Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "CanResultIn" to "CanPrecede" in Draft 9. For each
mutual relationship between nodes A and B (such as ParentOf and
ChildOf), a relationship change is noted for both A and B.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| | | R |
1 |
Location |
| | | R |
2 |
Environment |
| | N | R |
5 |
J2EE Misconfiguration: Data Transmission Without Encryption |
| | | R |
6 |
J2EE Misconfiguration: Insufficient Session-ID Length |
| | | R |
8 |
J2EE Misconfiguration: Entity Bean Declared Remote |
| | N | R |
9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
| | | R |
12 |
ASP.NET Misconfiguration: Missing Custom Error Handling |
| | N | R |
14 |
Compiler Removal of Code to Clear Buffers |
| | N | R |
15 |
External Control of System or Configuration Setting |
| | | R |
18 |
Source Code |
| D | | R |
20 |
Insufficient Input Validation |
| D | | R |
22 |
Path Traversal |
| D | | |
23 |
Relative Path Traversal |
| | N | |
24 |
Path Traversal: '../filedir' |
| | N | |
25 |
Path Traversal: '/../filedir' |
| | N | |
26 |
Path Traversal: '/dir/../filename' |
| | N | |
27 |
Path Traversal: 'dir/../../filename' |
| | N | |
28 |
Path Traversal: '..\filename' |
| | N | |
29 |
Path Traversal: '\..\filename' |
| | N | |
30 |
Path Traversal: '\dir\..\filename' |
| | N | |
31 |
Path Traversal: 'dir\..\filename' |
| | N | |
32 |
Path Traversal: '...' (Triple Dot) |
| | N | |
33 |
Path Traversal: '....' (Multiple Dot) |
| | N | |
34 |
Path Traversal: '....//' |
| | N | |
35 |
Path Traversal: '.../...//' |
| D | | |
36 |
Absolute Path Traversal |
| | N | |
37 |
Path Traversal: '/absolute/pathname/here' |
| | N | |
38 |
Path Traversal: '\absolute\pathname\here' |
| | N | |
39 |
Path Traversal: 'C:dirname' |
| | N | |
40 |
Path Traversal: '\\UNC\share\name\' (Windows UNC Share) |
| | N | |
41 |
Failure to Resolve Path Equivalence |
| | N | |
42 |
Path Equivalence: 'filename.' (Trailing Dot) |
| | N | |
43 |
Path Equivalence: 'filename....' (Multiple Trailing Dot) |
| | N | |
44 |
Path Equivalence: 'file.name' (Internal Dot) |
| | N | |
45 |
Path Equivalence: 'file...name' (Multiple Internal Dot) |
| | N | |
46 |
Path Equivalence: 'filename ' (Trailing Space) |
| | N | |
47 |
Path Equivalence: ' filename (Leading Space) |
| | N | |
48 |
Path Equivalence: 'file name' (Internal Whitespace) |
| | N | |
49 |
Path Equivalence: 'filename/' (Trailing Slash) |
| | N | |
50 |
Path Equivalence: '//multiple/leading/slash' |
| | N | |
51 |
Path Equivalence: '/multiple//internal/slash' |
| | N | |
52 |
Path Equivalence: '/multiple/trailing/slash//' |
| | N | |
53 |
Path Equivalence: '\multiple\\internal\backslash' |
| | N | |
54 |
Path Equivalence: 'filedir\' (Trailing Backslash) |
| | N | |
55 |
Path Equivalence: '/./' (Single Dot Directory) |
| | N | |
56 |
Path Equivalence: 'filedir*' (Wildcard) |
| | N | |
57 |
Path Equivalence: 'dirname/fakechild/../realchild/filename' |
| | N | |
58 |
Path Equivalence: Windows 8.3 Filename |
| D | N | |
59 |
Failure to Resolve Links Before File Access (aka 'Link Following') |
| | | R |
62 |
UNIX Hard Link |
| D | N | R |
66 |
Failure to Handle File Names that Identify Virtual Resources |
| | N | |
67 |
Failure to Handle Windows Device Names |
| | N | R |
69 |
Failure to Handle Windows ::DATA Alternate Data Stream |
| | | R |
71 |
Apple '.DS_Store' |
| | | R |
72 |
Apple HFS+ Alternate Data Stream |
| | N | |
73 |
External Control of File Name or Path |
| | N | |
74 |
Failure to Sanitize Data into a Different Plane (aka 'Injection') |
