CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > Reports > Differences between Version 1.4 and Version 1.5  
ID

Differences between Version 1.4 and Version 1.5
Differences between Version 1.4 and Version 1.5

Summary
Summary
Total (Version 1.5) 787
Total (Version 1.4) 777
Total new 10
Total deprecated 2
Total shared 777
Total important changes 69
Total major changes 197
Total minor changes 1
Total minor changes (no major)
Total unchanged 580

Summary of Entry Types

Type Version 1.4 Version 1.5
Category 104 104
Chain 3 3
Composite 9 9
Deprecated 9 11
View 22 22
Weakness 630 638

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Affected_Resources 1 0
Alternate_Terms 1 0
Applicable_Platforms 4 0
Background_Details 2 0
Black_Box_Definitions 0 0
Causal_Nature 1 0
Common_Consequences 12 0
Common_Methods_of_Exploitation 0 0
Context_Notes 0 0
Demonstrative_Examples 38 0
Description 29 1
Detection_Factors 0 0
Enabling_Factors_for_Exploitation 0 0
Functional_Areas 1 0
Likelihood_of_Exploit 1 0
Maintenance_Notes 8 0
Modes_of_Introduction 2 0
Name 8 0
Observed_Examples 11 0
Other_Notes 32 0
Potential_Mitigations 85 0
References 0 0
Related_Attack_Patterns 14 0
Relationship_Notes 8 0
Relationships 48 0
Relevant_Properties 0 0
Research_Gaps 3 0
Source_Taxonomy 0 0
Taxonomy_Mappings 6 0
Terminology_Notes 0 0
Theoretical_Notes 1 0
Time_of_Introduction 2 0
Type 2 0
View_Audience 0 0
View_Filter 0 0
View_Structure 0 0
View_Type 0 0
Weakness_Ordinalities 3 0
White_Box_Definitions 14 0

Form and Abstraction Changes

From To Total
Unchanged 775
Weakness/Base Deprecated 1
Weakness/Variant Deprecated 1

Relationship Changes

The "Version 1.5 Total" lists the total number of relationships in Version 1.5. The "Shared" value is the total number of relationships in entries that were in both Version 1.5 and Version 1.4. The "New" value is the total number of relationships involving entries that did not exist in Version 1.4. Thus, the total number of relationships in Version 1.5 would combine stats from Shared entries and New entries.

Relationship Version 1.5 Total Version 1.4 Total Version 1.5 Shared Unchanged Added to Version 1.5 Removed from Version 1.5 Version 1.5 New
ALL 4629 4591 4561 4543 18 48 68
CanAlsoBe 38 38 38 38
CanFollow 80 79 79 79 1
CanPrecede 80 79 79 79 1
ChildOf 1977 1961 1944 1937 7 24 33
HasMember 117 115 117 115 2
MemberOf 117 115 117 115 2
ParentOf 1977 1961 1944 1937 7 24 33
PeerOf 186 186 186 186
RequiredBy 27 27 27 27
Requires 27 27 27 27
StartsWith 3 3 3 3

Nodes Removed from Version 1.4

CWE-ID CWE Name
None.

Nodes Added to Version 1.5

CWE-ID CWE Name
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
777 Regular Expression without Anchors
778 Insufficient Logging
779 Logging of Excessive Data
780 Use of RSA Algorithm without OAEP
781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
782 Exposed IOCTL with Insufficient Access Control
783 Operator Precedence Logic Error
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
785 Use of Path Manipulation Function without Maximum-sized Buffer

