CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 1.5 and Version 1.6  
ID

Differences between Version 1.5 and Version 1.6
Differences between Version 1.5 and Version 1.6

Summary
Summary
Total (Version 1.6) 791
Total (Version 1.5) 787
Total new 4
Total deprecated 0
Total shared 787
Total important changes 93
Total major changes 175
Total minor changes 3
Total minor changes (no major) 2
Total unchanged 610

Summary of Entry Types

Type Version 1.5 Version 1.6
Category 104 105
Chain 3 3
Composite 9 9
Deprecated 11 11
View 22 22
Weakness 638 641

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Affected_Resources 0 0
Alternate_Terms 1 0
Applicable_Platforms 2 0
Background_Details 4 0
Black_Box_Definitions 0 0
Causal_Nature 0 0
Common_Consequences 44 0
Common_Methods_of_Exploitation 0 0
Context_Notes 0 0
Demonstrative_Examples 7 1
Description 49 1
Detection_Factors 1 0
Enabling_Factors_for_Exploitation 1 0
Functional_Areas 0 0
Likelihood_of_Exploit 0 0
Maintenance_Notes 3 0
Modes_of_Introduction 8 0
Name 2 0
Observed_Examples 9 0
Other_Notes 84 0
Potential_Mitigations 12 0
References 2 1
Related_Attack_Patterns 0 0
Relationship_Notes 11 0
Relationships 50 0
Relevant_Properties 1 0
Research_Gaps 3 0
Source_Taxonomy 0 0
Taxonomy_Mappings 2 0
Terminology_Notes 2 0
Theoretical_Notes 7 0
Time_of_Introduction 2 0
Type 2 0
View_Audience 0 0
View_Filter 1 0
View_Structure 1 0
View_Type 0 0
Weakness_Ordinalities 4 0
White_Box_Definitions 0 0

Form and Abstraction Changes

From To Total
Unchanged 785
Weakness/Base Weakness/Class 1
Weakness/Class Category 1

Status Changes

From To Total
Unchanged 784
Draft Usable 3

Relationship Changes

The "Version 1.6 Total" lists the total number of relationships in Version 1.6. The "Shared" value is the total number of relationships in entries that were in both Version 1.6 and Version 1.5. The "New" value is the total number of relationships involving entries that did not exist in Version 1.5. Thus, the total number of relationships in Version 1.6 would combine stats from Shared entries and New entries.

Relationship Version 1.6 Total Version 1.5 Total Version 1.6 Shared Unchanged Added to Version 1.6 Removed from Version 1.6 Version 1.6 New
ALL 4658 4629 4604 4556 48 73 54
ChildOf 2000 1977 1975 1955 20 22 25
ParentOf 2000 1977 1975 1955 20 22 25
MemberOf 106 117 106 106 11
HasMember 106 117 106 106 11
CanPrecede 83 80 81 77 4 3 2
CanFollow 83 80 81 77 4 3 2
StartsWith 3 3 3 3
Requires 27 27 27 27
RequiredBy 27 27 27 27
CanAlsoBe 37 38 37 37 1
PeerOf 186 186 186 186

Nodes Removed from Version 1.5

CWE-ID CWE Name
None.

Nodes Added to Version 1.6

CWE-ID CWE Name
786 Access of Memory Location Before Start of Buffer
787 Out-of-bounds Write
788 Access of Memory Location After End of Buffer
789 Uncontrolled Memory Allocation

