CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > Reports > Differences between Version 1.2 and Version 1.3  
ID

Differences between Version 1.2 and Version 1.3
Differences between Version 1.2 and Version 1.3

Summary
Summary
Total (Version 1.3) 762
Total (Version 1.2) 755
Total new 7
Total deprecated 0
Total shared 755
Total important changes 117
Total major changes 183
Total minor changes 8
Total minor changes (no major) 6
Total unchanged 566
Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Affected_Resources 0 0
Alternate_Terms 1 0
Applicable_Platforms 1 0
Background_Details 0 0
Black_Box_Definitions 0 0
Causal_Nature 0 0
Common_Consequences 1 1
Common_Methods_of_Exploitation 0 0
Context_Notes 0 0
Demonstrative_Examples 15 5
Description 37 0
Detection_Factors 0 0
Enabling_Factors_for_Exploitation 0 0
Functional_Areas 0 0
Likelihood_of_Exploit 0 0
Maintenance_Notes 3 0
Modes_of_Introduction 0 0
Name 33 1
Observed_Examples 1 0
Other_Notes 6 1
Potential_Mitigations 35 0
References 1 0
Related_Attack_Patterns 19 0
Relationship_Notes 0 0
Relationships 89 0
Relevant_Properties 0 0
Research_Gaps 0 0
Source_Taxonomy 0 0
Taxonomy_Mappings 0 0
Terminology_Notes 0 0
Theoretical_Notes 2 0
Time_of_Introduction 0 0
Type 0 0
View_Audience 0 0
View_Filter 2 0
View_Structure 0 0
View_Type 0 0
Weakness_Ordinalities 0 0
White_Box_Definitions 0 0

Form and Abstraction Changes

From To Total
Unchanged 755

Relationship Changes

The "Version 1.3 Total" lists the total number of relationships in Version 1.3. The "Shared" value is the total number of relationships in entries that were in both Version 1.3 and Version 1.2. The "New" value is the total number of relationships involving entries that did not exist in Version 1.2. Thus, the total number of relationships in Version 1.3 would combine stats from Shared entries and New entries.

Relationship Version 1.3 Total Version 1.2 Total Version 1.3 Shared Unchanged Added to Version 1.3 Removed from Version 1.3 Version 1.3 New
ALL 4529 4371 4461 4343 118 28 68
CanAlsoBe 38 38 38 38
CanFollow 78 78 77 77 1 1
CanPrecede 78 78 77 77 1 1
ChildOf 1931 1852 1898 1839 59 13 33
HasMember 114 114 114 114
MemberOf 114 114 114 114
ParentOf 1931 1852 1898 1839 59 13 33
PeerOf 188 188 188 188
RequiredBy 27 27 27 27
Requires 27 27 27 27
StartsWith 3 3 3 3

Nodes Removed from Version 1.2

CWE-ID CWE Name
None.

Nodes Added to Version 1.3

CWE-ID CWE Name
754 Improper Check for Exceptional Conditions
755 Improper Handling of Exceptional Conditions
756 Missing Custom Error Page
757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
759 Use of a One-Way Hash without a Salt
760 Use of a One-Way Hash with a Predictable Salt

