CWE
Home > CWE List > Reports > Differences between Draft 7 and Draft 8   View the CWE List

Differences between Draft 7 and Draft 8
Differences between Draft 7 and Draft 8

Summary
Summary
Total new 22
Total deprecated 0
Total shared 634
Total important changes 176
Total major changes 495
Total minor changes 33
Total minor changes (no major) 1
Total unchanged 138
Back to top
Attribute Change Summary
Attribute Change Summary

"Minor" changes are text changes that only affect capitalization, punctuation, and whitespace. All other changes are marked as "Major." Simple schema changes are ignored, such as the change from AffectedResource to Affected_Resource in Draft 8.

Attribute Major Minor
Affected_Resource 0 0
Alternate_Terms 2 0
Applicable_Platforms 3 0
Black_Box_Definition 0 0
CVEs_Mentioned 13 0
Causal_Nature 0 0
Common_Consequences 5 12
Common_Methods_of_Exploitation 2 0
Context_Notes 9 1
Demonstrative_Example 4 0
Description 54 14
Enabling_Factors_for_Exploitation 0 0
Functional_Area 1 0
Likelihood_of_Exploit 0 0
Name 27 3
Node_Relationship 112 0
Observed_Example 23 0
Potential_Mitigations 35 1
References 5 3
Related_Attack_Patterns 154 0
Research_Gaps 0 0
Source_Taxonomy 0 0
Time_of_Introduction 0 0
Type 349 0
Weakness_Ordinality 0 0
White_Box_Definition 12 0

Nodes Removed from Draft 7

CWE-ID CWE Name
None.

Nodes Added to Draft 8

CWE-ID CWE Name
636 Design Principle Violation: Not Failing Securely
637 Design Principle Violation: Not Using Economy of Mechanism
638 Design Principle Violation: Not Using Complete Mediation
639 Access Control Bypass Through User-Controlled Key
640 Weak Password Recovery Mechanism
641 Insufficient Filtering of File and Other Resource Names for Executable Content
642 Insufficient Management of User State
643 Unsafe Treatment of XPath Input
644 Insufficient Filtering of HTTP Headers for Scripting Syntax
645 Overly Restrictive Account Lockout Mechanism
646 Taking Actions based on File Name or Extension of a User Supplied File
647 Using Non-Canonical Paths for Authorization Decisions
648 Improper Use of Privileged APIs
649 Relying on Obfuscation or Encryption with no Integrity Checking to Protect User Controllable Parameters that are Used to Determine User or System State
650 Trusting HTTP Permission Methods on the Server Side
651 Information Leak through WSDL File
652 Unsafe Treatment of XQuery Input
653 Design Principle Violation: Insufficient Separation of Privileges
654 Design Principle Violation: Reliance on a Single Factor in a Security Decision
655 Design Principle Violation: Failure to Satisfy Psychological Acceptability
656 Design Principle Violation: Reliance on Security through Obscurity
657 Violation of Secure Design Principles

Nodes Deprecated in Draft 8

CWE-ID CWE Name
None.