Nodes Deprecated in Version 1.6

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 20 Improper Input Validation
D 73 External Control of File Name or Path
D 74 Failure to Sanitize Data into a Different Plane ('Injection')
D 76 Failure to Resolve Equivalent Special Elements into a Different Plane
D 77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
R 79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
R 82 Improper Sanitization of Script in Attributes of IMG Tags in a Web Page
R 83 Failure to Sanitize Script in Attributes in a Web Page
D 86 Failure to Sanitize Invalid Characters in Identifiers in Web Pages
R 92 DEPRECATED: Improper Sanitization of Custom Special Characters
R 100 Technology-Specific Input Validation Problems
D 111 Direct Use of Unsafe JNI
D 112 Missing XML Validation
D 113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
R 115 Misinterpretation of Input
R 116 Improper Encoding or Escaping of Output
R 117 Improper Output Sanitization for Logs
R 118 Improper Access of Indexable Resource ('Range Error')
D R 119 Failure to Constrain Operations within the Bounds of a Memory Buffer
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R 121 Stack-based Buffer Overflow
R 122 Heap-based Buffer Overflow
DNR 124 Buffer Underwrite ('Buffer Underflow')
D 125 Out-of-bounds Read
D R 126 Buffer Over-read
D R 127 Buffer Under-read
R 128 Wrap-around Error
DNR 129 Improper Validation of Array Index
R 132 DEPRECATED (Duplicate): Miscalculated Null Termination
R 139 DEPRECATED: General Special Element Problems
D 170 Improper Null Termination
R 189 Numeric Errors
R 190 Integer Overflow or Wraparound
D R 195 Signed to Unsigned Conversion Error
D 212 Cross-boundary Cleansing Information Leak
R 217 DEPRECATED: Failure to Protect Stored Data from Modification
R 218 DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
R 225 DEPRECATED (Duplicate): General Information Management Problems
D 226 Sensitive Information Uncleared Before Release
D 238 Improper Handling of Incomplete Structural Elements
D 239 Failure to Handle Incomplete Element
D 241 Improper Handling of Unexpected Data Type
D 242 Use of Inherently Dangerous Function
D 244 Failure to Clear Heap Memory Before Release ('Heap Inspection')
R 249 DEPRECATED: Often Misused: Path Manipulation
D 298 Improper Validation of Certificate Expiration
R 310 Cryptographic Issues
R 326 Inadequate Encryption Strength
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 328 Reversible One-Way Hash
D 333 Improper Handling of Insufficient Entropy in TRNG
D 353 Failure to Add Integrity Check Value
D 354 Improper Validation of Integrity Check Value
D 396 Declaration of Catch for Generic Exception
D 397 Declaration of Throws for Generic Exception
R 398 Indicator of Poor Code Quality
R 400 Uncontrolled Resource Consumption ('Resource Exhaustion')
R 423 DEPRECATED (Duplicate): Proxied Trusted Channel
R 436 Interpretation Conflict
R 443 DEPRECATED (Duplicate): HTTP response splitting
R 458 DEPRECATED: Incorrect Initialization
D 462 Duplicate Key in Associative List (Alist)
D 463 Deletion of Data Structure Sentinel
R 470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
D 472 External Control of Assumed-Immutable Web Parameter
R 476 NULL Pointer Dereference
D 488 Data Leak Between Sessions
D 497 Information Leak of System Data
D 498 Information Leak through Class Cloning
D 502 Deserialization of Untrusted Data
D 506 Embedded Malicious Code
R 516 DEPRECATED (Duplicate): Covert Timing Channel
D 548 Information Leak Through Directory Listing
R 565 Reliance on Cookies without Validation and Integrity Checking
D 568 finalize() Method Without super.finalize()
D 574 EJB Bad Practices: Use of Synchronization Primitives
D 575 EJB Bad Practices: Use of AWT Swing
D 576 EJB Bad Practices: Use of Java I/O
D 577 EJB Bad Practices: Use of Sockets
D 578 EJB Bad Practices: Use of Class Loader
D 581 Object Model Violation: Just One of Equals and Hashcode Defined
D 583 finalize() Method Declared Public
D 586 Explicit Call to Finalize()
D 602 Client-Side Enforcement of Server-Side Security
R 604 Deprecated Entries
R 606 Unchecked Input for Loop Condition
D 618 Exposed Unsafe ActiveX Method
R 682 Incorrect Calculation
R 693 Protection Mechanism Failure
R 759 Use of a One-Way Hash without a Salt
R 760 Use of a One-Way Hash with a Predictable Salt
R 770 Allocation of Resources Without Limits or Throttling
R 784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Detailed Difference Report
Detailed Difference Report
6 J2EE Misconfiguration: Insufficient Session-ID Length
