CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > Reports > Differences between Draft 6 and Draft 7  
ID

Differences between Draft 6 and Draft 7
Differences between Draft 6 and Draft 7

Summary
Summary
Total new 7
Total deprecated 1
Total shared 627
Total important changes 199
Total major changes 464
Total minor changes 270
Total minor changes (no major) 44
Total unchanged 119
Attribute Change Summary
Attribute Change Summary

"Minor" changes are text changes that only affect capitalization, punctuation, and whitespace. All other changes are marked as "Major."

Attribute Major Minor
AffectedResource 50 0
Alternate_Terms 6 0
Applicable_Platforms 348 0
CVEs_Mentioned 2 0
Causal_Nature 0 0
Common_Consequences 8 92
Common_Methods_of_Exploitation 0 0
Context_Notes 43 23
Demonstrative_Example 12 2
Description 117 9
Enabling_Factors_for_Exploitation 0 0
Functional_Area 0 0
Likelihood_of_Exploit 0 0
Name 17 161
Node_Relationship 107 0
Observed_Example 7 2
Potential_Mitigations 15 0
References 7 0
Research_Gaps 6 4
Source_Taxonomy 0 0
Time_of_Introduction 0 0
Type 0 0
Weakness_Ordinality 4 78

Nodes Removed from Draft 6

CWE-ID CWE Name
None.

Nodes Added to Draft 7

CWE-ID CWE Name
629 Weaknesses in OWASP Top Ten
630 Weaknesses Examined by SAMATE
631 Resource-specific Weaknesses
632 Weaknesses that Affect Files or Directories
633 Weaknesses that Affect Memory
634 Weaknesses that Affect System Processes
635 Weaknesses Used by NVD

Nodes Deprecated in Draft 7

CWE-ID CWE Name
225 DEPRECATED (Duplicate): General Information Management Problems
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 1 Location
D 2 Environment
D 3 Technology-specific Environment Issues
DN 8 J2EE Misconfiguration: Entity Bean Declared Remote
R 14 Insecure Compiler Optimization
D R 16 Configuration
D 17 Code
D 18 Source Code
D 19 Data Handling
DNR 20 Insufficient Input Validation
D R 22 Path Traversal
R 41 Path Equivalence
D 56 Path Issue - Asterisk Wildcard - filedir*
R 59 Link Following
D 60 UNIX Path Link Problems
D 63 Windows Path Link Problems
R 67 Windows MS-DOS Device Names
D 68 Windows Virtual File Problems
R 69 Windows ::DATA Alternate Data Stream
D R 70 Mac Virtual File Problems
R 77 Command Injection
R 78 OS Command Injection
D R 79 Cross-site Scripting (XSS)
R 80 Basic XSS
DN 85 Doubled Character XSS Manipulations
R 88 Argument Injection or Modification
R 89 SQL Injection
R 90 LDAP Injection
R 91 XML Injection (aka Blind XPath Injection)
R 93 CRLF Injection
D R 94 Code Injection
R 95 Direct Dynamic Code Evaluation ('Eval Injection')
R 96 Direct Static Code Injection
R 98 PHP File Inclusion
R 99 Resource Injection
D 100 Technology-Specific Input Validation Problems
D 101 Struts Validation Problems
D 102 Struts: Duplicate Validation Forms
DN 103 Struts: Incomplete validate() Method Definition
D 104 Struts: Form Bean Does Not Extend Validation Class
D 105 Struts: Form Field Without Validator
D 106 Struts: Plug-in Framework not in Use
D 109 Struts: Validator Turned Off
D 111 Unsafe JNI
R 114 Process Control
D 116 Output Validation
D 118 Range Errors
D R 119 Buffer Errors
R 120 Unbounded Transfer ('Classic Buffer Overflow')
DNR 121 Stack-based Buffer Overflow
NR 122 Heap-based Buffer Overflow
R 123 Write-what-where Condition
D 124 Boundary Beginning Violation ('Buffer Underwrite')
R 129 Unchecked Array Indexing
D 133 String Errors
NR 134 Uncontrolled Format String
D 136 Type Errors
D 137 Representation Errors
D 138 Special Elements (Characters or Reserved Words)
D 139 General Special Element Problems
D 140 Delimiter Problems
D 148 Input Leader
D 154 Variable Name Delimiter
D 159 Common Special Element Manipulations
D 169 Technology-Specific Special Elements
R 170 Improper Null Termination
D 171 Cleansing, Canonicalization, and Comparison Errors
D 172 Encoding Error
R 178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
D R 189 Numeric Errors
D R 190 Integer Overflow (Wrap or Wraparound)
D 198 Numeric Byte Ordering Error
D R 199 Information Management Errors
D R 200 Information Leak (Information Disclosure)
D 213 Intended Information Leak
R 214 Process Information Leak to Other Processes
D 215 Information Leak Through Debug Information
D 219 Sensitive Data Under Web Root
D 220 Sensitive Data Under FTP Root
DNR 225 DEPRECATED (Duplicate): General Information Management Problems
R 226 Sensitive Information Uncleared Before Use
D 228 Structure and Validity Problems
D 229 Value Problems
D 233 Parameter Problems
D 237 Element Problems
R 243 Directory Restriction
R 244 Heap Inspection
R 249 Often Misused: Path Manipulation
R 251 Often Misused: String Management
D R 255 Credentials Management
R 259 Hard-Coded Password