Nodes Deprecated in Version 1.3

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

NR 7 J2EE Misconfiguration: Missing Custom Error Page
R 9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
NR 12 ASP.NET Misconfiguration: Missing Custom Error Page
D 20 Improper Input Validation
R 41 Failure to Resolve Path Equivalence
DN 66 Improper Handling of File Names that Identify Virtual Resources
DN 67 Improper Handling of Windows Device Names
R 73 External Control of File Name or Path
R 98 Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')
R 102 Struts: Duplicate Validation Forms
R 103 Struts: Incomplete validate() Method Definition
R 104 Struts: Form Bean Does Not Extend Validation Class
R 106 Struts: Plug-in Framework not in Use
R 109 Struts: Validator Turned Off
D 116 Improper Encoding or Escaping of Output
R 117 Incorrect Output Sanitization for Logs
D 118 Improper Access of Indexable Resource (aka 'Range Error')
DN 130 Improper Handling of Length Parameter Inconsistency
R 134 Uncontrolled Format String
DN 138 Improper Sanitization of Special Elements
DN 147 Improper Sanitization of Input Terminators
DN 151 Improper Sanitization of Comment Delimiters
DN 152 Improper Sanitization of Macro Symbols
DN 153 Improper Sanitization of Substitution Characters
DN 154 Improper Sanitization of Variable Name Delimiters
DN 155 Improper Sanitization of Wildcards or Matching Symbols
DN 156 Improper Sanitization of Whitespace
R 166 Failure to Handle Missing Special Element
R 167 Failure to Handle Additional Special Element
R 168 Failure to Resolve Inconsistent Special Elements
D 178 Failure to Resolve Case Sensitivity
R 179 Incorrect Behavior Order: Early Validation
R 182 Collapse of Data Into Unsafe Value
R 183 Permissive Whitelist
R 188 Reliance on Data/Memory Layout
R 209 Error Message Information Leak
R 226 Sensitive Information Uncleared Before Release
DN 228 Improper Handling of Syntactically Invalid Structure
D 229 Improper Handling of Values
DN 230 Improper Handling of Missing Values
DN 231 Improper Handling of Extra Values
DN 232 Improper Handling of Undefined Values
DN 235 Improper Handling of Extra Parameters
DN 236 Improper Handling of Undefined Parameters
DN 237 Improper Handling of Structural Elements
DN 238 Improper Handling of Incomplete Structural Elements
DN 240 Improper Handling of Inconsistent Structural Elements
DN 241 Improper Handling of Unexpected Data Type
R 248 Uncaught Exception
R 252 Unchecked Return Value
DNR 253 Incorrect Check of Function Return Value
R 266 Incorrect Privilege Assignment
R 268 Privilege Chaining
DNR 273 Improper Check for Successfully Dropped Privileges
DN 280 Improper Handling of Insufficient Permissions or Privileges
R 283 Unverified Ownership
R 284 Access Control (Authorization) Issues
DNR 296 Improper Following of Chain of Trust for Certificate Validation
DNR 297 Improper Validation of Host-specific Certificate Data
DNR 298 Improper Validation of Certificate Expiration
DNR 299 Improper Check for Certificate Revocation
R 302 Authentication Bypass by Assumed-Immutable Data
R 304 Missing Critical Step in Authentication
R 307 Failure to Restrict Excessive Authentication Attempts
R 326 Weak Encryption
DNR 354 Improper Validation of Integrity Check Value
R 388 Error Handling
R 390 Detection of Error Condition Without Action
R 392 Failure to Report Error in Status Code
R 393 Return of Wrong Status Code
R 394 Unexpected Status Code or Return Value
R 395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
R 396 Declaration of Catch for Generic Exception
R 397 Declaration of Throws for Generic Exception
R 460 Improper Cleanup on Thrown Exception
R 526 Information Leak Through Environmental Variables
R 527 Information Leak Through CVS Repository
R 528 Information Leak Through Core Dump Files
R 529 Information Leak Through Access Control List Files
R 530 Information Leak Through Backup (.~bk) Files
R 531 Information Leak Through Test Code
R 532 Information Leak Through Log Files
R 533 Information Leak Through Server Log Files
R 534 Information Leak Through Debug Log Files
R 539 Information Leak Through Persistent Cookies
R 540 Information Leak Through Source Code
R 541 Information Leak Through Include Source Code
R 542 Information Leak Through Cleanup Log Files
DNR 544 Failure to Use a Standardized Error Handling Mechanism