Major Background_Details, Common_Consequences, Enabling_Factors_for_Exploitation, Other_Notes, Potential_Mitigations
Minor None
15 External Control of System or Configuration Setting
Major Modes_of_Introduction, Other_Notes
Minor None
20 Improper Input Validation
Major Common_Consequences, Demonstrative_Examples, Maintenance_Notes, Modes_of_Introduction, Observed_Examples, Relationships, Research_Gaps, Terminology_Notes
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Background_Details, Other_Notes
Minor None
67 Improper Handling of Windows Device Names
Major Background_Details, Other_Notes
Minor None
69 Failure to Handle Windows ::DATA Alternate Data Stream
Major Other_Notes, Theoretical_Notes
Minor None
72 Improper Handling of Apple HFS+ Alternate Data Stream Path
Major Other_Notes, Theoretical_Notes
Minor None
73 External Control of File Name or Path
Major Common_Consequences, Description
Minor None
74 Failure to Sanitize Data into a Different Plane ('Injection')
Major Description, Other_Notes
Minor None
76 Failure to Resolve Equivalent Special Elements into a Different Plane
Major Description, Other_Notes
Minor None
77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
Major Common_Consequences, Description, Other_Notes, Potential_Mitigations
Minor None
78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
Major Observed_Examples, References
Minor None
79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
Major Observed_Examples, Relationships
Minor None
82 Improper Sanitization of Script in Attributes of IMG Tags in a Web Page
Major Relationships
Minor None
83 Failure to Sanitize Script in Attributes in a Web Page
Major Relationships
Minor None
86 Failure to Sanitize Invalid Characters in Identifiers in Web Pages
Major Description, Other_Notes
Minor None
88 Argument Injection or Modification
Major Observed_Examples
Minor None
89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
Major None
Minor Demonstrative_Examples
90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
Major Other_Notes, Relationship_Notes
Minor None
92 DEPRECATED: Improper Sanitization of Custom Special Characters
Major Relationships
Minor None
93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
Major Other_Notes
Minor None
97 Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
Major Other_Notes, Relationship_Notes
Minor None
100 Technology-Specific Input Validation Problems
Major Relationships, Taxonomy_Mappings, Type
Minor None
111 Direct Use of Unsafe JNI
Major Description, Other_Notes
Minor None
112 Missing XML Validation
Major Description
Minor None
113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Major Common_Consequences, Description, Other_Notes, Theoretical_Notes
Minor None
115 Misinterpretation of Input
Major Relationships
Minor None
116 Improper Encoding or Escaping of Output
Major Relationships
Minor None
117 Improper Output Sanitization for Logs
Major Common_Consequences, Other_Notes, Relationships
Minor None
118 Improper Access of Indexable Resource ('Range Error')
Major Relationships
Minor None
119 Failure to Constrain Operations within the Bounds of a Memory Buffer
Major Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationships, Time_of_Introduction
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Common_Consequences, Relationships
Minor None
121 Stack-based Buffer Overflow
Major Relationships
Minor None
122 Heap-based Buffer Overflow
Major Relationships
Minor None
124 Buffer Underwrite ('Buffer Underflow')
Major Description, Name, Relationships
Minor None
125 Out-of-bounds Read
Major Description
Minor None
126 Buffer Over-read
Major Description, Relationship_Notes, Relationships
Minor None
127 Buffer Under-read
Major Description, Relationships
Minor None
128 Wrap-around Error
Major Common_Consequences, Relationships
Minor None
129 Improper Validation of Array Index
Major Description, Name, Relationships
Minor None
132 DEPRECATED (Duplicate): Miscalculated Null Termination
Major Relationships
Minor None
139 DEPRECATED: General Special Element Problems
Major Relationships
Minor None
146 Failure to Sanitize Expression/Command Delimiters
Major Other_Notes, Relationship_Notes
Minor None
159 Failure to Sanitize Special Element
Major Maintenance_Notes, Other_Notes, Terminology_Notes
Minor None
166 Improper Handling of Missing Special Element
Major Other_Notes
Minor None
170 Improper Null Termination
Major Description
Minor None
188 Reliance on Data/Memory Layout
Major Common_Consequences
Minor None
189 Numeric Errors
Major Relationships
Minor None
190 Integer Overflow or Wraparound
Major Relationships
Minor None
