CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Draft 5 and Draft 6  
ID

Differences between Draft 5 and Draft 6
Differences between Draft 5 and Draft 6

Summary
Summary
Total new 28
Total deprecated 2
Total shared 599
Total important changes 91
Total major changes 155
Total minor changes 195
Total minor changes (no major) 137
Total unchanged 307
Back to top
Attribute Change Summary
Attribute Change Summary

"Minor" changes are text changes that only affect capitalization, punctuation, and whitespace. All other changes are marked as "Major."

Attribute Major Minor
AffectedResource 0 0
Alternate_Terms 2 0
Applicable_Platforms 6 0
CVEs_Mentioned 9 0
Causal_Nature 0 0
Common_Consequences 2 10
Common_Methods_of_Exploitation 0 0
Context_Notes 18 0
Demonstrative_Example 9 1
Description 33 0
Enabling_Factors_for_Exploitation 0 0
Functional_Area 1 0
Likelihood_of_Exploit 0 0
Name 9 1
Node_Relationship 58 0
Observed_Example 10 183
Potential_Mitigations 6 0
References 42 0
Research_Gaps 1 0
Source_Taxonomy 4 0
Time_of_Introduction 0 0
Type 24 0
Weakness_Ordinality 1 0

Nodes Removed from Draft 5

CWE-ID CWE Name
None.

Nodes Added to Draft 6

CWE-ID CWE Name
601 Unsafe URL Redirection
602 Client-Side Enforcement of Server-Side Security
603 Client-Side Authentication
604 Deprecated
605 Multiple Binds to Same Port
606 Unchecked Input for Loop Condition
607 Public Static Final Field References Mutable Object
608 Struts: Non-private Field in ActionForm Class
609 Double Checked Locking
610 Externally Controlled Reference to an Internal Resource
611 Information Leak Through XML External Entity File Disclosure
612 Information Leak Through Insecure Indexing
613 Insufficient Session Expiration
614 Unset Secure Attribute for Sensitive Cookies in HTTPS Session
615 Information Leak Through Comments
616 Incomplete Identification of Uploaded File Variables (PHP)
617 Reachable Assertion
618 Exposed Unsafe ActiveX Method
619 Dangling Database Cursor (Cursor Injection)
620 Unverified Password Change
621 Variable Extraction Error
622 Unvalidated Function Hook Arguments
623 Unsafe ActiveX Control Marked Safe For Scripting
624 Executable Regular Expression Error
625 Permissive Regular Expression
626 Null Byte Interaction Error (Poison Null Byte)
627 Dynamic Variable Evaluation
628 Incorrectly Specified Arguments

Nodes Deprecated in Draft 6

CWE-ID CWE Name
443 DEPRECATED (Duplicate): HTTP response splitting
516 DEPRECATED (Duplicate): Covert Timing Channel
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 20 Input Validation
R 32 Path Issue - triple dot - '...'