| | N | |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
| D | N | |
76 |
Failure to Resolve Equivalent Special Elements into a Different Plane |
| | N | |
77 |
Failure to Sanitize Data into a Control Plane (aka 'Command Injection') |
| | N | |
78 |
Failure to Sanitize Data into an OS Command (aka 'OS Command Injection') |
| D | N | R |
79 |
Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS)) |
| | N | |
80 |
Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS) |
| | N | |
81 |
Failure to Sanitize Directives in an Error Message Web Page |
| | N | |
82 |
Failure to Sanitize Script in Attributes of IMG Tags in a Web Page |
| | N | |
83 |
Failure to Sanitize Script in Attributes in a Web Page |
| | N | |
84 |
Failure to Resolve Encoded URI Schemes in a Web Page |
| D | | |
88 |
Argument Injection or Modification |
| | N | |
89 |
Failure to Sanitize Data into SQL Queries (aka 'SQL Injection') |
| D | N | |
90 |
Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection') |
| D | N | |
93 |
Failure to Sanitize CRLF Sequences (aka 'CRLF Injection') |
| D | | R |
94 |
Code Injection |
| | N | |
95 |
Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection') |
| D | N | |
96 |
Insufficient Control of Directives in Statically Saved Code (Static Code Injection) |
| | N | |
97 |
Failure to Sanitize Server-Side Includes (SSI) Within a Web Page |
| | N | |
98 |
Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion') |
| | N | |
99 |
Insufficient Control of Resource Identifiers (aka 'Resource Injection') |
| | | R |
102 |
Struts: Duplicate Validation Forms |
| | N | |
111 |
Direct Use of Unsafe JNI |
| | N | |
113 |
Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting') |
| | N | |
115 |
Misinterpretation of Input |
| D | N | |
116 |
Incorrect Output Sanitization |
| D | N | |
117 |
Incorrect Output Sanitization for Logs |
| D | N | R |
119 |
Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer |
| | | R |
120 |
Unbounded Transfer ('Classic Buffer Overflow') |
| D | | |
122 |
Heap-based Buffer Overflow |
| D | | |
131 |
Incorrect Calculation of Buffer Size |
| | | R |
132 |
Miscalculated Null Termination |
| | | R |
133 |
String Errors |
| D | | R |
134 |
Uncontrolled Format String |
| D | N | R |
135 |
Incorrect Calculation of Multi-Byte String Length |
| | | R |
137 |
Representation Errors |
| D | N | R |
138 |
Failure to Sanitize Special Elements |
| D | N | |
140 |
Failure to Sanitize Delimiters |
| D | N | |
141 |
Failure to Sanitize Parameter/Argument Delimiters |
| D | N | |
142 |
Failure to Sanitize Value Delimiters |
| D | N | |
143 |
Failure to Sanitize Record Delimiters |
| D | N | |
144 |
Failure to Sanitize Line Delimiters |
| | N | |
145 |
Failure to Sanitize Section Delimiters |
| | N | |
146 |
Failure to Sanitize Expression/Command Delimiters |
| | N | |
147 |
Failure to Sanitize Input Terminators |
| | N | |
148 |
Failure to Sanitize Input Leaders |
| D | N | |
149 |
Failure to Sanitize Quoting Syntax |
| | N | |
150 |
Failure to Sanitize Escape, Meta, or Control Sequences |
| D | N | |
151 |
Failure to Sanitize Comment Element |
| D | N | |
152 |
Failure to Sanitize Macro Symbol |
| D | N | |
153 |
Failure to Sanitize Substitution Character |
| | N | |
154 |
Failure to Sanitize Variable Name Delimiter |
| D | N | |
155 |
Failure to Sanitize Wildcard or Matching Symbol |
| D | N | |
156 |
Failure to Sanitize Whitespace |
| | N | |
157 |
Failure to Sanitize Paired Delimiters |
| D | N | |
158 |
Failure to Sanitize Null Byte or NUL Character |
| | N | |
159 |
Failure to Sanitize Special Element |
| | N | |
160 |