R 551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
R 556 ASP.NET Misconfiguration: Use of Identity Impersonation
R 587 Assignment of a Fixed Address to a Pointer
R 588 Attempt to Access Child of a Non-structure Pointer
R 598 Information Leak Through Query Strings in GET Request
R 599 Trust of OpenSSL Certificate Without Validation
DNR 600 Failure to Catch All Exceptions in Servlet
R 601 URL Redirection to Untrusted Site (aka 'Open Redirect')
R 613 Insufficient Session Expiration
D 625 Permissive Regular Expression
R 636 Not Failing Securely (aka 'Failing Open')
R 639 Access Control Bypass Through User-Controlled Key
R 640 Weak Password Recovery Mechanism for Forgotten Password
R 644 Insufficient Sanitization of HTTP Headers for Scripting Syntax
R 693 Protection Mechanism Failure
R 703 Failure to Handle Exceptional Conditions
R 708 Incorrect Ownership Assignment
R 710 Coding Standards Violation
R 722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
R 723 OWASP Top Ten 2004 Category A2 - Broken Access Control
R 724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
R 725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
R 726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
R 727 OWASP Top Ten 2004 Category A6 - Injection Flaws
R 728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
R 729 OWASP Top Ten 2004 Category A8 - Insecure Storage
R 731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
R 733 Compiler Optimization Removal or Modification of Security-critical Code
Detailed Difference Report
Detailed Difference Report
7 J2EE Misconfiguration: Missing Custom Error Page
Major Name, Relationships
Minor None
9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Major Relationships
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Page
Major Name, Relationships
Minor None
20 Improper Input Validation
Major Description, Potential_Mitigations
Minor None
41 Failure to Resolve Path Equivalence
Major Relationships
Minor None
66 Improper Handling of File Names that Identify Virtual Resources
Major Description, Name
Minor None
67 Improper Handling of Windows Device Names
Major Description, Name
Minor None
71 Apple '.DS_Store'
Major Related_Attack_Patterns
Minor None
73 External Control of File Name or Path
Major Potential_Mitigations, Relationships
Minor None
78 Failure to Preserve OS Command Structure (aka 'OS Command Injection')
Major Potential_Mitigations
Minor None
79 Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
Major Potential_Mitigations
Minor None
89 Failure to Preserve SQL Query Structure (aka 'SQL Injection')
Major Potential_Mitigations
Minor None
93 Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')
Major References
Minor None
94 Failure to Control Generation of Code (aka 'Code Injection')
Major Potential_Mitigations
Minor None
98 Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')
Major Relationships
Minor None
102 Struts: Duplicate Validation Forms
Major Relationships
Minor None
103 Struts: Incomplete validate() Method Definition
Major Relationships
Minor None
104 Struts: Form Bean Does Not Extend Validation Class
Major Relationships
Minor None
106 Struts: Plug-in Framework not in Use
Major Relationships
Minor None
109 Struts: Validator Turned Off
Major Relationships
Minor None
113 Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')
Major Demonstrative_Examples
Minor None
116 Improper Encoding or Escaping of Output
Major Description, Potential_Mitigations
Minor Demonstrative_Examples
117 Incorrect Output Sanitization for Logs
Major Relationships
Minor None
118 Improper Access of Indexable Resource (aka 'Range Error')
Major Description
Minor None
119 Failure to Constrain Operations within the Bounds of a Memory Buffer
Major Potential_Mitigations
Minor None
130 Improper Handling of Length Parameter Inconsistency
Major Description, Name
Minor None
134 Uncontrolled Format String
Major Relationships
Minor None
138 Improper Sanitization of Special Elements
Major Description, Name
Minor None
147 Improper Sanitization of Input Terminators
Major Description, Name
Minor None
151 Improper Sanitization of Comment Delimiters
Major Description, Name
Minor None
152 Improper Sanitization of Macro Symbols
Major Description, Name
Minor None