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 15 Setting Manipulation
R 17 Code
R 22 Path Traversal
D 41 Path Equivalence
R 59 Link Following
D 60 UNIX Path Link Problems
R 61 UNIX Symbolic Link (Symlink) Following
D 74 Injection
D 75 Special Element Injection
D 76 Equivalent Special Element Injection
D 77 Command Injection
D R 78 OS Command Injection
D R 79 Cross-site Scripting (XSS)
D 80 Basic XSS
D 81 XSS in Error Pages
D 84 XSS using Script Via Encoded URI Schemes
D 85 Doubled Character XSS Manipulations
D 87 Alternate XSS Syntax
D 88 Argument Injection or Modification
D R 89 SQL Injection
D 90 LDAP Injection
R 91 XML Injection (aka Blind XPath Injection)
R 93 CRLF Injection
D 94 Code Injection
D 95 Direct Dynamic Code Evaluation ('Eval Injection')
D 96 Direct Static Code Injection
D 97 Server-Side Includes (SSI) Injection
D R 98 PHP File Inclusion
D R 99 Resource Injection
D R 113 HTTP Response Splitting
R 116 Output Validation
R 117 Log Forging
R 118 Range Errors
R 119 Buffer Errors
R 120 Unbounded Transfer ('Classic Buffer Overflow')
R 122 Heap-based Buffer Overflow
R 123 Write-what-where Condition
D 124 Boundary Beginning Violation ('Buffer Underwrite')
R 129 Unchecked Array Indexing
D R 130 Length Parameter Inconsistency
DN 131 Incorrect Calculation of Buffer Size
R 134 Uncontrolled Format String
D 138 Special Elements (Characters or Reserved Words)
N 147 Failure to Remove Input Terminator
N 148 Failure to Remove Input Leader
N 149 Failure to Remove Quoting Element
N 150 Failure to Remove Escape, Meta, or Control Character / Sequence
N 151 Failure to Remove Comment Element
N 152 Failure to Remove Macro Symbol
N 153 Failure to Remove Substitution Character
N 154 Failure to Remove Variable Name Delimiter
N 155 Failure to Remove Wildcard or Matching Element
N 156 Failure to Remove Whitespace
N 158 Failure to Remove Null Character / Null Byte
D 159 Common Special Element Manipulations
R 170 Improper Null Termination
R 178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
R 184 Incomplete Blacklist
R 190 Integer Overflow (Wrap or Wraparound)
R 193 Off-by-one Error
R 195 Signed to Unsigned Conversion Error
D 196 Unsigned to Signed Conversion Error
R 209 Error Message Information Leaks
R 216 Containment Errors (Container Errors)
D R 227 API Abuse
NR 242 Use of Inherently Dangerous Functions
DN 243 Failure to Change Working Directory in chroot Jail
N 248 Uncaught Exception
R 249 Often Misused: Path Manipulation
DNR 250 Design Principle Violation: Failure to Use Least Privilege
R 251 Often Misused: String Management
R 252 Unchecked Return Value
R 254 Security Features
R 255 Credentials Management
N 256 Plaintext Storage of a Password
R 259 Hard-Coded Password
R 261 Weak Cryptography for Passwords
R 264 Permissions, Privileges, and Access Controls
R 265 Privilege / Sandbox Issues
R 271 Privilege Dropping / Lowering Errors
R 275 Permission Issues
R 280 Failure to Handle Insufficient Permissions or Privileges
R 284 Access Control Issues
R 285 Missing or Inconsistent Access Control
R 287 Authentication Issues
R 288 Authentication Bypass by Alternate Path/Channel
R 289 Authentication Bypass by Alternate Name
R 291 Trusting Self-reported IP Address
D 294 Authentication Bypass by Capture-replay
D 300 Man-in-the-middle (MITM)
D 301 Reflection Attack in an Authentication Protocol
R 304 Missing Critical Step in Authentication
R 308 Using Single-factor Authentication
R 309 Using Password Systems
R 310 Cryptographic Issues
R 312 Plaintext Storage of Sensitive Information
R 319 Plaintext Transmission of Sensitive Information
R 321 Use of Hard-coded Cryptographic Key
R 326 Weak Encryption
R 340 Predictability Problems
R 345 Insufficient Verification of Data
R 346 Origin Validation Error
R 348 Use of Less Trusted Source
R 350 Improperly Trusted Reverse DNS
R 351 Insufficient Type Distinction
R 352 Cross-Site Request Forgery (CSRF)
D 355 User Interface Security Issues
R 358 Improperly Implemented Security Check for Standard
R 362 Race Conditions
R 371 State Issues
R 382 J2EE Bad Practices: System.exit()
N 383 J2EE Bad Practices: Use of Threads
D R 384 Session Fixation
R 385 Covert Timing Channel
R 386 Symbolic Name not Mapping to Correct Object
R 388 Error Handling
R 390 Improper Error Handling
R 398 Code Quality
R 401 Memory Leak
D 405 Asymmetric Resource Consumption (Amplification)
D 406 Network Amplification
D 407 Algorithmic Complexity
R 416 Use After Free
R 417 Channel and Path Errors
R 420 Unprotected Alternate Channel
D R 425 Direct Request ('Forced Browsing')
D R 426 Untrusted Search Path
R 427 Uncontrolled Search Path Element
R 428 Unquoted Search Path or Element
R 433 Unparsed Raw Web Content Delivery
R 434 Unrestricted File Upload
D 435 Interaction Errors
R 436 Multiple Interpretation Error (MIE)
R 441 Unintended Proxy/Intermediary
D 444 HTTP Request Smuggling
R 456 Missing Initialization
R 466 Illegal Pointer Value
R 467 Use of sizeof() on a Pointer Type
R 469 Improper Pointer Subtraction
R 470 Unsafe Reflection
R 471 Modification of Assumed-Immutable Data (MAID)
D R 472 Web Parameter Tampering
R 473 PHP External Variable Modification
R 476 NULL Pointer Dereference
N 477 Use of Obsolete Functions
R 480 Using the Wrong Operator
R 481 Assigning instead of Comparing
R 482 Comparing instead of Assigning
R 494 Mobile Code: Invoking Untrusted Mobile Code
R 495 Private Array-Typed Field Returned From A Public Method
R 496 Public Data Assigned to Private Array-Typed Field
D 502 Deserialization of Untrusted Data
N 505 Intentionally Introduced Weakness
N 506 Embedded Malicious Code
N 508 Non-Replicating Malicious Code
N 509 Replicating Malicious Code (virus)