N 56 Path Issue - asterisk wildcard - filedir*
R 74 Injection
R 77 Command Injection
R 88 Argument Injection or Modification
R 93 CRLF Injection
R 94 Code Injection
D 95 Direct Dynamic Code Evaluation ('Eval Injection')
R 99 Resource Injection
R 100 Technology-Specific Input Validation Problems
R 101 STRUTS Validation Problems
D 111 Unsafe JNI
D R 113 HTTP Response Splitting
NR 120 Unbounded Transfer ('classic buffer overflow')
R 122 Heap overflow
R 123 Write-what-where condition
R 124 Boundary beginning violation ('buffer underwrite')
R 128 Wrap-around error
R 129 Unchecked array indexing
D 131 Other length calculation error
R 132 Miscalculated null termination
R 134 Format string vulnerability
D 141 Parameter Delimiter
D 142 Value Delimiter
D 143 Record Delimiter
D 144 Line Delimiter
D 145 Section Delimiter
D 146 Delimiter between Expressions or Commands
D 150 Escape, Meta, or Control Character / Sequence
D 151 Comment Element
D 152 Macro Symbol
D 153 Substitution Character
D 154 Variable Name Delimiter
D 155 Wildcard or Matching Element
D 156 Whitespace
D 158 Null Character / Null Byte
D 160 Leading Special Element
D 161 Multiple Leading Special Elements
D 162 Trailing Special Element
D 163 Multiple Trailing Special Elements
D 164 Internal Special Element
DN 165 Multiple Internal Special Elements
R 183 Permissive Whitelist
R 184 Incomplete Blacklist
R 185 Regular Expression Error
R 187 Partial Comparison
R 190 Integer overflow (wrap or wraparound)
R 200 Information Leak (information disclosure)
R 227 API Abuse
D 238 Missing Element Error
R 254 Security Features
R 255 Credentials Management
N 263 Allowing unchecked password aging
R 265 Privilege / sandbox Issues
R 267 Unsafe Privilege
R 287 Authentication Issues
R 290 Authentication Bypass by Spoofing
R 300 Man-in-the-middle (MITM)
R 311 Failure to encrypt data
D 329 Not using a random IV with CBC mode
R 346 Origin Validation Error
R 362 Race Conditions
D R 385 Covert Timing Channel
R 388 Error Handling
R 398 Code Quality
R 402 Resource leaks
R 420 Unprotected Alternate Channel
D 421 Alternate Channel Race Condition
R 429 Handler Errors
R 436 Multiple Interpretation Error (MIE)