Failure to Sanitize Leading Special Element |
| | N | |
161 |
Failure to Sanitize Multiple Leading Special Elements |
| | N | |
162 |
Failure to Sanitize Trailing Special Element |
| | N | |
163 |
Failure to Sanitize Multiple Trailing Special Elements |
| | N | |
164 |
Failure to Sanitize Internal Special Element |
| | N | |
165 |
Failure to Sanitize Multiple Internal Special Elements |
| | N | |
166 |
Failure to Handle Missing Special Element |
| D | N | |
167 |
Failure to Handle Additional Special Element |
| | N | |
168 |
Failure to Resolve Inconsistent Special Elements |
| D | | |
171 |
Cleansing, Canonicalization, and Comparison Errors |
| D | | |
172 |
Encoding Error |
| D | N | |
173 |
Failure to Handle Alternate Encoding |
| D | N | R |
174 |
Double Decoding of the Same Data |
| D | N | |
175 |
Failure to Handle Mixed Encoding |
| D | N | |
176 |
Failure to Handle Unicode Encoding |
| | N | |
177 |
Failure to Handle URL Encoding (Hex Encoding) |
| | N | |
178 |
Failure to Resolve Case Sensitivity |
| | N | R |
179 |
Incorrect Behavior Order: Early Validation |
| | N | R |
180 |
Incorrect Behavior Order: Validate Before Canonicalize |
| | N | R |
181 |
Incorrect Behavior Order: Validate Before Filter |
| | | R |
182 |
Collapse of Data Into Unsafe Value |
| | | R |
183 |
Permissive Whitelist |
| | | R |
184 |
Incomplete Blacklist |
| D | | |
186 |
Overly Restrictive Regular Expression |
| D | N | R |
188 |
Reliance on Data/Memory Layout |
| | | R |
189 |
Numeric Errors |
| D | | R |
191 |
Integer Underflow (Wrap or Wraparound) |
| D | | R |
193 |
Off-by-one Error |
| | N | R |
194 |
Incorrect Sign Extension |
| | | R |
195 |
Signed to Unsigned Conversion Error |
| D | | R |
196 |
Unsigned to Signed Conversion Error |
| | | R |
197 |
Numeric Truncation Error |
| | N | R |
198 |
Use of Incorrect Byte Ordering |
| | N | |
202 |
Privacy Leak through Data Queries |
| D | | R |
209 |
Error Message Information Leaks |
| | N | |
214 |
Process Environment Information Leak |
| D | | R |
221 |
Information Loss or Omission |
| D | | |
223 |
Omission of Security-relevant Information |
| D | N | |
226 |
Sensitive Information Uncleared Before Release |
| | N | R |
227 |
Failure to Fulfill API Contract (aka 'API Abuse') |
| | | R |
228 |
Structure and Validity Problems |
| | N | |
229 |
Improper Handling of Values |
| | N | |
230 |
Failure to Handle Missing Value |
| | N | |
231 |
Failure to Handle Extra Value |
| | N | |
232 |
Failure to Handle Undefined Value |
| | N | |
234 |
Failure to Handle Missing Parameter |
| D | N | |
235 |
Failure to Handle Extra Parameter |
| D | N | |
236 |
Failure to Handle Undefined Parameter |
| | N | |
238 |
Failure to Handle Missing Element |
| | N | |
239 |
Failure to Handle Incomplete Element |
| | N | |
240 |
Failure to Resolve Inconsistent Elements |
| | N | |
241 |
Failure to Handle Wrong Data Type |
| D | N | R |
242 |
Use of Inherently Dangerous Function |
| D | | R |
243 |
Failure to Change Working Directory in chroot Jail |
| | N | R |
244 |
Failure to Clear Heap Memory Before Release |
| D | N | R |
245 |
J2EE Bad Practices: Direct Management of Connections |
| D | N | R |
246 |
J2EE Bad Practices: Direct Use of Sockets |
| | N | R |
247 |
Reliance on DNS Lookups in a Security Decision |
| | | R |
248 |
Uncaught Exception |
| | | R |
249 |
Often Misused: Path Manipulation |
| | | R |
250 |
Design Principle Violation: Failure to Use Least Privilege |
| | | R |
251 |
Often Misused: String Management |
| | | R |
252 |
Unchecked Return Value |
| | | R |
253 |
Misinterpreted Function Return Value |