D 510 Trapdoor
D 511 Logic/Time Bomb
N 513 Intentionally Introduced Nonmalicious Weakness
R 514 Covert Channel
N 517 Other Intentional, Nonmalicious Weakness
N 518 Inadvertently Introduced Weakness
D 529 Information Leak Through Access Control List Files
D 530 Information Leak Through Backup (.~bk) Files
D 536 Information Leak Through Servlet Runtime Error Message
R 538 File and Directory Information Leaks
D 564 SQL Injection: Hibernate
R 566 Access Control Bypass Through User-Controlled SQL Primary Key
R 573 Failure to Follow Specification
N 581 Object Model Violation: Just One of Equals and Hashcode Defined
D 582 Mobile Code: Unsafe Array Declaration
R 600 Missing Catch Block
R 602 Client-Side Enforcement of Server-Side Security
R 613 Insufficient Session Expiration
R 617 Reachable Assertion
R 630 Weaknesses Examined by SAMATE
Back to top
Detailed Difference Report
Detailed Difference Report
1 Location
Major Type
Minor None
2 Environment
Major Type
Minor None
3 Technology-specific Environment Issues
Major Type
Minor None
4 J2EE Environment Issues
Major Type
Minor None
5 J2EE Misconfiguration: Insecure Transport
Major Type
Minor None
6 J2EE Misconfiguration: Insufficient Session-ID Length
Major Type, Related_Attack_Patterns
Minor None
7 J2EE Misconfiguration: Missing Error Handling
Major Type
Minor None
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Type
Minor None
9 J2EE Misconfiguration: Weak Access Permissions
Major Type
Minor None
10 ASP.NET Environment Issues
Major Type
Minor None
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Type
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Handling
Major Type
Minor None
13 ASP.NET Misconfiguration: Password in Configuration File
Major Type
Minor None
15 Setting Manipulation
Major Description, Related_Attack_Patterns
Minor None
16 Configuration
Major Type
Minor None
17 Code
Major Type, Node_Relationship
Minor None
18 Source Code
Major Type
Minor None
19 Data Handling
Major Type, Related_Attack_Patterns
Minor None
20 Insufficient Input Validation
Major Related_Attack_Patterns
Minor None
21 Pathname Traversal and Equivalence Errors
Major Related_Attack_Patterns
Minor None
22 Path Traversal
Major Related_Attack_Patterns, Node_Relationship
Minor None
23 Relative Path Traversal
Major Related_Attack_Patterns
Minor None
24 Path Issue - Dot Dot Slash - '../filedir'
Major Type
Minor None
25 Path Issue - Leading Dot Dot Slash - '/../filedir'
Major Type
Minor None
26 Path Issue - Leading Directory Dot Dot Slash - '/directory/../filename'
Major Type
Minor None
27 Path Issue - Directory Doubled Dot Dot Slash - 'directory/../../filename'
Major Type
Minor None
28 Path Issue - Dot Dot Backslash - '..\filename'
Major Type
Minor None
29 Path Issue - Leading Dot Dot Backslash - '\..\filename'
Major Type
Minor None
30 Path Issue - Leading Directory Dot Dot Backslash - '\directory\..\filename'
Major Type
Minor None
31 Path Issue - Directory Doubled Dot Dot Backslash - 'directory\..\..\filename'
Major Type
Minor None
32 Path Issue - Triple Dot - '...'
Major Type
Minor None
33 Path Issue - Multiple Dot - '....'
Major Type
Minor None
34 Path Issue - Doubled Dot Dot Slash - '....//'
Major Type
Minor None
35 Path Issue - Doubled Triple Dot Slash - '.../...//'
Major Type
Minor None
37 Path Issue - Slash Absolute Path - /absolute/pathname/here
Major Type
Minor None
38 Path Issue - Backslash Absolute Path - \absolute\pathname\here
Major Type
Minor None
39 Path Issue - Drive Letter or Windows Volume - 'C:dirname'
Major Type
Minor None
40 Path Issue - Windows UNC Share - '\\UNC\share\name\'
Major Type
Minor None
41 Path Equivalence
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
42 Path Issue - Trailing Dot - 'filedir.'
Major Type
Minor None
43 Path Issue - Multiple Trailing Dot - 'filedir....'
Major Type
Minor None