R 442 Web problems
DNR 443 DEPRECATED (Duplicate): HTTP response splitting
D 444 HTTP Request Smuggling
D 447 Unimplemented or unsupported feature in UI
R 451 UI Misrepresentation of Critical Information
R 471 Modification of Assumed-Immutable Data
R 472 Web Parameter Tampering
R 473 PHP External Variable Modification
NR 476 Null Pointer Dereference
R 514 Covert Channel
R 515 Covert Storage Channel
DNR 516 DEPRECATED (Duplicate): Covert Timing Channel
R 522 Insufficiently Protected Credentials
R 538 File and Directory Information Leaks
R 540 Information Leak Through Source Code
N 546 Suspicious Comment
N 556 ASP.NET Misconfiguration: Identity Impersonation
R 559 Often Misused: Arguments and Parameters
D 565 Use of Cookies
R 592 Authentication Bypass Issues
Back to top
Detailed Difference Report
Detailed Difference Report
7 J2EE Misconfiguration: Missing Error Handling
Major References
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Handling
Major References
Minor None
14 Insecure Compiler Optimization
Major References
Minor None
20 Input Validation
Major Node_Relationship
Minor None
22 Path Traversal
Major Context_Notes
Minor None
23 Relative Path Traversal
Major Type
Minor None
27 Path Issue - directory doubled dot dot slash - 'directory/../../filename'
Major None
Minor Observed_Example
28 Path Issue - dot dot backslash - '..\filename'
Major None
Minor Observed_Example
29 Path Issue - leading dot dot backslash - '\..\filename'
Major None
Minor Observed_Example
32 Path Issue - triple dot - '...'
Major Node_Relationship
Minor Observed_Example
33 Path Issue - multiple dot - '....'
Major None
Minor Observed_Example
35 Path Issue - doubled triple dot slash - '.../...//'
Major None
Minor Observed_Example
36 Absolute Path Traversal
Major Type
Minor None
37 Path Issue - slash absolute path - /absolute/pathname/here
Major None
Minor Observed_Example
38 Path Issue - backslash absolute path - \absolute\pathname\here
Major None
Minor Observed_Example
39 Path Issue - drive letter or Windows volume - 'C:dirname'
Major None
Minor Observed_Example
40 Path Issue - Windows UNC share - '\\UNC\share\name\'
Major None
Minor Observed_Example
42 Path Issue - trailing dot - 'filedir.'
Major None
Minor Observed_Example
43 Path Issue - multiple trailing dot - 'filedir....'
Major None
Minor Observed_Example
46 Path Issue - trailing space - 'filedir '
Major None
Minor Observed_Example
48 Path Issue - internal space - file(SPACE)name
Major None
Minor Observed_Example
49 Path Issue - trailing slash - filedir/
Major None
Minor Observed_Example
50 Path Issue - multiple leading slash - //multiple/leading/slash
Major None
Minor Observed_Example
51 Path Issue - multiple internal slash - /multiple//internal/slash
Major None
Minor Observed_Example
52 Path Issue - multiple trailing slash - /multiple/trailing/slash//
Major None
Minor Observed_Example
54 Path Issue - trailing backslash - (filedir\)
Major None
Minor Observed_Example
55 Path Issue - single dot directory - /./
Major None
Minor Observed_Example
56 Path Issue - asterisk wildcard - filedir*
Major Name
Minor Observed_Example
57 Path Issue - dirname/fakechild/../realchild/filename
Major None
Minor Observed_Example
58 Path Issue - Windows 8.3 Filename
Major References
Minor Observed_Example
59 Link Following
Major Type
Minor None
61 UNIX symbolic link (symlink) following
Major References
Minor Observed_Example
62 UNIX hard link
Major None
Minor Observed_Example
64 Windows Shortcut Following (.LNK)
Major None
Minor Observed_Example
65 Windows hard link
Major None
Minor Observed_Example
66 Virtual Files
Major Type
Minor None
67 Windows MS-DOS device names
Major References
Minor Observed_Example
69 Windows ::DATA alternate data stream
Major References
Minor None
72 Apple HFS+ alternate data stream
Major None
Minor Observed_Example
73 Path Manipulation
Major Type
Minor None
74 Injection
Major Node_Relationship
Minor None
76 Equivalent Special Element Injection
Major Type
Minor None
77 Command Injection
Major References, Node_Relationship
Minor None
78 OS Command Injection
Major References
Minor Observed_Example
79 Cross-site scripting (XSS)
Major Type, References, Applicable_Platforms
Minor None
80 Basic XSS
Major None
Minor Observed_Example
81 XSS in error pages
Major None
Minor Observed_Example
82 Script in IMG tags
Major None
Minor Observed_Example
83 XSS using Script in Attributes
Major None
Minor Observed_Example
84 XSS using Script Via Encoded URI Schemes
Major None
Minor Observed_Example
85 Doubled character XSS manipulations, e.g. '<<script'
Major None
Minor Observed_Example
86 Invalid Characters in Identifiers
Major None
Minor Observed_Example
88 Argument Injection or Modification
Major References, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
89 SQL injection
Major References, Demonstrative_Example
Minor Observed_Example
90 LDAP injection
Major References
Minor None
91 XML injection (aka Blind Xpath injection)
Major References
Minor None
92 Custom Special Character Injection
Major None
Minor Observed_Example
93 CRLF Injection
Major References, Node_Relationship
Minor Observed_Example
94 Code Injection
Major Node_Relationship
Minor None
95 Direct Dynamic Code Evaluation ('Eval Injection')
Major Description, Context_Notes, Demonstrative_Example, Observed_Example, Applicable_Platforms, Potential_Mitigations
Minor None
96 Direct Static Code Injection
Major Type
Minor Observed_Example
98 PHP File Inclusion
Major References
Minor Observed_Example
99 Resource Injection
Major Node_Relationship
Minor None
100 Technology-Specific Input Validation Problems
Major Node_Relationship
Minor None
101 STRUTS Validation Problems
Major Node_Relationship
Minor None
102 Struts: Duplicate Validation Forms
Major Context_Notes, Demonstrative_Example
Minor None
111 Unsafe JNI
Major Description, References
Minor None
113 HTTP Response Splitting
Major Description, Context_Notes, Observed_Example, Source_Taxonomy, CVEs_Mentioned, Node_Relationship