194 Unexpected Sign Extension
Major Demonstrative_Examples
Minor None
195 Signed to Unsigned Conversion Error
Major Common_Consequences, Description, Other_Notes, Relationships
Minor None
196 Unsigned to Signed Conversion Error
Major Common_Consequences
Minor None
201 Information Leak Through Sent Data
Major Other_Notes, Potential_Mitigations
Minor None
212 Cross-boundary Cleansing Information Leak
Major Description, Other_Notes, Relationship_Notes
Minor None
214 Process Environment Information Leak
Major Other_Notes
Minor None
217 DEPRECATED: Failure to Protect Stored Data from Modification
Major Relationships
Minor None
218 DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
Major Relationships
Minor None
225 DEPRECATED (Duplicate): General Information Management Problems
Major Relationships
Minor None
226 Sensitive Information Uncleared Before Release
Major Description, Other_Notes
Minor None
230 Improper Handling of Missing Values
Major Other_Notes, Research_Gaps
Minor None
237 Improper Handling of Structural Elements
Major None
Minor Description
238 Improper Handling of Incomplete Structural Elements
Major Description
Minor None
239 Failure to Handle Incomplete Element
Major Description
Minor None
241 Improper Handling of Unexpected Data Type
Major Description
Minor None
242 Use of Inherently Dangerous Function
Major Description, Other_Notes, References
Minor None
244 Failure to Clear Heap Memory Before Release ('Heap Inspection')
Major Common_Consequences, Description, Other_Notes
Minor None
249 DEPRECATED: Often Misused: Path Manipulation
Major Relationships
Minor None
258 Empty Password in Configuration File
Major Other_Notes, Potential_Mitigations
Minor None
285 Improper Access Control (Authorization)
Major Type
Minor None
287 Improper Authentication
Major Common_Consequences, Observed_Examples
Minor None
292 Trusting Self-reported DNS Name
Major Observed_Examples
Minor None
294 Authentication Bypass by Capture-replay
Major Observed_Examples
Minor None
298 Improper Validation of Certificate Expiration
Major Description, Other_Notes
Minor None
310 Cryptographic Issues
Major Relationships
Minor None
311 Failure to Encrypt Sensitive Data
Major Common_Consequences, Other_Notes
Minor None
326 Inadequate Encryption Strength
Major Relationships
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Relationships
Minor None
328 Reversible One-Way Hash
Major Relationships
Minor None
333 Improper Handling of Insufficient Entropy in TRNG
Major Description, Other_Notes
Minor None
353 Failure to Add Integrity Check Value
Major Description, Other_Notes
Minor None
354 Improper Validation of Integrity Check Value
Major Description, Other_Notes
Minor None
358 Improperly Implemented Security Check for Standard
Major Modes_of_Introduction, Observed_Examples, Other_Notes, Relationship_Notes
Minor None
369 Divide By Zero
Major Other_Notes
Minor None
378 Creation of Temporary File With Insecure Permissions
Major Common_Consequences, Other_Notes
Minor None
388 Error Handling
Major Common_Consequences
Minor None
392 Failure to Report Error in Status Code
Major Other_Notes, Weakness_Ordinalities
Minor None
396 Declaration of Catch for Generic Exception
Major Description, Other_Notes
Minor None
397 Declaration of Throws for Generic Exception
Major Description, Other_Notes
Minor None
398 Indicator of Poor Code Quality
Major Relationships
Minor None
400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Major Relationships
Minor None
401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
Major Modes_of_Introduction, Other_Notes
Minor None
404 Improper Resource Shutdown or Release
Major Other_Notes
Minor None
407 Algorithmic Complexity
Major Common_Consequences
Minor None
410 Insufficient Resource Pool
Major Common_Consequences
Minor None
415 Double Free
Major Other_Notes
Minor None
416 Use After Free
Major Common_Consequences
Minor None
423 DEPRECATED (Duplicate): Proxied Trusted Channel
Major Relationships
Minor None
424 Failure to Protect Alternate Path
Major Other_Notes
Minor None
429 Handler Errors
Major Other_Notes
Minor None
430 Deployment of Wrong Handler
Major Other_Notes, Weakness_Ordinalities
Minor None
436 Interpretation Conflict
Major Relationships
Minor None
440 Expected Behavior Violation
Major Other_Notes, Relevant_Properties, Theoretical_Notes
Minor None
443 DEPRECATED (Duplicate): HTTP response splitting
Major Relationships
Minor None
454 External Initialization of Trusted Variables
Major Other_Notes, Relationship_Notes
Minor None
458 DEPRECATED: Incorrect Initialization
Major Relationships
Minor None
462 Duplicate Key in Associative List (Alist)