44 Path Issue - Internal Dot - 'file.ordir'
Major Type
Minor None
45 Path Issue - Multiple Internal Dot - 'file...dir'
Major Type
Minor None
46 Path Issue - Trailing Space - 'filedir '
Major Type
Minor None
47 Path Issue - Leading Space - ' filedir'
Major Type
Minor None
48 Path Issue - Internal Space - file(SPACE)name
Major Type
Minor None
49 Path Issue - Trailing Slash - filedir/
Major Type
Minor None
50 Path Issue - Multiple Leading Slash - //multiple/leading/slash
Major Type
Minor None
51 Path Issue - Multiple Internal Slash - /multiple//internal/slash
Major Type
Minor None
52 Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//
Major Type
Minor None
53 Path Issue - Multiple Internal Backslash - \multiple\\internal\backslash
Major Type
Minor None
54 Path Issue - Trailing Backslash - (filedir\)
Major Type
Minor None
55 Path Issue - Single Dot Directory - /./
Major Type
Minor None
56 Path Issue - Asterisk Wildcard - filedir*
Major Type
Minor None
57 Path Issue - dirname/fakechild/../realchild/filename
Major Type
Minor None
58 Path Issue - Windows 8.3 Filename
Major Type
Minor None
59 Link Following
Major Related_Attack_Patterns, Node_Relationship
Minor None
60 UNIX Path Link Problems
Major Type, Description
Minor None
61 UNIX Symbolic Link (Symlink) Following
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
62 UNIX Hard Link
Major Type
Minor None
63 Windows Path Link Problems
Major Type
Minor None
64 Windows Shortcut Following (.LNK)
Major Type
Minor None
65 Windows Hard Link
Major Type
Minor None
66 Virtual Files
Major Type
Minor None
67 Windows MS-DOS Device Names
Major Type
Minor None
68 Windows Virtual File Problems
Major Type
Minor None
69 Windows ::DATA Alternate Data Stream
Major Type, Related_Attack_Patterns
Minor None
70 Mac Virtual File Problems
Major Type
Minor None
71 Apple '.DS_Store'
Major Type
Minor None
72 Apple HFS+ Alternate Data Stream
Major Type
Minor None
73 Path Manipulation
Major Related_Attack_Patterns
Minor None
74 Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor Common_Consequences
75 Special Element Injection
Major Description, Potential_Mitigations
Minor None
76 Equivalent Special Element Injection
Major Type, Description, Potential_Mitigations
Minor None
77 Command Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor Common_Consequences
78 OS Command Injection
Major Description, Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
79 Cross-site Scripting (XSS)
Major Description, Context_Notes, Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Node_Relationship
Minor Common_Consequences
80 Basic XSS
Major Type, Description, Related_Attack_Patterns, White_Box_Definition, Potential_Mitigations
Minor None
81 XSS in Error Pages
Major Type, Description, Potential_Mitigations
Minor None
82 Script in IMG Tags
Major Type, Related_Attack_Patterns
Minor None
83 XSS using Script in Attributes
Major Type, Related_Attack_Patterns, Potential_Mitigations
Minor None
84 XSS using Script Via Encoded URI Schemes
Major Type, Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
85 Doubled Character XSS Manipulations
Major Type, Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
86 Invalid Characters in Identifiers
Major Type, Related_Attack_Patterns
Minor None
87 Alternate XSS Syntax
Major Type, Description, Potential_Mitigations
Minor None
88 Argument Injection or Modification
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
89 SQL Injection
Major Description, Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor Common_Consequences
90 LDAP Injection
Major Description, Potential_Mitigations
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Related_Attack_Patterns, Node_Relationship
Minor None
92 Custom Special Character Injection
Major Related_Attack_Patterns, Potential_Mitigations
Minor None
93 CRLF Injection