Minor None
115 Misinterpretation Error
Major None
Minor Observed_Example
117 Log Forging
Major References
Minor None
119 Buffer Errors
Major Context_Notes
Minor None
120 Unbounded Transfer ('classic buffer overflow')
Major Name, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
122 Heap overflow
Major Demonstrative_Example, Node_Relationship
Minor None
123 Write-what-where condition
Major Node_Relationship
Minor None
124 Boundary beginning violation ('buffer underwrite')
Major References, Node_Relationship
Minor Observed_Example
125 Out-of-bounds Read
Major None
Minor Observed_Example
128 Wrap-around error
Major Node_Relationship
Minor None
129 Unchecked array indexing
Major Node_Relationship
Minor Observed_Example
130 Length Parameter Inconsistency
Major None
Minor Observed_Example
131 Other length calculation error
Major Description
Minor Observed_Example
132 Miscalculated null termination
Major Node_Relationship
Minor None
134 Format string vulnerability
Major References, Node_Relationship
Minor Observed_Example
139 General Special Element Problems
Major Functional_Area
Minor None
141 Parameter Delimiter
Major Description
Minor Observed_Example
142 Value Delimiter
Major Description
Minor Observed_Example
143 Record Delimiter
Major Description
Minor Observed_Example
144 Line Delimiter
Major Description
Minor None
145 Section Delimiter
Major Description
Minor None
146 Delimiter between Expressions or Commands
Major Description
Minor None
147 Input Terminator
Major None
Minor Observed_Example
149 Quoting Element
Major None
Minor Observed_Example
150 Escape, Meta, or Control Character / Sequence
Major Description
Minor Observed_Example
151 Comment Element
Major Description
Minor Observed_Example
152 Macro Symbol
Major Description
Minor Observed_Example
153 Substitution Character
Major Description, Potential_Mitigations
Minor Observed_Example
154 Variable Name Delimiter
Major Description
Minor Observed_Example
155 Wildcard or Matching Element
Major Description
Minor Observed_Example
156 Whitespace
Major Description
Minor Observed_Example
157 Grouping Element / Paired Delimiter
Major None
Minor Observed_Example
158 Null Character / Null Byte
Major Description
Minor Observed_Example
160 Leading Special Element
Major Type, Description
Minor None
161 Multiple Leading Special Elements
Major Description
Minor None
162 Trailing Special Element
Major Type, Description
Minor None
163 Multiple Trailing Special Elements
Major Description
Minor None
164 Internal Special Element
Major Type, Description
Minor None
165 Multiple Internal Special Elements
Major Name, Description
Minor None
167 Extra Special Element
Major None
Minor Observed_Example
170 Improper Null Termination
Major None
Minor Observed_Example
171 Cleansing, Canonicalization, and Comparison Errors
Major References
Minor None
174 Double Encoding
Major None
Minor Observed_Example
176 Unicode Encoding
Major None
Minor Observed_Example
177 URL Encoding (Hex Encoding)
Major None
Minor Observed_Example
178 Case Sensitivity (lowercase, uppercase, mixed case)
Major None
Minor Observed_Example
180 Validate-Before-Canonicalize
Major None
Minor Observed_Example
181 Validate-Before-Filter
Major None
Minor Observed_Example
182 Collapse of Data into Unsafe Value
Major None
Minor Observed_Example
183 Permissive Whitelist
Major Node_Relationship
Minor None
184 Incomplete Blacklist
Major References, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
185 Regular Expression Error
Major Node_Relationship
Minor Observed_Example
186 Overly Restrictive Regular Expression
Major None
Minor Observed_Example
187 Partial Comparison
Major Node_Relationship
Minor Observed_Example
190 Integer overflow (wrap or wraparound)
Major References, Node_Relationship
Minor Observed_Example
191 Integer underflow (wrap or wraparound)
Major None
Minor Observed_Example
193 Off-by-one Error
Major References
Minor Observed_Example
195 Signed to unsigned conversion error
Major None
Minor Common_Consequences
200 Information Leak (information disclosure)
Major Node_Relationship
Minor None
204 Response Discrepancy Information Leak
Major None