153 Improper Sanitization of Substitution Characters
Major Description, Name
Minor None
154 Improper Sanitization of Variable Name Delimiters
Major Description, Name
Minor None
155 Improper Sanitization of Wildcards or Matching Symbols
Major Description, Name
Minor None
156 Improper Sanitization of Whitespace
Major Description, Name
Minor None
157 Failure to Sanitize Paired Delimiters
Major None
Minor Demonstrative_Examples
166 Failure to Handle Missing Special Element
Major Relationships
Minor None
167 Failure to Handle Additional Special Element
Major Relationships
Minor None
168 Failure to Resolve Inconsistent Special Elements
Major Relationships
Minor None
170 Improper Null Termination
Major Common_Consequences
Minor None
176 Failure to Handle Unicode Encoding
Major Demonstrative_Examples
Minor None
178 Failure to Resolve Case Sensitivity
Major Description
Minor None
179 Incorrect Behavior Order: Early Validation
Major Relationships
Minor None
182 Collapse of Data Into Unsafe Value
Major Relationships
Minor None
183 Permissive Whitelist
Major Relationships
Minor None
188 Reliance on Data/Memory Layout
Major Relationships
Minor None
209 Error Message Information Leak
Major Demonstrative_Examples, Potential_Mitigations, Relationships
Minor None
217 Failure to Protect Stored Data from Modification
Major None
Minor Demonstrative_Examples
226 Sensitive Information Uncleared Before Release
Major Relationships
Minor None
228 Improper Handling of Syntactically Invalid Structure
Major Description, Name
Minor None
229 Improper Handling of Values
Major Description
Minor None
230 Improper Handling of Missing Values
Major Description, Name
Minor None
231 Improper Handling of Extra Values
Major Description, Name
Minor None
232 Improper Handling of Undefined Values
Major Description, Name
Minor None
234 Failure to Handle Missing Parameter
Major Maintenance_Notes, Other_Notes, Potential_Mitigations
Minor None
235 Improper Handling of Extra Parameters
Major Description, Name
Minor None
236 Improper Handling of Undefined Parameters
Major Description, Name
Minor None
237 Improper Handling of Structural Elements
Major Description, Name
Minor None
238 Improper Handling of Incomplete Structural Elements
Major Description, Name
Minor None
240 Improper Handling of Inconsistent Structural Elements
Major Description, Name
Minor None
241 Improper Handling of Unexpected Data Type
Major Description, Name
Minor None
243 Failure to Change Working Directory in chroot Jail
Major Demonstrative_Examples
Minor None
248 Uncaught Exception
Major Relationships
Minor None
250 Execution with Unnecessary Privileges
Major Potential_Mitigations
Minor None
252 Unchecked Return Value
Major Relationships
Minor None
253 Incorrect Check of Function Return Value
Major Description, Name, Relationships
Minor None
259 Hard-Coded Password
Major Potential_Mitigations
Minor None
266 Incorrect Privilege Assignment
Major Relationships
Minor Demonstrative_Examples
268 Privilege Chaining
Major Relationships
Minor None
272 Least Privilege Violation
Major Demonstrative_Examples
Minor None
273 Improper Check for Successfully Dropped Privileges
Major Description, Name, Relationships
Minor None
274 Failure to Handle Insufficient Privileges
Major Maintenance_Notes, Theoretical_Notes
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Description, Name, Theoretical_Notes
Minor None
283 Unverified Ownership
Major Relationships
Minor None
284 Access Control (Authorization) Issues
Major Relationships
Minor None
285 Improper Access Control (Authorization)
Major Potential_Mitigations
Minor None
296 Improper Following of Chain of Trust for Certificate Validation
Major Description, Name, Relationships
Minor None
297 Improper Validation of Host-specific Certificate Data
Major Description, Name, Relationships
Minor None
298 Improper Validation of Certificate Expiration
Major Description, Name, Relationships
Minor None
299 Improper Check for Certificate Revocation
Major Description, Name, Relationships
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Relationships
Minor None
304 Missing Critical Step in Authentication
Major Relationships
Minor None
307 Failure to Restrict Excessive Authentication Attempts
Major Relationships
Minor None
319 Cleartext Transmission of Sensitive Information
Major Potential_Mitigations