R 260 Password in Configuration File
D R 264 Permissions, Privileges, and Access Controls
R 266 Incorrect Privilege Assignment
D 267 Unsafe Privilege
R 273 Failure to Check Whether Privileges Were Dropped Successfully
D R 275 Permission Issues
DNR 280 Failure to Handle Insufficient Permissions or Privileges
R 282 Ownership Issues
D R 284 Access Control Issues
R 285 Missing or Inconsistent Access Control
R 287 Authentication Issues
R 288 Authentication Bypass by Alternate Path/Channel
D 290 Authentication Bypass by Spoofing
DN 293 Using Referer Field for Authentication
N 294 Authentication Bypass by Capture-replay
D 295 Certificate Issues
R 301 Reflection Attack in an Authentication Protocol
D R 310 Cryptographic Issues
R 311 Failure to Encrypt Data
D 312 Plaintext Storage of Sensitive Information
R 316 Plaintext Storage in Memory
D 320 Key Management Errors
R 321 Use of Hard-coded Cryptographic Key
R 325 Missing Required Cryptographic Step
R 326 Weak Encryption
D 340 Predictability Problems
R 352 Cross-Site Request Forgery (CSRF)
D R 362 Race Conditions
D 363 Race Condition Enabling Link Following
R 364 Signal Handler Race Condition
R 366 Race Condition within a Thread
R 367 Time-of-check Time-of-use Race Condition
D 371 State Issues
D R 376 Temporary File Issues
D 380 Technology-Specific Time and State Issues
D 381 J2EE Time and State Issues
R 383 J2EE Bad Practices: Threads
R 387 Signal Errors
R 391 Unchecked Error Condition
D 398 Code Quality
D R 399 Resource Management Errors
N 400 Resource Exhaustion
R 401 Memory Leak
D 402 Resource Leaks
R 403 UNIX File Descriptor Leak
D 411 Resource Locking Problems
R 412 Unrestricted Critical Resource Lock
R 415 Double Free
R 416 Use After Free
D 417 Channel and Path Errors
D 418 Channel Errors
R 421 Alternate Channel Race Condition
R 422 Unprotected Windows Messaging Channel ('Shatter')
D 424 Alternate Path Errors
NR 425 Direct Request ('Forced Browsing')
R 426 Untrusted Search Path
D 429 Handler Errors
D 432 Dangerous Handler not Cleared/Disabled During Sensitive Operations
R 434 Unrestricted File Upload
D 438 Behavioral Problems
D 442 Web Problems
D R 445 User Interface Quality Errors
DNR 446 User Interface Discrepancy for Security Feature
R 449 The UI Performs the Wrong Action
D 452 Initialization and Cleanup Errors
R 457 Uninitialized Variable
D 461 Data Structure Issues
D 463 Deletion of Data-structure Sentinel
D 464 Addition of Data-structure Sentinel
D 465 Pointer Issues
D R 466 Illegal Pointer Value
D R 467 Use of sizeof() on a Pointer Type
R 468 Unintentional Pointer Scaling
D R 469 Improper Pointer Subtraction
R 470 Unsafe Reflection
N 471 Modification of Assumed-Immutable Data (MAID)
R 472 Web Parameter Tampering
D R 473 PHP External Variable Modification
D R 476 NULL Pointer Dereference
R 479 Unsafe Function Call from a Signal Handler
D 480 Using the Wrong Operator
R 489 Leftover Debug Code
D 490 Mobile Code Issues
R 495 Private Array-Typed Field Returned From A Public Method
D R 496 Public Data Assigned to Private Array-Typed Field
D 503 Byte/Object Code
D 504 Motivation/Intent
D 508 Non-Replicating
D 509 Replicating (virus)
D 512 Spyware
D 513 Nonmalicious
D 514 Covert Channel
D 515 Covert Storage Channel
R 522 Insufficiently Protected Credentials
R 533 Information Leak Through Server Log Files
D 538 File and Directory Information Leaks
D 548 Information Leak Through Directory Listing
R 552 Errant Files or Directories Accessible
D 553 Possible Command Shell (csh)
N 558 Misused Authentication: getlogin()
D 559 Often Misused: Arguments and Parameters
D 569 Expression Issues
R 572 Call to Thread.run()
R 590 Improperly Freeing Heap Memory
R 591 Memory Locking
D 592 Authentication Bypass Issues
N 599 No OpenSSL Certificate Check Performed before Use
R 604 Deprecated
Detailed Difference Report
Detailed Difference Report
1 Location
Major Description
Minor None
2 Environment
Major Description
Minor None
3 Technology-specific Environment Issues
Major Description
Minor None
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Name, Description, Context_Notes, Potential_Mitigations
Minor None
14 Insecure Compiler Optimization
Major AffectedResource, Node_Relationship
Minor None
16 Configuration
Major Description, Node_Relationship
Minor None
17 Code
Major Description
Minor None
18 Source Code
Major Description
Minor None
19 Data Handling
Major Description
Minor None
20 Insufficient Input Validation
Major Name, Description, Node_Relationship
Minor None
21 Pathname Traversal and Equivalence Errors
Major Applicable_Platforms
Minor Description
22 Path Traversal
Major Description, Context_Notes, AffectedResource, Applicable_Platforms, Potential_Mitigations, Node_Relationship