Minor Observed_Example
206 Internal Behavioral Inconsistency Information Leak
Major None
Minor Observed_Example
207 External Behavioral Inconsistency Information Leak
Major None
Minor Observed_Example
208 Timing Discrepancy Information Leak
Major Type, Context_Notes
Minor Observed_Example
209 Error Message Information Leaks
Major Type, Applicable_Platforms
Minor None
210 Product-Generated Error Message Information Leak
Major None
Minor Observed_Example
211 Product-External Error Message Information Leak
Major None
Minor Observed_Example
212 Cross-Boundary Cleansing Information Leak
Major None
Minor Observed_Example
213 Intended Information Leak
Major Type
Minor Observed_Example
214 Process Information Leak to Other Processes
Major Type
Minor Observed_Example
215 Information Leak Through Debug Information
Major Type
Minor Observed_Example
219 Sensitive Data Under Web Root
Major None
Minor Observed_Example
222 Truncation of Security-relevant Information
Major None
Minor Observed_Example
223 Omission of Security-relevant Information
Major None
Minor Observed_Example
224 Obscured Security-relevant Information by Alternate Name
Major References
Minor Observed_Example
226 Sensitive Information Uncleared Before Use
Major None
Minor Observed_Example
227 API Abuse
Major Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
230 Missing Value Error
Major None
Minor Observed_Example
232 Undefined Value Error
Major Applicable_Platforms
Minor None
234 Missing Parameter Error
Major None
Minor Observed_Example
235 Extra Parameter Error
Major None
Minor Observed_Example
236 Undefined Parameter Error
Major Applicable_Platforms
Minor Observed_Example
238 Missing Element Error
Major Description
Minor None
239 Incomplete Element
Major None
Minor Observed_Example
254 Security Features
Major Node_Relationship
Minor None
255 Credentials Management
Major Node_Relationship
Minor None
256 Plaintext Storage
Major References
Minor None
257 Storing Passwords in a Recoverable Format
Major None
Minor Name
258 Empty Password in Configuration File
Major References
Minor None
260 Password in Configuration File
Major References
Minor None
261 Weak Cryptography for Passwords
Major References
Minor None
263 Allowing unchecked password aging
Major Name
Minor None
265 Privilege / sandbox Issues
Major Node_Relationship
Minor None
266 Incorrect Privilege Assignment
Major None
Minor Observed_Example
267 Unsafe Privilege
Major Node_Relationship
Minor Observed_Example
268 Privilege Chaining
Major None
Minor Observed_Example
269 Privilege Management Error
Major None
Minor Observed_Example
270 Privilege Context Switching Error
Major None
Minor Observed_Example
271 Privilege Dropping / Lowering Errors
Major None
Minor Observed_Example
274 Insufficient privileges
Major None
Minor Observed_Example
276 Insecure Default Permissions
Major None
Minor Observed_Example
277 Insecure inherited permissions
Major None
Minor Observed_Example
278 Insecure preserved inherited permissions
Major None
Minor Observed_Example
279 Insecure execution-assigned permissions
Major None
Minor Observed_Example
280 Fails poorly due to insufficient permissions
Major None
Minor Observed_Example
281 Permission preservation failure
Major None
Minor Observed_Example
282 Ownership Issues
Major None
Minor Observed_Example
283 Unverified Ownership
Major None
Minor Observed_Example
284 Access Control Issues
Major Type
Minor None
286 User Management Issues
Major Type
Minor None
287 Authentication Issues
Major Node_Relationship
Minor None
288 Authentication Bypass by Alternate Path/Channel
Major None
Minor Observed_Example
289 Authentication Bypass by Alternate Name
Major None
Minor Observed_Example
290 Authentication Bypass by Spoofing
Major Type, Node_Relationship
Minor None
295 Certificate Issues
Major References
Minor None
300 Man-in-the-middle (MITM)
Major References, Node_Relationship
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major None
Minor Observed_Example
303 Authentication Logic Error
Major None
Minor Observed_Example
304 Missing Critical Step in Authentication
Major None
Minor Observed_Example
305 Authentication Bypass by Primary Weakness