Nodes Deprecated in Version 1.5

CWE-ID CWE Name
92 DEPRECATED: Improper Sanitization of Custom Special Characters
249 DEPRECATED: Often Misused: Path Manipulation
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 11 ASP.NET Misconfiguration: Creating Debug Binary
R 20 Improper Input Validation
R 74 Failure to Sanitize Data into a Different Plane ('Injection')
DN 77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
DN 78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
D 79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
DN 89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
NR 92 DEPRECATED: Improper Sanitization of Custom Special Characters
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
D R 138 Improper Sanitization of Special Elements
D 197 Numeric Truncation Error
R 199 Information Management Errors
R 223 Omission of Security-relevant Information
DNR 249 DEPRECATED: Often Misused: Path Manipulation
R 254 Security Features
R 284 Access Control (Authorization) Issues
R 285 Improper Access Control (Authorization)
R 287 Improper Authentication
D 294 Authentication Bypass by Capture-replay
R 297 Improper Validation of Host-specific Certificate Data
R 310 Cryptographic Issues
R 322 Key Exchange without Entity Authentication
DN 326 Inadequate Encryption Strength
R 327 Use of a Broken or Risky Cryptographic Algorithm
D 368 Context Switching Race Condition
D 379 Creation of Temporary File in Directory with Incorrect Permissions
D 385 Covert Timing Channel
D R 400 Uncontrolled Resource Consumption ('Resource Exhaustion')
R 409 Improper Handling of Highly Compressed Data (Data Amplification)
DN 412 Unrestricted Externally Accessible Lock
D R 427 Uncontrolled Search Path Element
D R 428 Unquoted Search Path or Element
R 442 Web Problems
D R 464 Addition of Data Structure Sentinel
D 481 Assigning instead of Comparing
D 494 Download of Code Without Integrity Check
R 513 Intentionally Introduced Nonmalicious Weakness
R 514 Covert Channel
D 515 Covert Storage Channel
R 518 Inadvertently Introduced Weakness
R 531 Information Leak Through Test Code
D 532 Information Leak Through Log Files
R 541 Information Leak Through Include Source Code
R 549 Missing Password Field Masking
R 551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
R 552 Files or Directories Accessible to External Parties
DNR 565 Reliance on Cookies without Validation and Integrity Checking
D 566 Access Control Bypass Through User-Controlled SQL Primary Key
R 569 Expression Issues
D 572 Call to Thread run() instead of start()
D 580 clone() Method Without super.clone()
D 587 Assignment of a Fixed Address to a Pointer
D 593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
R 599 Trust of OpenSSL Certificate Without Validation
R 602 Client-Side Enforcement of Server-Side Security
R 604 Deprecated Entries
R 625 Permissive Regular Expression
R 632 Weaknesses that Affect Files or Directories
R 633 Weaknesses that Affect Memory
R 664 Improper Control of a Resource Through its Lifetime
D R 668 Exposure of Resource to Wrong Sphere
R 670 Always-Incorrect Control Flow Implementation
R 676 Use of Potentially Dangerous Function
R 693 Protection Mechanism Failure
R 707 Improper Enforcement of Message or Data Structure
R 737 CERT C Secure Coding Section 03 - Expressions (EXP)
R 749 Exposed Dangerous Method or Function
R 754 Improper Check for Exceptional Conditions
R 771 Missing Reference to Active Allocated Resource
Detailed Difference Report
Detailed Difference Report
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Demonstrative_Examples
Minor None
9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Major Demonstrative_Examples
Minor None
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Background_Details, Common_Consequences, Demonstrative_Examples, Description, Other_Notes
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Page
Major Background_Details, Common_Consequences, Other_Notes
Minor None
13 ASP.NET Misconfiguration: Password in Configuration File
Major Demonstrative_Examples
Minor None
20 Improper Input Validation
Major Relationships
Minor None
22 Path Traversal
Major Potential_Mitigations
Minor None
23 Relative Path Traversal