Minor Weakness_Ordinality
23 Relative Path Traversal
Major Applicable_Platforms
Minor None
24 Path Issue - Dot Dot Slash - '../filedir'
Major Applicable_Platforms
Minor Name
25 Path Issue - Leading Dot Dot Slash - '/../filedir'
Major Applicable_Platforms
Minor Name
26 Path Issue - Leading Directory Dot Dot Slash - '/directory/../filename'
Major Applicable_Platforms
Minor Name
27 Path Issue - Directory Doubled Dot Dot Slash - 'directory/../../filename'
Major Applicable_Platforms
Minor Name
28 Path Issue - Dot Dot Backslash - '..\filename'
Major Applicable_Platforms
Minor Name
29 Path Issue - Leading Dot Dot Backslash - '\..\filename'
Major Applicable_Platforms
Minor Name
30 Path Issue - Leading Directory Dot Dot Backslash - '\directory\..\filename'
Major Applicable_Platforms
Minor Name
31 Path Issue - Directory Doubled Dot Dot Backslash - 'directory\..\..\filename'
Major Applicable_Platforms
Minor Name
32 Path Issue - Triple Dot - '...'
Major Applicable_Platforms
Minor Name
33 Path Issue - Multiple Dot - '....'
Major Applicable_Platforms
Minor Name
34 Path Issue - Doubled Dot Dot Slash - '....//'
Major Applicable_Platforms
Minor Name
35 Path Issue - Doubled Triple Dot Slash - '.../...//'
Major Applicable_Platforms
Minor Name
36 Absolute Path Traversal
Major Applicable_Platforms
Minor None
37 Path Issue - Slash Absolute Path - /absolute/pathname/here
Major Applicable_Platforms
Minor Name
38 Path Issue - Backslash Absolute Path - \absolute\pathname\here
Major Applicable_Platforms
Minor Name
39 Path Issue - Drive Letter or Windows Volume - 'C:dirname'
Major Applicable_Platforms
Minor Name
40 Path Issue - Windows UNC Share - '\\UNC\share\name\'
Major Applicable_Platforms
Minor Name
41 Path Equivalence
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
42 Path Issue - Trailing Dot - 'filedir.'
Major Applicable_Platforms
Minor Name
43 Path Issue - Multiple Trailing Dot - 'filedir....'
Major Applicable_Platforms
Minor Name
44 Path Issue - Internal Dot - 'file.ordir'
Major Applicable_Platforms
Minor Name, Context_Notes
45 Path Issue - Multiple Internal Dot - 'file...dir'
Major Applicable_Platforms
Minor Name, Context_Notes
46 Path Issue - Trailing Space - 'filedir '
Major Applicable_Platforms
Minor Name
47 Path Issue - Leading Space - ' filedir'
Major Applicable_Platforms
Minor Name
48 Path Issue - Internal Space - file(SPACE)name
Major Applicable_Platforms
Minor Name, Context_Notes
49 Path Issue - Trailing Slash - filedir/
Major Applicable_Platforms
Minor Name
50 Path Issue - Multiple Leading Slash - //multiple/leading/slash
Major Applicable_Platforms
Minor Name
51 Path Issue - Multiple Internal Slash - /multiple//internal/slash
Major Applicable_Platforms
Minor Name
52 Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//
Major Applicable_Platforms
Minor Name
53 Path Issue - Multiple Internal Backslash - \multiple\\internal\backslash
Major Applicable_Platforms
Minor Name
54 Path Issue - Trailing Backslash - (filedir\)
Major Applicable_Platforms
Minor Name
55 Path Issue - Single Dot Directory - /./
Major Applicable_Platforms
Minor Name
56 Path Issue - Asterisk Wildcard - filedir*
Major Description, Applicable_Platforms
Minor Name
57 Path Issue - dirname/fakechild/../realchild/filename
Major Applicable_Platforms
Minor None
58 Path Issue - Windows 8.3 Filename
Major Applicable_Platforms
Minor None
59 Link Following
Major Context_Notes, Alternate_Terms, AffectedResource, Applicable_Platforms, Node_Relationship
Minor Description, Weakness_Ordinality
60 UNIX Path Link Problems
Major Description, Applicable_Platforms
Minor Name
61 UNIX Symbolic Link (Symlink) Following
Major Applicable_Platforms
Minor Name, Weakness_Ordinality
62 UNIX Hard Link
Major Applicable_Platforms
Minor Name, Weakness_Ordinality
63 Windows Path Link Problems
Major Description, Applicable_Platforms
Minor Name
64 Windows Shortcut Following (.LNK)
Major Applicable_Platforms
Minor Weakness_Ordinality
65 Windows Hard Link
Major Applicable_Platforms
Minor Name
66 Virtual Files
Major Applicable_Platforms
Minor None
67 Windows MS-DOS Device Names
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Name, Weakness_Ordinality
68 Windows Virtual File Problems
Major Description, Applicable_Platforms
Minor Name
69 Windows ::DATA Alternate Data Stream
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Name
70 Mac Virtual File Problems
Major Description, AffectedResource, Applicable_Platforms, Node_Relationship
Minor Name
71 Apple '.DS_Store'
Major Applicable_Platforms
Minor None
72 Apple HFS+ Alternate Data Stream
Major Applicable_Platforms
Minor Name
73 Path Manipulation
Major Applicable_Platforms
Minor Weakness_Ordinality
74 Injection
Major Applicable_Platforms
Minor Weakness_Ordinality, Common_Consequences
75 Special Element Injection
Major Applicable_Platforms
Minor None
76 Equivalent Special Element Injection
Major Applicable_Platforms
Minor Description, Weakness_Ordinality
77 Command Injection
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality, Common_Consequences
78 OS Command Injection
Major Observed_Example, AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
79 Cross-site Scripting (XSS)
Major Description, References, Context_Notes, Alternate_Terms, Applicable_Platforms, Potential_Mitigations, Common_Consequences, Node_Relationship
Minor Name, Weakness_Ordinality
80 Basic XSS
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
81 XSS in Error Pages
Major Applicable_Platforms
Minor Name, Description, Weakness_Ordinality
82 Script in IMG Tags
Major Applicable_Platforms
Minor Name
83 XSS using Script in Attributes
Major Applicable_Platforms
Minor Weakness_Ordinality
84 XSS using Script Via Encoded URI Schemes
Major Applicable_Platforms
Minor Weakness_Ordinality
85 Doubled Character XSS Manipulations
Major Name, Description, Applicable_Platforms
Minor Weakness_Ordinality
86 Invalid Characters in Identifiers
Major Applicable_Platforms
Minor None
87 Alternate XSS Syntax
Major Applicable_Platforms
Minor Name
88 Argument Injection or Modification
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Context_Notes, Weakness_Ordinality
89 SQL Injection
Major Demonstrative_Example, Applicable_Platforms, Node_Relationship
Minor Name, Common_Consequences
90 LDAP Injection
Major Applicable_Platforms, Node_Relationship
Minor Name
91 XML Injection (aka Blind XPath Injection)
Major References, Context_Notes, Applicable_Platforms, Node_Relationship
Minor Name
92 Custom Special Character Injection
Major Applicable_Platforms
Minor Weakness_Ordinality
93 CRLF Injection
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
94 Code Injection
Major Description, Applicable_Platforms, Node_Relationship
Minor Research_Gaps
95 Direct Dynamic Code Evaluation ('Eval Injection')
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
96 Direct Static Code Injection
Major Context_Notes, AffectedResource, Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
97 Server-Side Includes (SSI) Injection
Major Applicable_Platforms
Minor None
98 PHP File Inclusion
Major Research_Gaps, Alternate_Terms, AffectedResource, Node_Relationship
Minor Context_Notes
