CWE - VIEW LIST: CWE-900: Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (2.1)

Home > CWE List > VIEW LIST: CWE-900: Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (2.1)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Contact Us
Search the Site

CWE-900: Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors

Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors

Definition in a New Window

View ID: 900 (View: Graph)

Status: Incomplete

View Data

View Objective

CWE entries in this view (graph) are listed in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.

View Metrics

	CWEs in this view		Total CWEs
Total	45	out of	909
Views	0	out of	29
Categories	4	out of	178
Weaknesses	40	out of	693
Compound_Elements	1	out of	9

View Audience

Stakeholder	Description
Developers	By following the Top 25, developers will be able to significantly reduce the number of weaknesses that occur in their software.
Software_Customers	If a software developer claims to be following the Top 25, then customers can use the weaknesses in this view in order to formulate independent evidence of that claim.
Educators	Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could focus on the Top 25.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
HasMember	Category	864	2011 Top 25 - Insecure Interaction Between Components	Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (primary)900
HasMember	Category	865	2011 Top 25 - Risky Resource Management	Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (primary)900
HasMember	Category	866	2011 Top 25 - Porous Defenses	Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (primary)900
HasMember	Category	867	2011 Top 25 - Weaknesses On the Cusp	Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (primary)900

References

"2011 CWE/SANS Top 25 Most Dangerous Software Errors". 2011-06-27. <http://cwe.mitre.org/top25>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2011-06-25			Internal CWE Team
2011-06-25

Category 2011 Top 25 - Insecure Interaction Between Components - (864)

Category 2011 Top 25 - Porous Defenses - (866)

Category 2011 Top 25 - Risky Resource Management - (865)

Category 2011 Top 25 - Weaknesses On the Cusp - (867)

Weakness Base Allocation of Resources Without Limits or Throttling - (770)

Weakness Base Buffer Access with Incorrect Length Value - (805)

Weakness Base Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') - (120)

Weakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)

Compound Element: Composite Cross-Site Request Forgery (CSRF) - (352)

Weakness Base Download of Code Without Integrity Check - (494)

Weakness Class Execution with Unnecessary Privileges - (250)

Weakness Base Expired Pointer Dereference - (825)

Weakness Class Improper Check for Unusual or Exceptional Conditions - (754)

Weakness Base Improper Cross-boundary Removal of Sensitive Data - (212)

Weakness Base Improper Enforcement of Behavioral Workflow - (841)

Weakness Class Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)

Weakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)

Weakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)

Weakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)

Weakness Base Improper Restriction of Excessive Authentication Attempts - (307)

Weakness Base Improper Validation of Array Index - (129)

Weakness Base Inappropriate Encoding for Output Context - (838)

Weakness Class Inclusion of Functionality from Untrusted Control Sphere - (829)

Weakness Class Incorrect Authorization - (863)

Weakness Base Incorrect Calculation of Buffer Size - (131)

Weakness Base Incorrect Conversion between Numeric Types - (681)

Weakness Class Incorrect Permission Assignment for Critical Resource - (732)

Weakness Base Information Exposure Through an Error Message - (209)

Weakness Base Integer Overflow or Wraparound - (190)

Weakness Variant Missing Authentication for Critical Function - (306)

Weakness Class Missing Authorization - (862)

Weakness Base Missing Encryption of Sensitive Data - (311)

Weakness Base Missing Initialization - (456)

Weakness Base Missing Release of Resource after Effective Lifetime - (772)

Weakness Base NULL Pointer Dereference - (476)

Weakness Base Reliance on Untrusted Inputs in a Security Decision - (807)

Weakness Base Uncontrolled Format String - (134)

Weakness Base Unrestricted Upload of File with Dangerous Type - (434)

Weakness Base Untrusted Pointer Dereference - (822)

Weakness Variant URL Redirection to Untrusted Site ('Open Redirect') - (601)

Weakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)

Weakness Class Use of a One-Way Hash without a Salt - (759)

Weakness Base Use of Hard-coded Credentials - (798)

Weakness Class Use of Insufficiently Random Values - (330)

Weakness Base Use of Potentially Dangerous Function - (676)

Page Last Updated: May 14, 2012


	CWE is co-sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2012, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us