| | | R |
254 |
Security Features |
| | | R |
258 |
Empty Password in Configuration File |
| | | R |
259 |
Hard-Coded Password |
| | | R |
260 |
Password in Configuration File |
| | N | R |
262 |
Not Using Password Aging |
| | N | R |
263 |
Password Aging with Long Expiration |
| | N | |
267 |
Privilege Defined With Unsafe Actions |
| | N | |
274 |
Failure to Handle Insufficient Privileges |
| | | R |
275 |
Permission Issues |
| | | R |
276 |
Insecure Default Permissions |
| | | R |
281 |
Permission Preservation Failure |
| | N | |
282 |
Improper Ownership Management |
| D | | |
284 |
Access Control Issues |
| | N | R |
287 |
Insufficient Authentication |
| | | R |
296 |
Failure to Follow Chain of Trust in Certificate Validation |
| | | R |
297 |
Failure to Validate Host-specific Certificate Data |
| | | R |
298 |
Failure to Validate Certificate Expiration |
| | | R |
299 |
Failure to Check for Certificate Revocation |
| D | N | |
300 |
Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle') |
| D | N | |
303 |
Improper Implementation of Authentication Algorithm |
| | | R |
304 |
Missing Critical Step in Authentication |
| | N | |
307 |
Failure to Restrict Excessive Authentication Attempts |
| | N | |
308 |
Use of Single-factor Authentication |
| | N | |
309 |
Use of Password System for Primary Authentication |
| | | R |
310 |
Cryptographic Issues |
| | N | R |
311 |
Failure to Encrypt Sensitive Data |
| D | | R |
312 |
Plaintext Storage of Sensitive Information |
| D | N | |
313 |
Plaintext Storage in a File or on Disk |
| D | N | |
314 |
Plaintext Storage in the Registry |
| D | N | |
315 |
Plaintext Storage in a Cookie |
| D | | |
316 |
Plaintext Storage in Memory |
| D | | |
317 |
Plaintext Storage in GUI |
| | | R |
319 |
Plaintext Transmission of Sensitive Information |
| D | | R |
321 |
Use of Hard-coded Cryptographic Key |
| D | | R |
322 |
Key Exchange without Entity Authentication |
| D | N | R |
324 |
Use of a Key Past its Expiration Date |
| | | R |
325 |
Missing Required Cryptographic Step |
| | | R |
326 |
Weak Encryption |
| | N | |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
| D | | |
328 |
Reversible One-Way Hash |
| D | | R |
329 |
Not Using a Random IV with CBC Mode |
| | N | R |
330 |
Use of Insufficiently Random Values |
| D | | |
332 |
Insufficient Entropy in PRNG |
| | N | |
333 |
Failure to Handle Insufficient Entropy in TRNG |
| | | R |
334 |
Small Space of Random Values |
| D | | |
335 |
PRNG Seed Error |
| D | N | |
338 |
Use of Cryptographically Weak PRNG |
| | | R |
341 |
Predictable from Observable State |
| | | R |
342 |
Predictable Exact Value from Previous Values |
| D | | R |
343 |
Predictable Value Range from Previous Values |
| D | N | R |
344 |
Use of Invariant Value in Dynamically Changing Context |
| D | N | R |
345 |
Insufficient Verification of Data Authenticity |
| D | N | |
349 |
Acceptance of Extraneous Untrusted Data With Trusted Data |
| | | R |
357 |
Insufficient UI Warning of Dangerous Operations |
| | | R |
358 |
Improperly Implemented Security Check for Standard |
| | | R |
359 |
Privacy Violation |
| | | R |
360 |
Trust of System Event Data |
| | | R |
361 |
Time and State |
| D | N | R |
362 |
Race Condition |
| D | | |
365 |
Race Condition in Switch |
| | | R |
373 |
State Synchronization Error |
| | | R |
374 |
Mutable Objects Passed by Reference |
| D | | R |
375 |
Passing Mutable Objects to an Untrusted Method |
| | N | R |
378 |
Creation of Temporary File With Insecure Permissions |
| | N | R |
379 |
Creation of Temporary File in Directory with Insecure Permissions |