Major None
Minor Observed_Example
306 No Authentication for Critical Function
Major None
Minor Observed_Example
307 Multiple Failed Authentication Attempts not Prevented
Major None
Minor Observed_Example
311 Failure to encrypt data
Major Node_Relationship
Minor None
312 Plaintext Storage of Sensitive Information
Major Type
Minor None
313 Plaintext Storage in File or on Disk
Major None
Minor Observed_Example
314 Plaintext Storage in Registry
Major None
Minor Observed_Example
315 Plaintext Storage in Cookie
Major None
Minor Observed_Example
316 Plaintext Storage in Memory
Major None
Minor Observed_Example
317 Plaintext Storage in GUI
Major None
Minor Observed_Example
318 Plaintext Storage in Executable
Major None
Minor Observed_Example
319 Plaintext Transmission of Sensitive Information
Major None
Minor Observed_Example
320 Key Management Errors
Major None
Minor Observed_Example
326 Weak Encryption
Major None
Minor Observed_Example
327 Using a broken or risky cryptographic algorithm
Major None
Minor Demonstrative_Example
329 Not using a random IV with CBC mode
Major Description
Minor None
330 Randomness and Predictability
Major References
Minor None
331 Insufficient Entropy
Major References
Minor Observed_Example
334 Small Space of Random Values
Major None
Minor Observed_Example
341 Predictable from Observable State
Major None
Minor Observed_Example
343 Predictable Value Range from Previous Values
Major References
Minor None
344 Static Value in Unpredictable Context
Major None
Minor Observed_Example
346 Origin Validation Error
Major Node_Relationship
Minor Observed_Example
347 Improperly Verified Signature
Major None
Minor Observed_Example
348 Use of Less Trusted Source
Major None
Minor Observed_Example
350 Improperly Trusted Reverse DNS
Major None
Minor Observed_Example
351 Insufficient Type Distinction
Major None
Minor Observed_Example
352 Cross-Site Request Forgery (CSRF)
Major References, Alternate_Terms
Minor Observed_Example
356 Product UI does not warn user of unsafe actions
Major None
Minor Observed_Example
357 Insufficient UI warning of dangerous operations
Major Observed_Example, CVEs_Mentioned
Minor None
358 Improperly Implemented Security Check for Standard
Major None
Minor Observed_Example
359 Privacy Violation
Major References
Minor None
362 Race Conditions
Major Node_Relationship
Minor None
364 Signal handler race condition
Major None
Minor Observed_Example
367 Time-of-check Time-of-use race condition
Major Context_Notes
Minor Observed_Example
368 Context Switching Race Condition
Major None
Minor Observed_Example
373 State synchronization error
Major Common_Consequences
Minor None
385 Covert Timing Channel
Major Description, Source_Taxonomy, Node_Relationship
Minor None
387 Signal Errors
Major None
Minor Observed_Example
388 Error Handling
Major Node_Relationship
Minor Common_Consequences
392 Missing Error Status Code
Major None
Minor Observed_Example
393 Wrong Status Code
Major None
Minor Observed_Example
394 Unexpected Status Code or Return Value
Major Context_Notes
Minor Observed_Example
398 Code Quality
Major Node_Relationship
Minor None
400 Resource exhaustion (file descriptor, disk space, sockets, ...)
Major None
Minor Common_Consequences
401 Memory leak
Major References, Context_Notes
Minor Observed_Example
402 Resource leaks
Major Node_Relationship
Minor None
403 UNIX file descriptor leak
Major None
Minor Observed_Example
406 Network Amplification
Major None
Minor Observed_Example
407 Algorithmic Complexity
Major References
Minor Observed_Example
410 Insufficient Resource Pool
Major None
Minor Observed_Example
412 Unrestricted Critical Resource Lock
Major None
Minor Observed_Example
414 Missing Lock Check
Major None
Minor Observed_Example
415 Double Free
Major None
Minor Observed_Example
416 Use After Free
Major Context_Notes, Observed_Example, Alternate_Terms, CVEs_Mentioned
Minor None
420 Unprotected Alternate Channel
Major Type, Node_Relationship
Minor Observed_Example
421 Alternate Channel Race Condition
Major Description, Potential_Mitigations
Minor Observed_Example
422 Unprotected Windows Messaging Channel ('Shatter')