Minor None
326 Weak Encryption
Major Relationships
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Potential_Mitigations
Minor None
330 Use of Insufficiently Random Values
Major Potential_Mitigations
Minor None
332 Insufficient Entropy in PRNG
Major Potential_Mitigations
Minor None
334 Small Space of Random Values
Major Potential_Mitigations
Minor None
336 Same Seed in PRNG
Major Potential_Mitigations
Minor None
337 Predictable Seed in PRNG
Major Potential_Mitigations
Minor None
339 Small Seed Space in PRNG
Major Potential_Mitigations
Minor None
341 Predictable from Observable State
Major Potential_Mitigations
Minor None
342 Predictable Exact Value from Previous Values
Major Potential_Mitigations
Minor None
343 Predictable Value Range from Previous Values
Major Potential_Mitigations
Minor None
344 Use of Invariant Value in Dynamically Changing Context
Major Potential_Mitigations
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Potential_Mitigations
Minor None
354 Improper Validation of Integrity Check Value
Major Description, Name, Relationships
Minor None
359 Privacy Violation
Major Other_Notes
Minor None
362 Race Condition
Major Demonstrative_Examples, Potential_Mitigations
Minor None
377 Insecure Temporary File
Major Demonstrative_Examples
Minor None
388 Error Handling
Major Relationships
Minor None
390 Detection of Error Condition Without Action
Major Relationships
Minor None
392 Failure to Report Error in Status Code
Major Relationships
Minor None
393 Return of Wrong Status Code
Major Relationships
Minor None
394 Unexpected Status Code or Return Value
Major Relationships
Minor None
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
Major Relationships
Minor None
396 Declaration of Catch for Generic Exception
Major Relationships
Minor None
397 Declaration of Throws for Generic Exception
Major Relationships
Minor None
401 Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')
Major Other_Notes
Minor None
404 Improper Resource Shutdown or Release
Major Potential_Mitigations
Minor None
410 Insufficient Resource Pool
Major None
Minor Other_Notes
415 Double Free
Major None
Minor Demonstrative_Examples
416 Use After Free
Major Demonstrative_Examples
Minor None
426 Untrusted Search Path
Major Demonstrative_Examples, Potential_Mitigations
Minor None
457 Use of Uninitialized Variable
Major Demonstrative_Examples
Minor None
460 Improper Cleanup on Thrown Exception
Major Relationships
Minor None
467 Use of sizeof() on a Pointer Type
Major Demonstrative_Examples
Minor None
477 Use of Obsolete Functions
Major Other_Notes
Minor None
486 Comparison of Classes by Name
Major Other_Notes
Minor None
492 Use of Inner Class Containing Sensitive Data
Major Demonstrative_Examples
Minor None
494 Download of Code Without Integrity Check
Major Potential_Mitigations
Minor None
497 Information Leak of System Data
Major Demonstrative_Examples
Minor None
526 Information Leak Through Environmental Variables
Major Relationships
Minor None
527 Information Leak Through CVS Repository
Major Relationships
Minor None
528 Information Leak Through Core Dump Files
Major Relationships
Minor None
529 Information Leak Through Access Control List Files
Major Relationships
Minor None
530 Information Leak Through Backup (.~bk) Files
Major Relationships
Minor None
531 Information Leak Through Test Code
Major Relationships
Minor None
532 Information Leak Through Log Files
Major Relationships
Minor None
533 Information Leak Through Server Log Files
Major Relationships
Minor None
534 Information Leak Through Debug Log Files
Major Relationships
Minor None
539 Information Leak Through Persistent Cookies
Major Relationships
Minor None
540 Information Leak Through Source Code
Major Relationships
Minor None
541 Information Leak Through Include Source Code
Major Relationships
Minor None
542 Information Leak Through Cleanup Log Files
Major Relationships
Minor None
544 Failure to Use a Standardized Error Handling Mechanism
Major Description, Name, Relationships
Minor None
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Major Relationships
Minor None
556 ASP.NET Misconfiguration: Use of Identity Impersonation
Major Relationships
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Relationships
Minor None
588 Attempt to Access Child of a Non-structure Pointer