| D | N | R |
382 |
J2EE Bad Practices: Use of System.exit() |
| | N | |
383 |
J2EE Bad Practices: Direct Use of Threads |
| D | | R |
386 |
Symbolic Name not Mapping to Correct Object |
| | | R |
389 |
Error Conditions, Return Values, Status Codes |
| | N | |
390 |
Detection of Error Condition Without Action |
| | N | |
392 |
Failure to Report Error in Status Code |
| D | N | |
393 |
Return of Wrong Status Code |
| D | | |
394 |
Unexpected Status Code or Return Value |
| | N | R |
395 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
| | N | |
396 |
Declaration of Catch for Generic Exception |
| | N | |
397 |
Declaration of Throws for Generic Exception |
| D | N | R |
398 |
Indicator of Poor Code Quality |
| | | R |
399 |
Resource Management Errors |
| | N | R |
401 |
Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak') |
| D | N | R |
402 |
Transmission of Private Resources into a New Sphere (aka 'Resource Leak') |
| D | | R |
404 |
Improper Resource Shutdown or Release |
| D | N | |
408 |
Incorrect Behavior Order: Early Amplification |
| | N | |
409 |
Failure to Handle Highly Compressed Data (Data Amplification) |
| | N | R |
412 |
Unrestricted Lock on Critical Resource |
| | | R |
413 |
Insufficient Resource Locking |
| | | R |
414 |
Missing Lock Check |
| D | | R |
415 |
Double Free |
| D | | R |
416 |
Use After Free |
| | | R |
419 |
Unprotected Primary Channel |
| | | R |
420 |
Unprotected Alternate Channel |
| D | N | |
421 |
Race Condition During Access to Alternate Channel |
| | | R |
422 |
Unprotected Windows Messaging Channel ('Shatter') |
| D | N | R |
424 |
Failure to Protect Alternate Path |
| | | R |
426 |
Untrusted Search Path |
| D | | |
428 |
Unquoted Search Path or Element |
| | | R |
429 |
Handler Errors |
| | N | R |
430 |
Deployment of Wrong Handler |
| | | R |
431 |
Missing Handler |
| | N | |
432 |
Dangerous Handler not Disabled During Sensitive Operations |
| | | R |
433 |
Unparsed Raw Web Content Delivery |
| | | R |
434 |
Unrestricted File Upload |
| | N | |
435 |
Interaction Error |
| | N | R |
436 |
Interpretation Conflict |
| D | N | |
437 |
Incomplete Model of Endpoint Features |
| | N | |
439 |
Behavioral Change in New Version or Environment |
| | | R |
440 |
Expected Behavior Violation |
| | | R |
441 |
Unintended Proxy/Intermediary |
| D | | |
443 |
DEPRECATED (Duplicate): HTTP response splitting |
| | N | R |
444 |
Interpretation Conflict in Web Traffic (aka 'HTTP Request Smuggling') |
| | N | |
445 |
User Interface Errors |
| | N | R |
446 |
UI Discrepancy for Security Feature |
| | | R |
447 |
Unimplemented or Unsupported Feature in UI |
| D | | R |
450 |
Multiple Interpretations of UI Input |
| | | R |
451 |
UI Misrepresentation of Critical Information |
| | | R |
452 |
Initialization and Cleanup Errors |
| | | R |
453 |
Insecure Default Variable Initialization |
| D | N | R |
454 |
External Initialization of Trusted Variables |
| D | | R |
455 |
Non-exit on Failed Initialization |
| | | R |
456 |
Missing Initialization |
| D | N | |
457 |
Use of Uninitialized Variable |
| D | N | R |
458 |
DEPRECATED: Incorrect Initialization |
| | | R |
459 |
Incomplete Cleanup |
| D | | R |
460 |
Improper Cleanup on Thrown Exception |
| | | R |
462 |
Duplicate Key in Associative List (Alist) |
| | N | |
463 |
Deletion of Data Structure Sentinel |
| | N | R |
464 |
Addition of Data Structure Sentinel |
| D | N | R |
466 |
Return of Pointer Value Outside of Expected Range |
| D | | R |
467 |
Use of sizeof() on a Pointer Type |
| | N | R |
468 |
Incorrect Pointer Scaling |