99 Resource Injection
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
100 Technology-Specific Input Validation Problems
Major Description
Minor None
101 Struts Validation Problems
Major Description
Minor Name
102 Struts: Duplicate Validation Forms
Major Description, Context_Notes, Demonstrative_Example
Minor Weakness_Ordinality
103 Struts: Incomplete validate() Method Definition
Major Name, Description, Context_Notes
Minor Weakness_Ordinality
104 Struts: Form Bean Does Not Extend Validation Class
Major Description, Context_Notes
Minor Weakness_Ordinality
105 Struts: Form Field Without Validator
Major Description, Context_Notes, Potential_Mitigations
Minor Weakness_Ordinality
106 Struts: Plug-in Framework not in Use
Major Description, Context_Notes, Weakness_Ordinality
Minor Name
107 Struts: Unused Validation Form
Major None
Minor Weakness_Ordinality
108 Struts: Unvalidated Action Form
Major None
Minor Weakness_Ordinality
109 Struts: Validator Turned Off
Major Description, Context_Notes, Potential_Mitigations
Minor Weakness_Ordinality
110 Struts: Validator Without Form Field
Major None
Minor Weakness_Ordinality
111 Unsafe JNI
Major Description, Context_Notes
Minor Weakness_Ordinality
112 Missing XML Validation
Major Applicable_Platforms
Minor Weakness_Ordinality
113 HTTP Response Splitting
Major Applicable_Platforms
Minor None
114 Process Control
Major AffectedResource, Applicable_Platforms, Potential_Mitigations, Node_Relationship
Minor None
115 Misinterpretation Error
Major Research_Gaps, Applicable_Platforms
Minor None
116 Output Validation
Major Description, Applicable_Platforms
Minor None
117 Log Forging
Major Applicable_Platforms
Minor Weakness_Ordinality
118 Range Errors
Major Description, Applicable_Platforms
Minor None
119 Buffer Errors
Major Description, AffectedResource, Node_Relationship
Minor None
120 Unbounded Transfer ('Classic Buffer Overflow')
Major AffectedResource, Potential_Mitigations, Node_Relationship
Minor Name, Weakness_Ordinality, Common_Consequences
121 Stack-based Buffer Overflow
Major Name, Description, Context_Notes, Demonstrative_Example, Alternate_Terms, Node_Relationship
Minor Weakness_Ordinality, Common_Consequences
122 Heap-based Buffer Overflow
Major Name, Context_Notes, AffectedResource, Node_Relationship
Minor Weakness_Ordinality, Common_Consequences
123 Write-what-where Condition
Major Context_Notes, Potential_Mitigations, Common_Consequences, Node_Relationship
Minor Name, Weakness_Ordinality
124 Boundary Beginning Violation ('Buffer Underwrite')
Major Description, References, Context_Notes, Research_Gaps, Demonstrative_Example, Observed_Example, Alternate_Terms, CVEs_Mentioned, Common_Consequences
Minor Name, Weakness_Ordinality
125 Out-of-bounds Read
Major None
Minor Weakness_Ordinality
126 Buffer Over-read
Major None
Minor Name, Weakness_Ordinality
127 Buffer Under-read
Major None
Minor Name, Weakness_Ordinality
128 Wrap-around Error
Major Applicable_Platforms
Minor Name, Weakness_Ordinality, Common_Consequences
129 Unchecked Array Indexing
Major AffectedResource, Node_Relationship
Minor Name, Weakness_Ordinality, Common_Consequences
130 Length Parameter Inconsistency
Major Applicable_Platforms
Minor Weakness_Ordinality
131 Other Length Calculation Error
Major None
Minor Name
132 Miscalculated Null Termination
Major Demonstrative_Example
Minor Name, Weakness_Ordinality, Common_Consequences
133 String Errors
Major Description
Minor None
134 Uncontrolled Format String
Major Name, AffectedResource, Applicable_Platforms, Common_Consequences, Node_Relationship
Minor Weakness_Ordinality
135 Improper String Length Checking
Major None
Minor Name
136 Type Errors
Major Description
Minor None
137 Representation Errors
Major Description
Minor None
138 Special Elements (Characters or Reserved Words)
Major Description
Minor None
139 General Special Element Problems
Major Description, Applicable_Platforms
Minor None
140 Delimiter Problems
Major Description
Minor None
141 Parameter Delimiter
Major Applicable_Platforms
Minor None
142 Value Delimiter
Major Applicable_Platforms
Minor None
143 Record Delimiter
Major Applicable_Platforms
Minor None
144 Line Delimiter
Major Applicable_Platforms
Minor None
145 Section Delimiter
Major Applicable_Platforms
Minor None
146 Delimiter between Expressions or Commands
Major Applicable_Platforms
Minor None
147 Input Terminator
Major Applicable_Platforms
Minor None
148 Input Leader
Major Description
Minor None
150 Escape, Meta, or Control Character / Sequence
Major Applicable_Platforms, Potential_Mitigations
Minor None
151 Comment Element
Major Applicable_Platforms
Minor None
152 Macro Symbol
Major Applicable_Platforms
Minor None
153 Substitution Character
Major Applicable_Platforms
Minor None
154 Variable Name Delimiter
Major Description, Applicable_Platforms
Minor None
155 Wildcard or Matching Element
Major Applicable_Platforms
Minor None
156 Whitespace
Major Applicable_Platforms
Minor None
157 Grouping Element / Paired Delimiter
Major Applicable_Platforms
Minor None
158 Null Character / Null Byte
Major Applicable_Platforms
Minor Description
159 Common Special Element Manipulations
Major Description, Applicable_Platforms
Minor Context_Notes, Research_Gaps
160 Leading Special Element
Major Applicable_Platforms
Minor None
161 Multiple Leading Special Elements
Major Applicable_Platforms
Minor None
162 Trailing Special Element
Major Applicable_Platforms
Minor None
163 Multiple Trailing Special Elements
Major Applicable_Platforms
Minor None
164 Internal Special Element
Major Applicable_Platforms
Minor None
165 Multiple Internal Special Elements
Major Applicable_Platforms
Minor None
166 Missing Special Element
Major Applicable_Platforms
Minor None
167 Extra Special Element
Major Applicable_Platforms
Minor None
168 Inconsistent Special Elements
Major Applicable_Platforms
Minor None
169 Technology-Specific Special Elements
Major Description, Applicable_Platforms
Minor None
170 Improper Null Termination
Major Context_Notes, Node_Relationship
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major Description
Minor None
172 Encoding Error
Major Description
Minor None
178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
Major Research_Gaps, AffectedResource, Node_Relationship
Minor Name
184 Incomplete Blacklist
Major None
Minor Context_Notes
187 Partial Comparison
Major None
Minor Context_Notes
188 Reliance on Data Layout
Major None
Minor Name, Common_Consequences
189 Numeric Errors
Major Description, Node_Relationship
Minor None
190 Integer Overflow (Wrap or Wraparound)
Major Description, Node_Relationship
Minor Name, Common_Consequences
191 Integer Underflow (Wrap or Wraparound)
Major None
Minor Name
192 Integer Coercion Error
Major None
Minor Name, Common_Consequences
193 Off-by-one Error
Major References, Applicable_Platforms
Minor Common_Consequences
194 Sign Extension Error
Major None
Minor Name, Common_Consequences
195 Signed to Unsigned Conversion Error
Major None
Minor Name, Common_Consequences
196 Unsigned to Signed Conversion Error
Major None
Minor Name, Common_Consequences
197 Numeric Truncation Error