Major Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
94 Code Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
95 Direct Dynamic Code Evaluation ('Eval Injection')
Major Description, Related_Attack_Patterns
Minor None
96 Direct Static Code Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
97 Server-Side Includes (SSI) Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
98 PHP File Inclusion
Major Description, Node_Relationship
Minor None
99 Resource Injection
Major Description, Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor None
102 Struts: Duplicate Validation Forms
Major Type
Minor None
103 Struts: Incomplete validate() Method Definition
Major Type
Minor None
104 Struts: Form Bean Does Not Extend Validation Class
Major Type
Minor None
105 Struts: Form Field Without Validator
Major Type
Minor None
106 Struts: Plug-in Framework not in Use
Major Type
Minor None
107 Struts: Unused Validation Form
Major Type
Minor None
108 Struts: Unvalidated Action Form
Major Type
Minor None
109 Struts: Validator Turned Off
Major Type
Minor None
110 Struts: Validator Without Form Field
Major Type
Minor None
112 Missing XML Validation
Major Related_Attack_Patterns
Minor None
113 HTTP Response Splitting
Major Description, Observed_Example, Related_Attack_Patterns, Node_Relationship
Minor None
116 Output Validation
Major Related_Attack_Patterns, Node_Relationship
Minor None
117 Log Forging
Major References, Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
118 Range Errors
Major Related_Attack_Patterns, Node_Relationship
Minor None
119 Buffer Errors
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
120 Unbounded Transfer ('Classic Buffer Overflow')
Major Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor None
121 Stack-based Buffer Overflow
Major Type, White_Box_Definition
Minor None
122 Heap-based Buffer Overflow
Major Type, Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Node_Relationship
Minor None
123 Write-what-where Condition
Major Node_Relationship
Minor None
124 Boundary Beginning Violation ('Buffer Underwrite')
Major Description
Minor None
126 Buffer Over-read
Major Type
Minor None
127 Buffer Under-read
Major Type
Minor None
128 Wrap-around Error
Major Related_Attack_Patterns
Minor None
129 Unchecked Array Indexing
Major Node_Relationship
Minor Common_Consequences
130 Length Parameter Inconsistency
Major Description, Related_Attack_Patterns, Node_Relationship
Minor None
131 Incorrect Calculation of Buffer Size
Major Name, Type, Description, Observed_Example, Related_Attack_Patterns
Minor None
133 String Errors
Major Type
Minor None
134 Uncontrolled Format String
Major Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Node_Relationship
Minor None
135 Improper String Length Checking
Major Demonstrative_Example
Minor None
136 Type Errors
Major Type
Minor None
137 Representation Errors
Major Type
Minor None
138 Special Elements (Characters or Reserved Words)
Major Type, Description, Related_Attack_Patterns
Minor None
139 General Special Element Problems
Major Type
Minor None
140 Delimiter Problems
Major Type, Related_Attack_Patterns
Minor None
141 Parameter Delimiter
Major Type
Minor None
142 Value Delimiter
Major Type
Minor None
143 Record Delimiter
Major Type
Minor Description
144 Line Delimiter
Major Type
Minor Description
145 Section Delimiter
Major Type
Minor Description
146 Delimiter between Expressions or Commands
Major Type, Related_Attack_Patterns
Minor Description
147 Failure to Remove Input Terminator
Major Name, Type
Minor None
148 Failure to Remove Input Leader
Major Name, Type
Minor None
149 Failure to Remove Quoting Element
Major Name, Type
Minor None
150 Failure to Remove Escape, Meta, or Control Character / Sequence
Major Name, Type, Related_Attack_Patterns
Minor None
151 Failure to Remove Comment Element
Major Name, Type
Minor None