Major Potential_Mitigations
Minor None
24 Path Traversal: '../filedir'
Major Potential_Mitigations
Minor Description
25 Path Traversal: '/../filedir'
Major Potential_Mitigations
Minor None
26 Path Traversal: '/dir/../filename'
Major Potential_Mitigations
Minor None
27 Path Traversal: 'dir/../../filename'
Major Potential_Mitigations
Minor None
28 Path Traversal: '..\filedir'
Major Potential_Mitigations
Minor None
29 Path Traversal: '\..\filename'
Major Potential_Mitigations
Minor None
30 Path Traversal: '\dir\..\filename'
Major Potential_Mitigations
Minor None
31 Path Traversal: 'dir\..\..\filename'
Major Potential_Mitigations
Minor None
32 Path Traversal: '...' (Triple Dot)
Major Potential_Mitigations
Minor None
33 Path Traversal: '....' (Multiple Dot)
Major Potential_Mitigations
Minor None
34 Path Traversal: '....//'
Major Potential_Mitigations
Minor None
35 Path Traversal: '.../...//'
Major Potential_Mitigations
Minor None
37 Path Traversal: '/absolute/pathname/here'
Major Potential_Mitigations
Minor None
38 Path Traversal: '\absolute\pathname\here'
Major Potential_Mitigations
Minor None
39 Path Traversal: 'C:dirname'
Major Potential_Mitigations
Minor None
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Major Potential_Mitigations
Minor None
41 Improper Resolution of Path Equivalence
Major Potential_Mitigations
Minor None
61 UNIX Symbolic Link (Symlink) Following
Major Observed_Examples
Minor None
73 External Control of File Name or Path
Major Demonstrative_Examples
Minor None
74 Failure to Sanitize Data into a Different Plane ('Injection')
Major Relationships
Minor None
77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
Major Demonstrative_Examples, Description, Name
Minor None
78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
Major Description, Name, White_Box_Definitions
Minor None
79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
Major Description
Minor None
80 Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)
Major White_Box_Definitions
Minor None
87 Failure to Sanitize Alternate XSS Syntax
Major Related_Attack_Patterns
Minor None
88 Argument Injection or Modification
Major Other_Notes, Relationship_Notes
Minor None
89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
Major Description, Name, White_Box_Definitions
Minor None
92 DEPRECATED: Improper Sanitization of Custom Special Characters
Major Applicable_Platforms, Causal_Nature, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Type, Weakness_Ordinalities
Minor None
99 Improper Control of Resource Identifiers ('Resource Injection')
Major White_Box_Definitions
Minor None
102 Struts: Duplicate Validation Forms
Major Demonstrative_Examples
Minor None
109 Struts: Validator Turned Off
Major Demonstrative_Examples
Minor None
110 Struts: Validator Without Form Field
Major Demonstrative_Examples
Minor None
113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Major Demonstrative_Examples, Potential_Mitigations
Minor None
114 Process Control
Major Demonstrative_Examples
Minor None
116 Improper Encoding or Escaping of Output
Major Demonstrative_Examples
Minor None
117 Improper Output Sanitization for Logs
Major Potential_Mitigations
Minor None
119 Failure to Constrain Operations within the Bounds of a Memory Buffer
Major Observed_Examples
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Other_Notes, Potential_Mitigations, Relationships
Minor None
121 Stack-based Buffer Overflow
Major Potential_Mitigations, White_Box_Definitions
Minor None
134 Uncontrolled Format String
Major White_Box_Definitions
Minor None
138 Improper Sanitization of Special Elements
Major Applicable_Platforms, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
140 Failure to Sanitize Delimiters
Major Potential_Mitigations
Minor None
141 Failure to Sanitize Parameter/Argument Delimiters
Major Potential_Mitigations
Minor None
142 Failure to Sanitize Value Delimiters
Major Potential_Mitigations
Minor None
143 Failure to Sanitize Record Delimiters
Major Potential_Mitigations
Minor None
144 Failure to Sanitize Line Delimiters
Major Potential_Mitigations
Minor None
145 Failure to Sanitize Section Delimiters
Major Potential_Mitigations
Minor None
146 Failure to Sanitize Expression/Command Delimiters