Major Context_Notes
Minor Name, Common_Consequences
198 Numeric Byte Ordering Error
Major Description, Applicable_Platforms
Minor None
199 Information Management Errors
Major Description, Applicable_Platforms, Node_Relationship
Minor None
200 Information Leak (Information Disclosure)
Major Description, Applicable_Platforms, Node_Relationship
Minor Name
201 Information Leak Through Sent Data
Major Applicable_Platforms
Minor None
202 Information Leak Through Data Queries
Major Applicable_Platforms
Minor Common_Consequences
203 Discrepancy Information Leaks
Major Applicable_Platforms
Minor None
204 Response Discrepancy Information Leak
Major Applicable_Platforms
Minor None
205 Behavioral Discrepancy Information Leak
Major Applicable_Platforms
Minor None
206 Internal Behavioral Inconsistency Information Leak
Major Applicable_Platforms
Minor None
207 External Behavioral Inconsistency Information Leak
Major Applicable_Platforms
Minor None
208 Timing Discrepancy Information Leak
Major Applicable_Platforms
Minor None
209 Error Message Information Leaks
Major Applicable_Platforms
Minor Common_Consequences
210 Product-Generated Error Message Information Leak
Major Applicable_Platforms
Minor None
211 Product-External Error Message Information Leak
Major Applicable_Platforms
Minor Description
212 Cross-Boundary Cleansing Information Leak
Major Applicable_Platforms
Minor None
213 Intended Information Leak
Major Description, Context_Notes, Applicable_Platforms, Potential_Mitigations
Minor None
214 Process Information Leak to Other Processes
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
215 Information Leak Through Debug Information
Major Description, Applicable_Platforms
Minor None
216 Containment Errors (Container Errors)
Major Applicable_Platforms
Minor Name, Context_Notes
217 Failure to Protect Stored Data from Modification
Major Applicable_Platforms
Minor Name
218 Failure to Provide Confidentiality for Stored Data
Major Applicable_Platforms
Minor Name, Common_Consequences
219 Sensitive Data Under Web Root
Major Description, Applicable_Platforms
Minor None
220 Sensitive Data Under FTP Root
Major Description, Applicable_Platforms
Minor None
221 Information Loss or Omission
Major Applicable_Platforms
Minor Name
222 Truncation of Security-relevant Information
Major Applicable_Platforms
Minor None
223 Omission of Security-relevant Information
Major Applicable_Platforms
Minor None
224 Obscured Security-relevant Information by Alternate Name
Major Applicable_Platforms
Minor None
225 DEPRECATED (Duplicate): General Information Management Problems
Major Name, Description, Node_Relationship
Minor None
226 Sensitive Information Uncleared Before Use
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
228 Structure and Validity Problems
Major Description
Minor None
229 Value Problems
Major Description
Minor None
230 Missing Value Error
Major Applicable_Platforms
Minor None
231 Extra Value Error
Major Applicable_Platforms
Minor None
233 Parameter Problems
Major Description
Minor None
234 Missing Parameter Error
Major Applicable_Platforms
Minor Common_Consequences
235 Extra Parameter Error
Major Applicable_Platforms
Minor None
237 Element Problems
Major Description
Minor None
238 Missing Element Error
Major Applicable_Platforms
Minor Weakness_Ordinality
239 Incomplete Element
Major Applicable_Platforms
Minor None
240 Inconsistent Elements
Major Applicable_Platforms
Minor Context_Notes
241 Wrong Data Type
Major Applicable_Platforms
Minor None
242 Dangerous Functions
Major None
Minor Weakness_Ordinality
243 Directory Restriction
Major AffectedResource, Node_Relationship
Minor Weakness_Ordinality
244 Heap Inspection
Major AffectedResource, Node_Relationship
Minor None
245 J2EE Bad Practices: getConnection()
Major None
Minor Weakness_Ordinality
246 J2EE Bad Practices: Sockets
Major Applicable_Platforms
Minor Weakness_Ordinality
247 Often Misused: Authentication
Major Applicable_Platforms
Minor None
249 Often Misused: Path Manipulation
Major AffectedResource, Node_Relationship
Minor None
250 Often Misused: Privilege Management
Major Applicable_Platforms
Minor None
251 Often Misused: String Management
Major AffectedResource, Node_Relationship
Minor None
252 Unchecked Return Value
Major Applicable_Platforms
Minor Demonstrative_Example, Common_Consequences
253 Misinterpreted Function Return Value
Major Applicable_Platforms
Minor Name, Common_Consequences
255 Credentials Management
Major Description, Applicable_Platforms, Node_Relationship
Minor None
256 Plaintext Storage
Major Applicable_Platforms
Minor Weakness_Ordinality
257 Storing Passwords in a Recoverable Format
Major Applicable_Platforms
Minor Weakness_Ordinality, Common_Consequences
258 Empty Password in Configuration File
Major Applicable_Platforms
Minor Weakness_Ordinality
259 Hard-Coded Password
Major Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality, Common_Consequences
260 Password in Configuration File
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
261 Weak Cryptography for Passwords
Major Applicable_Platforms
Minor None
262 Not Allowing Password Aging
Major Applicable_Platforms
Minor Name, Common_Consequences
263 Allowing Unchecked Password Aging
Major Applicable_Platforms
Minor Name, Common_Consequences
264 Permissions, Privileges, and Access Controls
Major Description, Applicable_Platforms, Node_Relationship
Minor None
265 Privilege / Sandbox Issues
Major None
Minor Name, Research_Gaps
266 Incorrect Privilege Assignment
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Weakness_Ordinality
267 Unsafe Privilege
Major Description, Applicable_Platforms
Minor None
268 Privilege Chaining
Major Applicable_Platforms
Minor Context_Notes, Weakness_Ordinality
269 Privilege Management Error
Major Applicable_Platforms
Minor Weakness_Ordinality
270 Privilege Context Switching Error
Major Applicable_Platforms
Minor None
271 Privilege Dropping / Lowering Errors
Major Applicable_Platforms
Minor Weakness_Ordinality
272 Least Privilege Violation
Major Applicable_Platforms
Minor Weakness_Ordinality, Common_Consequences
273 Failure to Check Whether Privileges Were Dropped Successfully
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Name, Weakness_Ordinality, Common_Consequences
274 Insufficient Privileges
Major Applicable_Platforms
Minor Name, Context_Notes, Weakness_Ordinality
275 Permission Issues
Major Description, AffectedResource, Node_Relationship
Minor None
276 Insecure Default Permissions
Major Applicable_Platforms
Minor Weakness_Ordinality
277 Insecure Inherited Permissions
Major Applicable_Platforms
Minor Name
278 Insecure Preserved Inherited Permissions
Major Applicable_Platforms
Minor Name
279 Insecure Execution-assigned Permissions
Major Applicable_Platforms
Minor Name
280 Failure to Handle Insufficient Permissions or Privileges
Major Name, Description, Context_Notes, Research_Gaps, Observed_Example, Applicable_Platforms, Potential_Mitigations, Node_Relationship
Minor None
281 Permission Preservation Failure
Major Applicable_Platforms
Minor Name
282 Ownership Issues
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