152 Failure to Remove Macro Symbol
Major Name, Type
Minor Description
153 Failure to Remove Substitution Character
Major Name, Type
Minor None
154 Failure to Remove Variable Name Delimiter
Major Name, Type, Related_Attack_Patterns
Minor Description
155 Failure to Remove Wildcard or Matching Element
Major Name, Type
Minor None
156 Failure to Remove Whitespace
Major Name, Type
Minor None
157 Grouping Element / Paired Delimiter
Major Type, Related_Attack_Patterns
Minor None
158 Failure to Remove Null Character / Null Byte
Major Name, Type, Related_Attack_Patterns
Minor None
159 Common Special Element Manipulations
Major Description
Minor None
160 Leading Special Element
Major Type
Minor Description
161 Multiple Leading Special Elements
Major Type
Minor Description
162 Trailing Special Element
Major Type
Minor Description
163 Multiple Trailing Special Elements
Major Type
Minor Description
164 Internal Special Element
Major Type
Minor Description
165 Multiple Internal Special Elements
Major Type
Minor Description
169 Technology-Specific Special Elements
Major Type
Minor None
170 Improper Null Termination
Major White_Box_Definition, Node_Relationship
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major Type, Related_Attack_Patterns
Minor None
172 Encoding Error
Major Type, Related_Attack_Patterns
Minor None
173 Alternate Encoding
Major Type, Related_Attack_Patterns
Minor None
174 Double Encoding
Major Type
Minor None
175 Mixed Encoding
Major Type
Minor None
176 Unicode Encoding
Major Type, Related_Attack_Patterns
Minor None
177 URL Encoding (Hex Encoding)
Major Type, Related_Attack_Patterns
Minor None
178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
Major Observed_Example, Functional_Area, CVEs_Mentioned, Node_Relationship
Minor None
179 Early Validation Errors
Major Related_Attack_Patterns
Minor None
180 Validate-Before-Canonicalize
Major Type, Related_Attack_Patterns
Minor None
181 Validate-before-filter
Major Type, Related_Attack_Patterns
Minor Name
183 Permissive Whitelist
Major Related_Attack_Patterns
Minor None
184 Incomplete Blacklist
Major Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Node_Relationship
Minor None
185 Regular Expression Error
Major Related_Attack_Patterns
Minor None
189 Numeric Errors
Major Type
Minor None
190 Integer Overflow (Wrap or Wraparound)
Major Related_Attack_Patterns, Node_Relationship
Minor None
192 Integer Coercion Error
Major Type
Minor None
193 Off-by-one Error
Major Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
195 Signed to Unsigned Conversion Error
Major Type, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
196 Unsigned to Signed Conversion Error
Major Type, Description, Related_Attack_Patterns
Minor None
199 Information Management Errors
Major Type
Minor None
200 Information Leak (Information Disclosure)
Major Related_Attack_Patterns
Minor None
201 Information Leak Through Sent Data
Major Type, Related_Attack_Patterns
Minor None
202 Information Leak Through Data Queries
Major Type
Minor None
205 Behavioral Discrepancy Information Leak
Major Type
Minor None
206 Internal Behavioral Inconsistency Information Leak
Major Type
Minor None
207 External Behavioral Inconsistency Information Leak
Major Type
Minor None
209 Error Message Information Leaks
Major Related_Attack_Patterns, Node_Relationship
Minor None
212 Cross-boundary Cleansing Information Leak
Major Type, Context_Notes
Minor Name
214 Process Information Leak to Other Processes
Major Type
Minor None
215 Information Leak Through Debug Information
Major Type
Minor None
216 Containment Errors (Container Errors)
Major Node_Relationship
Minor None
217 Failure to Protect Stored Data from Modification
Major Related_Attack_Patterns
Minor None
219 Sensitive Data Under Web Root
Major Type
Minor None
220 Sensitive Data Under FTP Root
Major Type
Minor