Major Potential_Mitigations
Minor None
147 Improper Sanitization of Input Terminators
Major Potential_Mitigations
Minor None
148 Failure to Sanitize Input Leaders
Major Potential_Mitigations
Minor None
149 Failure to Sanitize Quoting Syntax
Major Potential_Mitigations
Minor None
150 Failure to Sanitize Escape, Meta, or Control Sequences
Major Potential_Mitigations
Minor None
151 Improper Sanitization of Comment Delimiters
Major Observed_Examples, Potential_Mitigations
Minor None
152 Improper Sanitization of Macro Symbols
Major Potential_Mitigations
Minor None
153 Improper Sanitization of Substitution Characters
Major Potential_Mitigations
Minor None
154 Improper Sanitization of Variable Name Delimiters
Major Potential_Mitigations
Minor None
155 Improper Sanitization of Wildcards or Matching Symbols
Major Potential_Mitigations
Minor None
156 Improper Sanitization of Whitespace
Major Potential_Mitigations
Minor None
157 Failure to Sanitize Paired Delimiters
Major Potential_Mitigations
Minor None
158 Failure to Sanitize Null Byte or NUL Character
Major Potential_Mitigations
Minor None
159 Failure to Sanitize Special Element
Major Potential_Mitigations
Minor None
160 Improper Sanitization of Leading Special Elements
Major Potential_Mitigations
Minor None
161 Improper Sanitization of Multiple Leading Special Elements
Major Potential_Mitigations
Minor None
162 Improper Sanitization of Trailing Special Elements
Major Potential_Mitigations
Minor None
163 Improper Sanitization of Multiple Trailing Special Elements
Major Potential_Mitigations
Minor None
164 Improper Sanitization of Internal Special Elements
Major Potential_Mitigations
Minor None
165 Improper Sanitization of Multiple Internal Special Elements
Major Potential_Mitigations
Minor None
166 Improper Handling of Missing Special Element
Major Potential_Mitigations
Minor None
167 Improper Handling of Additional Special Element
Major Potential_Mitigations
Minor None
168 Failure to Resolve Inconsistent Special Elements
Major Potential_Mitigations
Minor None
170 Improper Null Termination
Major Common_Consequences, Other_Notes, Potential_Mitigations, White_Box_Definitions
Minor None
172 Encoding Error
Major Potential_Mitigations
Minor None
173 Failure to Handle Alternate Encoding
Major Potential_Mitigations
Minor None
174 Double Decoding of the Same Data
Major Potential_Mitigations
Minor None
175 Failure to Handle Mixed Encoding
Major Potential_Mitigations
Minor None
176 Failure to Handle Unicode Encoding
Major Potential_Mitigations
Minor None
177 Failure to Handle URL Encoding (Hex Encoding)
Major Potential_Mitigations
Minor None
178 Failure to Resolve Case Sensitivity
Major Potential_Mitigations
Minor None
182 Collapse of Data Into Unsafe Value
Major Potential_Mitigations
Minor None
183 Permissive Whitelist
Major Potential_Mitigations
Minor None
197 Numeric Truncation Error
Major Description, Observed_Examples, Other_Notes, Research_Gaps
Minor None
199 Information Management Errors
Major Relationships
Minor None
223 Omission of Security-relevant Information
Major Relationships
Minor None
241 Improper Handling of Unexpected Data Type
Major Potential_Mitigations
Minor None
247 Reliance on DNS Lookups in a Security Decision
Major Demonstrative_Examples
Minor None
249 DEPRECATED: Often Misused: Path Manipulation
Major Affected_Resources, Applicable_Platforms, Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type, White_Box_Definitions
Minor None
252 Unchecked Return Value
Major Demonstrative_Examples
Minor None
254 Security Features
Major Relationships
Minor None
256 Plaintext Storage of a Password
Major Demonstrative_Examples
Minor None
259 Hard-Coded Password
Major Demonstrative_Examples, Related_Attack_Patterns, White_Box_Definitions
Minor None
261 Weak Cryptography for Passwords
Major Demonstrative_Examples
Minor None
284 Access Control (Authorization) Issues
Major Alternate_Terms, Relationships
Minor None
285 Improper Access Control (Authorization)
Major Relationships
Minor None
287 Improper Authentication
Major Relationships
Minor None
289 Authentication Bypass by Alternate Name
Major Other_Notes, Potential_Mitigations, Theoretical_Notes
Minor None
290 Authentication Bypass by Spoofing