283 Unverified Ownership
Major Applicable_Platforms
Minor None
284 Access Control Issues
Major Description, Context_Notes, AffectedResource, Node_Relationship
Minor None
285 Missing or Inconsistent Access Control
Major Applicable_Platforms, Node_Relationship
Minor None
286 User Management Issues
Major Applicable_Platforms
Minor None
287 Authentication Issues
Major Applicable_Platforms, Node_Relationship
Minor None
288 Authentication Bypass by Alternate Path/Channel
Major Applicable_Platforms, Node_Relationship
Minor None
289 Authentication Bypass by Alternate Name
Major Applicable_Platforms
Minor None
290 Authentication Bypass by Spoofing
Major Description
Minor None
291 Trusting Self-reported IP Address
Major Applicable_Platforms
Minor Name, Weakness_Ordinality
292 Trusting Self-reported DNS Name
Major Applicable_Platforms
Minor Name, Common_Consequences
293 Using Referer Field for Authentication
Major Name, Description, Context_Notes, Applicable_Platforms
Minor Common_Consequences
294 Authentication Bypass by Capture-replay
Major Name, Context_Notes, Applicable_Platforms
Minor Common_Consequences
295 Certificate Issues
Major Description, Applicable_Platforms
Minor None
296 Failure to Follow Chain of Trust in Certificate Validation
Major Applicable_Platforms
Minor Name, Common_Consequences
297 Failure to Validate Host-specific Certificate Data
Major Applicable_Platforms
Minor Name, Common_Consequences
298 Failure to Validate Certificate Expiration
Major Applicable_Platforms
Minor Name, Common_Consequences
299 Failure to Check for Certificate Revocation
Major Applicable_Platforms
Minor Name, Common_Consequences
300 Man-in-the-middle (MITM)
Major Applicable_Platforms
Minor None
301 Reflection Attack in an Authentication Protocol
Major Applicable_Platforms, Node_Relationship
Minor Name, Common_Consequences
302 Authentication Bypass by Assumed-Immutable Data
Major Observed_Example, Applicable_Platforms
Minor None
303 Authentication Logic Error
Major Applicable_Platforms
Minor None
304 Missing Critical Step in Authentication
Major Applicable_Platforms
Minor None
305 Authentication Bypass by Primary Weakness
Major Applicable_Platforms
Minor Description
306 No Authentication for Critical Function
Major Applicable_Platforms
Minor None
307 Multiple Failed Authentication Attempts not Prevented
Major Applicable_Platforms
Minor None
308 Using Single-factor Authentication
Major Applicable_Platforms
Minor Name, Common_Consequences
309 Using Password Systems
Major Applicable_Platforms
Minor Name, Common_Consequences
310 Cryptographic Issues
Major Description, Applicable_Platforms, Node_Relationship
Minor None
311 Failure to Encrypt Data
Major Applicable_Platforms, Node_Relationship
Minor Name, Common_Consequences
312 Plaintext Storage of Sensitive Information
Major Description
Minor None
313 Plaintext Storage in File or on Disk
Major Applicable_Platforms
Minor None
314 Plaintext Storage in Registry
Major Applicable_Platforms
Minor None
315 Plaintext Storage in Cookie
Major Applicable_Platforms
Minor None
316 Plaintext Storage in Memory
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Context_Notes
317 Plaintext Storage in GUI
Major Applicable_Platforms
Minor None
318 Plaintext Storage in Executable
Major Applicable_Platforms
Minor None
319 Plaintext Transmission of Sensitive Information
Major Applicable_Platforms
Minor None
320 Key Management Errors
Major Description, Applicable_Platforms
Minor None
321 Use of Hard-coded Cryptographic Key
Major Applicable_Platforms, Node_Relationship
Minor Name, Demonstrative_Example, Common_Consequences
322 Key Exchange without Entity Authentication
Major Applicable_Platforms
Minor Name, Common_Consequences
323 Reusing a Nonce, Key Pair in Encryption
Major Demonstrative_Example, Applicable_Platforms
Minor Name, Common_Consequences
324 Using a Key Past its Expiration Date
Major Applicable_Platforms
Minor Name, Common_Consequences
325 Missing Required Cryptographic Step
Major Applicable_Platforms, Node_Relationship
Minor None
326 Weak Encryption
Major Applicable_Platforms, Node_Relationship
Minor None
327 Using a Broken or Risky Cryptographic Algorithm
Major Applicable_Platforms
Minor Name, Common_Consequences
328 Reversible One-Way Hash
Major Applicable_Platforms
Minor None
329 Not Using a Random IV with CBC Mode
Major Applicable_Platforms, Common_Consequences
Minor Name
330 Randomness and Predictability
Major Applicable_Platforms
Minor None
331 Insufficient Entropy
Major Applicable_Platforms
Minor None
332 Insufficient Entropy in PRNG
Major Applicable_Platforms
Minor Name, Common_Consequences
333 Failure of TRNG
Major Applicable_Platforms
Minor Common_Consequences
334 Small Space of Random Values
Major Applicable_Platforms
Minor None
335 PRNG Seed Error
Major Applicable_Platforms
Minor None
336 Same Seed in PRNG
Major Applicable_Platforms
Minor None
337 Predictable Seed in PRNG
Major Applicable_Platforms
Minor None
338 Non-cryptographic PRNG
Major Applicable_Platforms
Minor Common_Consequences
339 Small Seed Space in PRNG
Major Applicable_Platforms
Minor None
340 Predictability Problems
Major Description
Minor Name
341 Predictable from Observable State
Major Applicable_Platforms
Minor None
342 Predictable Exact Value from Previous Values
Major Applicable_Platforms
Minor None
343 Predictable Value Range from Previous Values
Major Applicable_Platforms
Minor None
344 Static Value in Unpredictable Context
Major Applicable_Platforms
Minor Weakness_Ordinality
345 Insufficient Verification of Data
Major Applicable_Platforms
Minor None
346 Origin Validation Error
Major Applicable_Platforms
Minor Context_Notes, Weakness_Ordinality
347 Improperly Verified Signature
Major Applicable_Platforms
Minor None
348 Use of Less Trusted Source
Major Applicable_Platforms
Minor None
349 Untrusted Data Appended with Trusted Data
Major Applicable_Platforms
Minor None
350 Improperly Trusted Reverse DNS
Major Applicable_Platforms
Minor None
351 Insufficient Type Distinction
Major Applicable_Platforms
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Applicable_Platforms, Node_Relationship
Minor None
353 Failure to Add Integrity Check Value
Major Demonstrative_Example, Applicable_Platforms
Minor Name, Common_Consequences
354 Failure to Check Integrity Check Value
Major Applicable_Platforms
Minor Name, Common_Consequences
355 User Interface Security Issues
Major Applicable_Platforms
Minor None
356 Product UI does not Warn User of Unsafe Actions
Major Applicable_Platforms
Minor Name
357 Insufficient UI Warning of Dangerous Operations
Major Applicable_Platforms
Minor Name
358 Improperly Implemented Security Check for Standard
Major Applicable_Platforms
Minor Context_Notes
359 Privacy Violation
Major Applicable_Platforms
Minor None
360 Trust of System Event Data
Major Applicable_Platforms
Minor Name, Common_Consequences
362 Race Conditions
Major Description, Node_Relationship
Minor None
363 Race Condition Enabling Link Following
Major Description, Applicable_Platforms
Minor Name
364 Signal Handler Race Condition
Major AffectedResource, Node_Relationship
Minor Name, Common_Consequences