| D | N | R |
469 |
Use of Pointer Subtraction to Determine Size |
| D | N | R |
470 |
Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection') |
| D | N | |
472 |
External Control of Assumed-Immutable Web Parameter |
| D | N | R |
474 |
Use of Function with Inconsistent Implementations |
| | N | R |
475 |
Undefined Behavior for Input to API |
| D | | R |
476 |
NULL Pointer Dereference |
| D | | |
477 |
Use of Obsolete Functions |
| | N | |
478 |
Failure to Use Default Case in Switch |
| D | | |
479 |
Unsafe Function Call from a Signal Handler |
| D | N | |
480 |
Use of Incorrect Operator |
| D | | |
481 |
Assigning instead of Comparing |
| D | | |
482 |
Comparing instead of Assigning |
| D | | R |
483 |
Incorrect Block Delimitation |
| D | | R |
484 |
Omitted Break Statement |
| D | N | |
485 |
Insufficient Encapsulation |
| D | N | |
486 |
Comparison of Classes by Name |
| | N | |
487 |
Reliance on Package-level Scope |
| D | N | R |
488 |
Data Leak Between Sessions |
| D | | |
489 |
Leftover Debug Code |
| D | | |
490 |
Mobile Code Issues |
| D | N | |
491 |
Public cloneable() Method Without Final (aka 'Object Hijack') |
| | N | R |
492 |
Use of Inner Class Containing Sensitive Data |
| D | N | R |
493 |
Critical Public Variable Without Final Modifier |
| D | N | R |
494 |
Download of Untrusted Mobile Code Without Integrity Check |
| D | | |
495 |
Private Array-Typed Field Returned From A Public Method |
| | N | |
497 |
Information Leak of System Data |
| D | | |
498 |
Information Leak through Class Cloning |
| D | N | |
499 |
Serializable Class Containing Sensitive Data |
| D | N | |
500 |
Static Field Not Marked Final |
| D | | |
501 |
Trust Boundary Violation |
| D | | |
502 |
Deserialization of Untrusted Data |
| D | | R |
503 |
Byte/Object Code |
| D | | R |
504 |
Motivation/Intent |
| D | | |
505 |
Intentionally Introduced Weakness |
| D | | |
506 |
Embedded Malicious Code |
| D | | |
507 |
Trojan Horse |
| | N | |
509 |
Replicating Malicious Code (Virus or Worm) |
| D | | |
516 |
DEPRECATED (Duplicate): Covert Timing Channel |
| D | | |
519 |
.NET Environment Issues |
| | N | |
520 |
.NET Misconfiguration: Use of Impersonation |
| D | | R |
521 |
Weak Password Requirements |
| | | R |
522 |
Insufficiently Protected Credentials |
| D | | |
528 |
Information Leak Through Core Dump Files |
| D | | |
531 |
Information Leak Through Test Code |
| D | | |
534 |
Information Leak Through Debug Log Files |
| D | | |
542 |
Information Leak Through Cleanup Log Files |
| | | R |
543 |
Use of Singleton Pattern in a Non-thread-safe Manner |
| D | | |
544 |
Missing Error Handling Mechanism |
| | N | |
545 |
Use of Dynamic Class Loading |
| D | | |
546 |
Suspicious Comment |
| D | N | |
547 |
Use of Hard-coded, Security-relevant Constants |
| | | R |
549 |
Missing Password Field Masking |
| | N | |
551 |
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
| | N | R |
552 |
Files or Directories Accessible to External Parties |
| D | N | |
553 |
Command Shell in Externally Accessible Directory |
| D | N | |
554 |
ASP.NET Misconfiguration: Not Using Input Validation Framework |
| D | N | R |
555 |
J2EE Misconfiguration: Plaintext Password in Configuration File |
| | N | |
556 |
ASP.NET Misconfiguration: Use of Identity Impersonation |
| D | | |
557 |
Concurrency Issues |
| D | N | R |
558 |
Use of getlogin() in Multithreaded Application |
| | | R |
559 |
Often Misused: Arguments and Parameters |
| D | N | R |
560 |
Use of umask() with chmod-style Argument |
| D | | |
561 |
Dead Code |
| D | N | R |
562 |