Major Relationship_Notes
Minor None
294 Authentication Bypass by Capture-replay
Major Description, Other_Notes, Potential_Mitigations
Minor None
296 Improper Following of Chain of Trust for Certificate Validation
Major Demonstrative_Examples
Minor None
297 Improper Validation of Host-specific Certificate Data
Major Demonstrative_Examples, Relationships
Minor None
298 Improper Validation of Certificate Expiration
Major Demonstrative_Examples
Minor None
307 Failure to Restrict Excessive Authentication Attempts
Major Observed_Examples
Minor None
310 Cryptographic Issues
Major Maintenance_Notes, Relationship_Notes, Relationships
Minor None
322 Key Exchange without Entity Authentication
Major Relationships
Minor None
326 Inadequate Encryption Strength
Major Common_Consequences, Description, Maintenance_Notes, Name
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Maintenance_Notes, Relationships
Minor None
345 Insufficient Verification of Data Authenticity
Major Related_Attack_Patterns
Minor None
359 Privacy Violation
Major Demonstrative_Examples
Minor None
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major White_Box_Definitions
Minor None
368 Context Switching Race Condition
Major Description, Other_Notes, Relationship_Notes, Weakness_Ordinalities
Minor None
379 Creation of Temporary File in Directory with Incorrect Permissions
Major Description, Other_Notes, Potential_Mitigations
Minor None
384 Session Fixation
Major Demonstrative_Examples, Related_Attack_Patterns
Minor None
385 Covert Timing Channel
Major Description, Other_Notes, Potential_Mitigations
Minor None
387 Signal Errors
Major Observed_Examples
Minor None
390 Detection of Error Condition Without Action
Major Demonstrative_Examples
Minor None
391 Unchecked Error Condition
Major White_Box_Definitions
Minor None
400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Major Description, Relationships
Minor None
401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
Major White_Box_Definitions
Minor None
404 Improper Resource Shutdown or Release
Major Demonstrative_Examples, Related_Attack_Patterns
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Common_Consequences, Other_Notes
Minor None
407 Algorithmic Complexity
Major Functional_Areas, Other_Notes
Minor None
409 Improper Handling of Highly Compressed Data (Data Amplification)
Major Relationships
Minor None
410 Insufficient Resource Pool
Major Demonstrative_Examples
Minor None
412 Unrestricted Externally Accessible Lock
Major Common_Consequences, Description, Name, Potential_Mitigations, White_Box_Definitions
Minor None
417 Channel and Path Errors
Major Other_Notes, Relationship_Notes
Minor None
427 Uncontrolled Search Path Element
Major Description, Maintenance_Notes, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships
Minor None
428 Unquoted Search Path or Element
Major Applicable_Platforms, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships
Minor None
442 Web Problems
Major Relationships
Minor None
450 Multiple Interpretations of UI Input
Major Potential_Mitigations
Minor None
463 Deletion of Data Structure Sentinel
Major Potential_Mitigations
Minor None
464 Addition of Data Structure Sentinel
Major Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships
Minor None
468 Incorrect Pointer Scaling
Major White_Box_Definitions
Minor None
471 Modification of Assumed-Immutable Data (MAID)
Major Other_Notes
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Potential_Mitigations
Minor None
477 Use of Obsolete Functions
Major Demonstrative_Examples
Minor None
481 Assigning instead of Comparing
Major Description, Other_Notes
Minor None
482 Comparing instead of Assigning
Major Common_Consequences, Modes_of_Introduction
Minor None
486 Comparison of Classes by Name
Major Demonstrative_Examples
Minor None
489 Leftover Debug Code
Major Demonstrative_Examples
Minor None
491 Public cloneable() Method Without Final ('Object Hijack')
Major Demonstrative_Examples
Minor None
494 Download of Code Without Integrity Check
Major Description, Observed_Examples, Related_Attack_Patterns
Minor None
497 Information Leak of System Data
Major Demonstrative_Examples
Minor None
499 Serializable Class Containing Sensitive Data
