Accessible Lock - (412)

Weakness Base Use After Free - (416)

Weakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)

Weakness Base Use of Function with Inconsistent Implementations - (474)

Weakness Variant Use of getlogin() in Multithreaded Application - (558)

Weakness Base Use of Inherently Dangerous Function - (242)

Weakness Variant Use of Inner Class Containing Sensitive Data - (492)

Weakness Class Use of Insufficiently Random Values - (330)

Weakness Base Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)

Weakness Base Use of Obsolete Functions - (477)

Weakness Variant Use of Path Manipulation Function without Maximum-sized Buffer - (785)

Weakness Variant Use of Uninitialized Variable - (457)

Weakness Variant Weak Cryptography for Passwords - (261)

Page Last Updated: October 29, 2009


	CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us