Return of Stack Variable Address |
| | N | R |
565 |
Use of Cookies in Security Decision |
| D | | R |
567 |
Unsynchronized Access to Shared Data |
| | N | R |
568 |
finalize() Method Without super.finalize() |
| D | N | |
572 |
Call to Thread run() instead of start() |
| D | | R |
573 |
Failure to Follow Specification |
| D | | |
574 |
EJB Bad Practices: Use of Synchronization Primitives |
| D | | |
575 |
EJB Bad Practices: Use of AWT Swing |
| D | | |
576 |
EJB Bad Practices: Use of Java I/O |
| D | | |
577 |
EJB Bad Practices: Use of Sockets |
| D | | |
578 |
EJB Bad Practices: Use of Class Loader |
| D | | |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
| | N | |
580 |
clone() Method Without super.clone() |
| D | | |
581 |
Object Model Violation: Just One of Equals and Hashcode Defined |
| D | N | |
582 |
Array Declared Public, Final, and Static |
| | N | R |
583 |
finalize() Method Declared Public |
| D | | R |
584 |
Return Inside Finally Block |
| | | R |
586 |
Explicit Call to Finalize |
| D | | R |
587 |
Assignment of a Fixed Address to a Pointer |
| D | | |
588 |
Attempt to Access Child of a Non-structure Pointer |
| | N | R |
589 |
Call to Non-ubiquitous API |
| | N | |
590 |
Free of Invalid Pointer Not on the Heap |
| D | N | |
591 |
Sensitive Data Storage in Improperly Locked Memory |
| D | | |
592 |
Authentication Bypass Issues |
| | | R |
593 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
| | N | |
594 |
J2EE Framework: Saving Unserializable Objects to Disk |
| | N | |
595 |
Incorrect Syntactic Object Comparison |
| | N | |
596 |
Incorrect Semantic Object Comparison |
| D | N | |
597 |
Use of Wrong Operator in String Comparison |
| D | N | |
598 |
Information Leak Through Query Strings in GET Request |
| | N | |
599 |
Trust of OpenSSL Certificate Without Validation |
| D | N | R |
600 |
Failure to Catch All Exceptions (Missing Catch Block) |
| D | N | R |
601 |
URL Redirection to Untrusted Site |
| D | N | R |
602 |
Design Principle Violation: Client-Side Enforcement of Server-Side Security |
| D | N | |
603 |
Use of Client-Side Authentication |
| D | | R |
604 |
Deprecated |
| | N | R |
605 |
Multiple Binds to the Same Port |
| D | | |
606 |
Unchecked Input for Loop Condition |
| D | | |
607 |
Public Static Final Field References Mutable Object |
| D | | |
608 |
Struts: Non-private Field in ActionForm Class |
| D | N | R |
609 |
Double-Checked Locking |
| D | N | R |
610 |
Externally Controlled Reference to a Resource in Another Sphere |
| D | | R |
611 |
Information Leak Through XML External Entity File Disclosure |
| D | N | R |
612 |
Information Leak Through Indexing of Private Data |
| | | R |
613 |
Insufficient Session Expiration |
| D | N | |
614 |
Sensitive Cookie in HTTPS Session Without "Secure" Attribute |
| | | R |
617 |
Reachable Assertion |
| | | R |
618 |
Exposed Unsafe ActiveX Method |
| | N | R |
619 |
Dangling Database Cursor (aka 'Cursor Injection') |
| D | | R |
623 |
Unsafe ActiveX Control Marked Safe For Scripting |
| | | R |
624 |
Executable Regular Expression Error |
| D | | |
626 |
Null Byte Interaction Error (Poison Null Byte) |
| | | R |
627 |
Dynamic Variable Evaluation |
| D | N | R |
628 |
Function Call with Incorrectly Specified Arguments |
| D | | |
631 |
Resource-specific Weaknesses |
| | | R |
636 |
Design Principle Violation: Not Failing Securely |
| | N | R |
642 |
External Control of User State Data |
| | | R |
648 |
Improper Use of Privileged APIs |
| | N | |
649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| | | R |
657 |
Violation of Secure Design Principles |