Major Demonstrative_Examples
Minor None
513 Intentionally Introduced Nonmalicious Weakness
Major Relationships
Minor None
514 Covert Channel
Major Relationships
Minor None
515 Covert Storage Channel
Major Common_Consequences, Description
Minor None
518 Inadvertently Introduced Weakness
Major Relationships
Minor None
531 Information Leak Through Test Code
Major Relationships
Minor None
532 Information Leak Through Log Files
Major Common_Consequences, Description, Likelihood_of_Exploit, Potential_Mitigations
Minor None
541 Information Leak Through Include Source Code
Major Relationships
Minor None
549 Missing Password Field Masking
Major Relationships
Minor None
551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Major Relationships
Minor None
552 Files or Directories Accessible to External Parties
Major Relationships
Minor None
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
Major Other_Notes
Minor None
561 Dead Code
Major Demonstrative_Examples
Minor None
565 Reliance on Cookies without Validation and Integrity Checking
Major Description, Name, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings
Minor None
566 Access Control Bypass Through User-Controlled SQL Primary Key
Major Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Taxonomy_Mappings
Minor None
569 Expression Issues
Major Relationships
Minor None
570 Expression is Always False
Major Demonstrative_Examples, Other_Notes, Potential_Mitigations
Minor None
571 Expression is Always True
Major Demonstrative_Examples, Other_Notes, Potential_Mitigations
Minor None
572 Call to Thread run() instead of start()
Major Description, Other_Notes
Minor None
580 clone() Method Without super.clone()
Major Description, Other_Notes, Potential_Mitigations
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Common_Consequences, Description, Other_Notes
Minor None
588 Attempt to Access Child of a Non-structure Pointer
Major Common_Consequences, Other_Notes
Minor None
589 Call to Non-ubiquitous API
Major Other_Notes, Potential_Mitigations
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Description, Other_Notes, Potential_Mitigations
Minor None
599 Trust of OpenSSL Certificate Without Validation
Major Relationships
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Related_Attack_Patterns, Relationships
Minor None
604 Deprecated Entries
Major Relationships
Minor None
615 Information Leak Through Comments
Major Observed_Examples, Taxonomy_Mappings
Minor None
625 Permissive Regular Expression
Major Relationships
Minor None
632 Weaknesses that Affect Files or Directories
Major Relationships
Minor None
633 Weaknesses that Affect Memory
Major Relationships
Minor None
642 External Control of Critical State Data
Major Related_Attack_Patterns
Minor None
646 Reliance on File Name or Extension of Externally-Supplied File
Major Related_Attack_Patterns
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Relationships
Minor None
665 Improper Initialization
Major Related_Attack_Patterns
Minor None
667 Insufficient Locking
Major Common_Consequences
Minor None
668 Exposure of Resource to Wrong Sphere
Major Description, Relationships
Minor None
670 Always-Incorrect Control Flow Implementation
Major Maintenance_Notes, Modes_of_Introduction, Other_Notes, Relationships
Minor None
676 Use of Potentially Dangerous Function
Major Relationships
Minor None
682 Incorrect Calculation
Major Demonstrative_Examples, Related_Attack_Patterns
Minor None
693 Protection Mechanism Failure
Major Relationships
Minor None
707 Improper Enforcement of Message or Data Structure
Major Relationships
Minor None
715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Major Related_Attack_Patterns
Minor None
737 CERT C Secure Coding Section 03 - Expressions (EXP)
Major Relationships
Minor None
749 Exposed Dangerous Method or Function
Major Relationships
Minor None
754 Improper Check for Exceptional Conditions
Major Relationships
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Related_Attack_Patterns
Minor None
771 Missing Reference to Active Allocated Resource
Major Relationships
Minor None

More information is available — Please select a different filter.
Page Last Updated: January 05, 2017