365 Race Condition in Switch
Major None
Minor Name, Common_Consequences
366 Race Condition within a Thread
Major AffectedResource, Node_Relationship
Minor Name, Common_Consequences
367 Time-of-check Time-of-use Race Condition
Major Applicable_Platforms, Node_Relationship
Minor Name, Common_Consequences
368 Context Switching Race Condition
Major Applicable_Platforms
Minor None
370 Race Condition in Checking for Certificate Revocation
Major Applicable_Platforms
Minor Name, Common_Consequences
371 State Issues
Major Description
Minor None
372 Incomplete Internal State Distinction
Major Applicable_Platforms
Minor Context_Notes
373 State Synchronization Error
Major Applicable_Platforms
Minor Name, Common_Consequences
374 Mutable Objects Passed by Reference
Major None
Minor Name, Common_Consequences
375 Passing Mutable Objects to an Untrusted Method
Major None
Minor Name, Common_Consequences
376 Temporary File Issues
Major Description, AffectedResource, Node_Relationship
Minor None
377 Insecure Temporary File
Major Applicable_Platforms
Minor None
378 Improper Temporary File Opening
Major Applicable_Platforms
Minor Name, Common_Consequences
379 Guessed or Visible Temporary File
Major Applicable_Platforms
Minor Name, Common_Consequences
380 Technology-Specific Time and State Issues
Major Description
Minor None
381 J2EE Time and State Issues
Major Description
Minor None
383 J2EE Bad Practices: Threads
Major AffectedResource, Node_Relationship
Minor None
384 Session Fixation
Major Applicable_Platforms
Minor None
385 Covert Timing Channel
Major Applicable_Platforms
Minor None
386 Symbolic Name not Mapping to Correct Object
Major Applicable_Platforms
Minor Name, Common_Consequences
387 Signal Errors
Major AffectedResource, Node_Relationship
Minor None
388 Error Handling
Major None
Minor Common_Consequences
389 Error Conditions, Return Values, Status Codes
Major Research_Gaps, Applicable_Platforms
Minor Context_Notes
390 Improper Error Handling
Major Applicable_Platforms
Minor Name
391 Unchecked Error Condition
Major Applicable_Platforms, Node_Relationship
Minor None
392 Missing Error Status Code
Major Applicable_Platforms
Minor Observed_Example
393 Wrong Status Code
Major Applicable_Platforms
Minor Observed_Example
394 Unexpected Status Code or Return Value
Major Applicable_Platforms
Minor None
398 Code Quality
Major Description
Minor None
399 Resource Management Errors
Major Description, Applicable_Platforms, Node_Relationship
Minor None
400 Resource Exhaustion
Major Name, Context_Notes, Applicable_Platforms
Minor Common_Consequences
401 Memory Leak
Major AffectedResource, Common_Consequences, Node_Relationship
Minor Name, Context_Notes
402 Resource Leaks
Major Description
Minor Name
403 UNIX File Descriptor Leak
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Name
404 Improper Resource Shutdown or Release
Major Applicable_Platforms
Minor Name
405 Asymmetric Resource Consumption (Amplification)
Major Applicable_Platforms
Minor Name
406 Network Amplification
Major Applicable_Platforms
Minor None
407 Algorithmic Complexity
Major Applicable_Platforms
Minor Common_Consequences
408 Early Amplification
Major Applicable_Platforms
Minor None
409 Data Amplification
Major Applicable_Platforms
Minor None
410 Insufficient Resource Pool
Major Applicable_Platforms
Minor Common_Consequences
411 Resource Locking Problems
Major Description
Minor Name
412 Unrestricted Critical Resource Lock
Major Applicable_Platforms, Node_Relationship
Minor None
413 Insufficient Resource Locking
Major Applicable_Platforms
Minor Description
414 Missing Lock Check
Major Applicable_Platforms
Minor None
415 Double Free
Major Observed_Example, Alternate_Terms, AffectedResource, Node_Relationship
Minor Context_Notes, Common_Consequences
416 Use After Free
Major Context_Notes, AffectedResource, Node_Relationship
Minor Common_Consequences
417 Channel and Path Errors
Major Description, Applicable_Platforms
Minor None
418 Channel Errors
Major Description, Applicable_Platforms
Minor None
419 Unprotected Primary Channel
Major Applicable_Platforms
Minor None
420 Unprotected Alternate Channel
Major Applicable_Platforms
Minor None
421 Alternate Channel Race Condition
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
422 Unprotected Windows Messaging Channel ('Shatter')
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
423 Proxied Trusted Channel
Major Applicable_Platforms
Minor None
424 Alternate Path Errors
Major Description, Applicable_Platforms
Minor None
425 Direct Request ('Forced Browsing')
Major Name, Context_Notes, Applicable_Platforms, Node_Relationship
Minor None
426 Untrusted Search Path
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor Common_Consequences
427 Uncontrolled Search Path Element
Major Applicable_Platforms
Minor None
428 Unquoted Search Path or Element
Major Context_Notes, Applicable_Platforms
Minor None
429 Handler Errors
Major Description
Minor None
430 Improper Handler Deployment
Major Applicable_Platforms
Minor None
431 Missing Handler
Major Applicable_Platforms
Minor None
432 Dangerous Handler not Cleared/Disabled During Sensitive Operations
Major Description, Applicable_Platforms
Minor Name
433 Unparsed Raw Web Content Delivery
Major Applicable_Platforms
Minor None
434 Unrestricted File Upload
Major AffectedResource, Applicable_Platforms, Node_Relationship
Minor None
435 Interaction Errors
Major Applicable_Platforms
Minor None
436 Multiple Interpretation Error (MIE)
Major References, Context_Notes, Applicable_Platforms
Minor None
437 Extra Unhandled Features
Major Applicable_Platforms
Minor None
438 Behavioral Problems
Major Description
Minor Name
439 Behavioral Change
Major Applicable_Platforms
Minor None
440 Expected Behavior Violation
Major Applicable_Platforms
Minor Name
441 Unintended Proxy/Intermediary
Major Applicable_Platforms
Minor Name
442 Web Problems
Major Description
Minor Name
444 HTTP Request Smuggling
Major Applicable_Platforms
Minor None
445 User Interface Quality Errors
Major Description, Applicable_Platforms, Node_Relationship
Minor None
446 User Interface Discrepancy for Security Feature
Major Name, Description, Context_Notes, Applicable_Platforms, Node_Relationship
Minor None
447 Unimplemented or Unsupported Feature in UI
Major Applicable_Platforms
Minor Name
448 Obsolete Feature in UI
Major Applicable_Platforms
Minor Name
449 The UI Performs the Wrong Action
Major Applicable_Platforms, Node_Relationship
Minor Name
450 Multiple Interpretations of UI Input
Major Applicable_Platforms
Minor None
451 UI Misrepresentation of Critical Information
Major Applicable_Platforms
Minor None
452 Initialization and Cleanup Errors
Major Description, Applicable_Platforms
Minor Context_Notes
453 Insecure Default Variable Initialization
Major Applicable_Platforms
Minor Name
454 External Initialization of Trusted Variables or Values
Major Context_Notes, Applicable_Platforms
Minor Name
455 Non-exit on Failed Initialization
Major Applicable_Platforms
Minor None
456 Missing Initialization
Major Applicable_Platforms
Minor Context_Notes, Research_Gaps
457 Uninitialized Variable
Major References, Applicable_Platforms, Node_Relationship