Major Relationships
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major None
Minor Common_Consequences
598 Information Leak Through Query Strings in GET Request
Major Relationships
Minor None
599 Trust of OpenSSL Certificate Without Validation
Major Relationships
Minor None
600 Failure to Catch All Exceptions in Servlet
Major Alternate_Terms, Description, Maintenance_Notes, Name, Other_Notes, Relationships
Minor None
601 URL Redirection to Untrusted Site (aka 'Open Redirect')
Major Relationships
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Potential_Mitigations
Minor None
613 Insufficient Session Expiration
Major Relationships
Minor None
614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Major None
Minor Name
615 Information Leak Through Comments
Major Demonstrative_Examples
Minor None
625 Permissive Regular Expression
Major Description
Minor None
636 Not Failing Securely (aka 'Failing Open')
Major Relationships
Minor None
639 Access Control Bypass Through User-Controlled Key
Major Relationships
Minor None
640 Weak Password Recovery Mechanism for Forgotten Password
Major Relationships
Minor None
642 External Control of Critical State Data
Major Potential_Mitigations
Minor None
643 Failure to Sanitize Data within XPath Expressions (aka 'XPath injection')
Major Demonstrative_Examples
Minor None
644 Insufficient Sanitization of HTTP Headers for Scripting Syntax
Major Relationships
Minor None
662 Insufficient Synchronization
Major Related_Attack_Patterns
Minor None
663 Use of a Non-reentrant Function in an Unsynchronized Context
Major Related_Attack_Patterns
Minor None
664 Insufficient Control of a Resource Through its Lifetime
Major Related_Attack_Patterns
Minor None
665 Improper Initialization
Major Potential_Mitigations
Minor None
667 Insufficient Locking
Major Related_Attack_Patterns
Minor None
674 Uncontrolled Recursion
Major Related_Attack_Patterns
Minor None
680 Integer Overflow to Buffer Overflow
Major Related_Attack_Patterns
Minor None
682 Incorrect Calculation
Major Potential_Mitigations
Minor None
689 Permission Race Condition During Resource Copy
Major Related_Attack_Patterns
Minor None
691 Insufficient Control Flow Management
Major Related_Attack_Patterns
Minor None
692 Incomplete Blacklist to Cross-Site Scripting
Major Related_Attack_Patterns
Minor None
693 Protection Mechanism Failure
Major Related_Attack_Patterns, Relationships
Minor None
695 Use of Low-Level Functionality
Major Related_Attack_Patterns
Minor None
697 Insufficient Comparison
Major Related_Attack_Patterns
Minor None
701 Weaknesses Introduced During Design
Major View_Filter
Minor None
702 Weaknesses Introduced During Implementation
Major View_Filter
Minor None
703 Failure to Handle Exceptional Conditions
Major Relationships
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Related_Attack_Patterns
Minor None
707 Failure to Enforce that Messages or Data are Well-Formed
Major Related_Attack_Patterns
Minor None
708 Incorrect Ownership Assignment
Major Relationships
Minor None
710 Coding Standards Violation
Major Relationships
Minor None
722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
Major Relationships
Minor None
723 OWASP Top Ten 2004 Category A2 - Broken Access Control
Major Relationships
Minor None
724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Major Related_Attack_Patterns, Relationships
Minor None
725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
Major Relationships
Minor None
726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
Major Relationships
Minor None
727 OWASP Top Ten 2004 Category A6 - Injection Flaws
Major Relationships
Minor None
728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
Major Related_Attack_Patterns, Relationships
Minor None
729 OWASP Top Ten 2004 Category A8 - Insecure Storage
Major Relationships
Minor None
731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Major Relationships
Minor None
732 Insecure Permission Assignment for Critical Resource
Major Potential_Mitigations, Related_Attack_Patterns
Minor None
733 Compiler Optimization Removal or Modification of Security-critical Code
Major Applicable_Platforms, Observed_Examples, Related_Attack_Patterns, Relationships
Minor None

More information is available — Please select a different filter.
Page Last Updated: January 05, 2017