Major References
Minor Observed_Example
425 Direct Request aka 'Forced Browsing'
Major None
Minor Observed_Example
426 Untrusted Search Path
Major Type
Minor Observed_Example
427 Uncontrolled Search Path Element
Major None
Minor Observed_Example
428 Unquoted Search Path or Element
Major None
Minor Observed_Example
429 Handler Errors
Major Node_Relationship
Minor None
430 Improper Handler Deployment
Major None
Minor Observed_Example
433 Unparsed Raw Web Content Delivery
Major None
Minor Observed_Example
434 Unrestricted File Upload
Major References, Context_Notes, Research_Gaps, Observed_Example, CVEs_Mentioned
Minor None
436 Multiple Interpretation Error (MIE)
Major Type, References, Node_Relationship
Minor Observed_Example
439 Behavioral Change
Major None
Minor Observed_Example
440 Expected behavior violation
Major None
Minor Observed_Example
441 Unintended proxy/intermediary
Major None
Minor Observed_Example
442 Web problems
Major Node_Relationship
Minor None
443 DEPRECATED (Duplicate): HTTP response splitting
Major Name, Description, Context_Notes, Observed_Example, Source_Taxonomy, Applicable_Platforms, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
444 HTTP Request Smuggling
Major Description, References
Minor Observed_Example
446 User interface inconsistency
Major None
Minor Observed_Example
447 Unimplemented or unsupported feature in UI
Major Description, Context_Notes
Minor Observed_Example
449 The UI performs the wrong action
Major None
Minor Observed_Example
451 UI Misrepresentation of Critical Information
Major Context_Notes, Node_Relationship
Minor Observed_Example
454 External initialization of trusted variables or values
Major None
Minor Observed_Example
455 Non-exit on Failed Initialization
Major None
Minor Observed_Example
456 Missing Initialization
Major None
Minor Observed_Example
457 Uninitialized variable
Major None
Minor Common_Consequences
458 Incorrect initialization
Major None
Minor Observed_Example
459 Incomplete Cleanup
Major None
Minor Observed_Example
471 Modification of Assumed-Immutable Data
Major Node_Relationship
Minor Observed_Example
472 Web Parameter Tampering
Major Context_Notes, Node_Relationship
Minor Observed_Example
473 PHP External Variable Modification
Major Node_Relationship
Minor Observed_Example
476 Null Pointer Dereference
Major Name, Context_Notes, Demonstrative_Example, Weakness_Ordinality, Potential_Mitigations, Common_Consequences, Node_Relationship
Minor None
484 Omitted break statement
Major Potential_Mitigations
Minor None
489 Leftover Debug Code
Major Demonstrative_Example
Minor Common_Consequences
514 Covert Channel
Major Node_Relationship
Minor None
515 Covert Storage Channel
Major Node_Relationship
Minor None
516 DEPRECATED (Duplicate): Covert Timing Channel
Major Name, Description, Source_Taxonomy, Node_Relationship
Minor None
522 Insufficiently Protected Credentials
Major Node_Relationship
Minor None
538 File and Directory Information Leaks
Major Type, Node_Relationship
Minor None
540 Information Leak Through Source Code
Major Node_Relationship
Minor None
546 Suspicious Comment
Major Name
Minor None
554 ASP.NET Misconfiguration: Input Validation
Major Context_Notes
Minor None
556 ASP.NET Misconfiguration: Identity Impersonation
Major Name
Minor None
559 Often Misused: Arguments and Parameters
Major Node_Relationship
Minor None
565 Use of Cookies
Major Description, Context_Notes
Minor None
581 Object Model Violation: Just One of Equals and Haschode Defined
Major None
Minor Common_Consequences
587 Assignment of a Fixed Address to a Pointer
Major Demonstrative_Example
Minor None
591 Memory Locking
Major None
Minor Common_Consequences
592 Authentication Bypass Issues
Major Node_Relationship
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Demonstrative_Example
Minor Common_Consequences
594 Persistence in J2EE Frameworks
Major None
Minor Common_Consequences
599 No OpenSSL Certificate Check Performed before this Use
Major Demonstrative_Example
Minor Common_Consequences
Back to top
Page Last Updated: January 05, 2017
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.