Minor Name, Common_Consequences
458 Incorrect Initialization
Major Observed_Example, Applicable_Platforms
Minor Name
459 Incomplete Cleanup
Major Applicable_Platforms
Minor None
460 Improper Cleanup on Thrown Exception
Major Demonstrative_Example
Minor Name, Common_Consequences
461 Data Structure Issues
Major Description
Minor None
462 Duplicate Key in Associative List (Alist)
Major None
Minor Name
463 Deletion of Data-structure Sentinel
Major Description, Context_Notes
Minor Name, Common_Consequences
464 Addition of Data-structure Sentinel
Major Description
Minor Name, Common_Consequences
465 Pointer Issues
Major Description
Minor None
466 Illegal Pointer Value
Major Description, Node_Relationship
Minor None
467 Use of sizeof() on a Pointer Type
Major Description, References, Context_Notes, Demonstrative_Example, Weakness_Ordinality, Potential_Mitigations, Common_Consequences, Node_Relationship
Minor Name
468 Unintentional Pointer Scaling
Major Demonstrative_Example, Node_Relationship
Minor Name
469 Improper Pointer Subtraction
Major Description, Potential_Mitigations, Node_Relationship
Minor Name, Common_Consequences
470 Unsafe Reflection
Major Node_Relationship
Minor None
471 Modification of Assumed-Immutable Data (MAID)
Major Name, Applicable_Platforms
Minor Context_Notes
472 Web Parameter Tampering
Major Applicable_Platforms, Node_Relationship
Minor Context_Notes
473 PHP External Variable Modification
Major Description, Context_Notes, Potential_Mitigations, Node_Relationship
Minor None
474 Inconsistent Implementations
Major Applicable_Platforms
Minor None
475 Undefined Behavior
Major Applicable_Platforms
Minor None
476 NULL Pointer Dereference
Major Description, Context_Notes, Demonstrative_Example, Observed_Example, CVEs_Mentioned, Potential_Mitigations, Common_Consequences, Node_Relationship
Minor Name, Weakness_Ordinality
477 Obsolete
Major Applicable_Platforms
Minor None
478 Failure to Account for Default Case in Switch
Major None
Minor Name, Common_Consequences
479 Unsafe Function Call from a Signal Handler
Major Context_Notes, AffectedResource, Node_Relationship
Minor Name, Common_Consequences
480 Using the Wrong Operator
Major Description, Applicable_Platforms
Minor Name
481 Assigning instead of Comparing
Major None
Minor Name
482 Comparing instead of Assigning
Major None
Minor Name
483 Incorrect Block Delimitation
Major Applicable_Platforms
Minor Name, Common_Consequences
484 Omitted Break Statement
Major None
Minor Name
486 Comparing Classes by Name
Major None
Minor Common_Consequences
487 Relying on Package-level Scope
Major None
Minor Name, Common_Consequences
488 Data Leaking Between Users
Major Applicable_Platforms
Minor None
489 Leftover Debug Code
Major Context_Notes, Applicable_Platforms, Node_Relationship
Minor Common_Consequences
490 Mobile Code Issues
Major Description
Minor None
492 Mobile Code: Use of Inner Class
Major None
Minor Common_Consequences
494 Mobile Code: Invoking Untrusted Mobile Code
Major None
Minor Name
495 Private Array-Typed Field Returned From A Public Method
Major Node_Relationship
Minor None
496 Public Data Assigned to Private Array-Typed Field
Major Description, Node_Relationship
Minor None
497 System Information Leak
Major Applicable_Platforms
Minor None
498 Information Leak through Class Cloning
Major Context_Notes, Applicable_Platforms
Minor Name, Common_Consequences
499 Information Leak through Serialization
Major None
Minor Name, Common_Consequences
500 Overflow of Static Internal Buffer
Major Applicable_Platforms
Minor Name, Common_Consequences
501 Trust Boundary Violation
Major Applicable_Platforms
Minor None
502 Deserialization of Untrusted Data
Major Applicable_Platforms
Minor Name, Common_Consequences
503 Byte/Object Code
Major Description
Minor None
504 Motivation/Intent
Major Description
Minor None
508 Non-Replicating
Major Description
Minor None
509 Replicating (virus)
Major Description
Minor None
512 Spyware
Major Description
Minor None
513 Nonmalicious
Major Description
Minor None
514 Covert Channel
Major Description, Context_Notes
Minor None
515 Covert Storage Channel
Major Description
Minor Common_Consequences
522 Insufficiently Protected Credentials
Major Node_Relationship
Minor None
533 Information Leak Through Server Log Files
Major AffectedResource, Node_Relationship
Minor None
538 File and Directory Information Leaks
Major Description
Minor None
548 Information Leak Through Directory Listing
Major Description
Minor None
552 Errant Files or Directories Accessible
Major AffectedResource, Node_Relationship
Minor None
553 Possible Command Shell (csh)
Major Description
Minor None
558 Misused Authentication: getlogin()
Major Name
Minor None
559 Often Misused: Arguments and Parameters
Major Description
Minor None
560 Often Misused: umask()
Major None
Minor Name
569 Expression Issues
Major Description
Minor None
572 Call to Thread.run()
Major AffectedResource, Node_Relationship
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Context_Notes
Minor Name
581 Object Model Violation: Just One of Equals and Haschode Defined
Major None
Minor Common_Consequences
582 Mobile Code: Unsafe Array Declaration
Major Weakness_Ordinality
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Context_Notes, Demonstrative_Example, Weakness_Ordinality
Minor Description
590 Improperly Freeing Heap Memory
Major AffectedResource, Node_Relationship
Minor None
591 Memory Locking
Major AffectedResource, Node_Relationship
Minor Common_Consequences
592 Authentication Bypass Issues
Major Description
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major None
Minor Common_Consequences
594 Persistence in J2EE Frameworks
Major None
Minor Common_Consequences
599 No OpenSSL Certificate Check Performed before Use
Major Name
Minor Common_Consequences
602 Client-Side Enforcement of Server-Side Security
Major None
Minor Weakness_Ordinality
604 Deprecated
Major Node_Relationship
Minor None
605 Multiple Binds to Same Port
Major Applicable_Platforms
Minor Common_Consequences
608 Struts: Non-private Field in ActionForm Class
Major None
Minor Weakness_Ordinality
609 Double Checked Locking
Major Context_Notes
Minor None
616 Incomplete Identification of Uploaded File Variables (PHP)
Major Applicable_Platforms
Minor Weakness_Ordinality
617 Reachable Assertion
Major None
Minor Weakness_Ordinality
618 Exposed Unsafe ActiveX Method
Major None
Minor Weakness_Ordinality
621 Variable Extraction Error
Major Applicable_Platforms
Minor Weakness_Ordinality
623 Unsafe ActiveX Control Marked Safe For Scripting
Major None
Minor Weakness_Ordinality
624 Executable Regular Expression Error
Major Applicable_Platforms
Minor None
625 Permissive Regular Expression
Major Context_Notes, Applicable_Platforms
Minor Weakness_Ordinality
626 Null Byte Interaction Error (Poison Null Byte)
Major None
Minor Weakness_Ordinality
627 Dynamic Variable Evaluation
Major Applicable_Platforms
Minor None
628 Incorrectly Specified Arguments
Major None
Minor Weakness_Ordinality

More information is available — Please select a different filter.
Page Last Updated: January 05, 2017