Major Demonstrative_Examples, Description, Other_Notes
Minor None
463 Deletion of Data Structure Sentinel
Major Description, Other_Notes
Minor None
466 Return of Pointer Value Outside of Expected Range
Major Maintenance_Notes
Minor None
468 Incorrect Pointer Scaling
Major Common_Consequences
Minor None
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Major Alternate_Terms, Relationships
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes
Minor None
476 NULL Pointer Dereference
Major Relationships
Minor None
482 Comparing instead of Assigning
Major Other_Notes
Minor None
483 Incorrect Block Delimitation
Major Common_Consequences
Minor None
488 Data Leak Between Sessions
Major Description, Other_Notes
Minor None
489 Leftover Debug Code
Major Common_Consequences
Minor None
497 Information Leak of System Data
Major Description, Other_Notes
Minor None
498 Information Leak through Class Cloning
Major Common_Consequences, Description, Other_Notes, Potential_Mitigations
Minor None
502 Deserialization of Untrusted Data
Major Description, Other_Notes, Potential_Mitigations
Minor None
506 Embedded Malicious Code
Major Description, Other_Notes
Minor None
515 Covert Storage Channel
Major Other_Notes
Minor None
516 DEPRECATED (Duplicate): Covert Timing Channel
Major Relationships
Minor None
525 Information Leak Through Browser Caching
Major Common_Consequences, Other_Notes, Potential_Mitigations
Minor None
530 Information Leak Through Backup (.~bk) Files
Major Common_Consequences
Minor None
536 Information Leak Through Servlet Runtime Error Message
Major Common_Consequences
Minor None
544 Failure to Use a Standardized Error Handling Mechanism
Major Potential_Mitigations, Time_of_Introduction
Minor None
548 Information Leak Through Directory Listing
Major Description, Other_Notes
Minor None
561 Dead Code
Major Common_Consequences, Other_Notes
Minor None
565 Reliance on Cookies without Validation and Integrity Checking
Major Relationships
Minor None
568 finalize() Method Without super.finalize()
Major Description, Other_Notes
Minor None
570 Expression is Always False
Major Demonstrative_Examples
Minor None
574 EJB Bad Practices: Use of Synchronization Primitives
Major Description, Other_Notes
Minor None
575 EJB Bad Practices: Use of AWT Swing
Major Description, Other_Notes
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Description, Other_Notes
Minor None
577 EJB Bad Practices: Use of Sockets
Major Description, Other_Notes
Minor None
578 EJB Bad Practices: Use of Class Loader
Major Description, Other_Notes
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Common_Consequences, Description, Other_Notes
Minor None
583 finalize() Method Declared Public
Major Description, Other_Notes
Minor None
586 Explicit Call to Finalize()
Major Description, Other_Notes
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Applicable_Platforms, Common_Consequences, Description
Minor None
604 Deprecated Entries
Major Relationships, View_Filter, View_Structure
Minor None
605 Multiple Binds to the Same Port
Major Common_Consequences
Minor None
606 Unchecked Input for Loop Condition
Major Relationships
Minor None
609 Double-Checked Locking
Major Taxonomy_Mappings
Minor References
610 Externally Controlled Reference to a Resource in Another Sphere
Major Other_Notes, Relationship_Notes
Minor None
612 Information Leak Through Indexing of Private Data
Major Other_Notes, Research_Gaps
Minor None
618 Exposed Unsafe ActiveX Method
Major Description, Other_Notes
Minor None
619 Dangling Database Cursor ('Cursor Injection')
Major Modes_of_Introduction, Other_Notes, Weakness_Ordinalities
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Detection_Factors, Other_Notes, Weakness_Ordinalities
Minor None
639 Access Control Bypass Through User-Controlled Key
Major Common_Consequences
Minor None
641 Insufficient Filtering of File and Other Resource Names for Executable Content
Major Common_Consequences
Minor None
643 Failure to Sanitize Data within XPath Expressions ('XPath injection')
Major Common_Consequences
Minor None
644 Improper Sanitization of HTTP Headers for Scripting Syntax
Major Common_Consequences
Minor None
646 Reliance on File Name or Extension of Externally-Supplied File
Major Common_Consequences
Minor None
647 Use of Non-Canonical URL Paths for Authorization Decisions
Major Common_Consequences
Minor None
648 Incorrect Use of Privileged APIs
Major Common_Consequences
Minor None
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Major Common_Consequences
Minor None
650 Trusting HTTP Permission Methods on the Server Side
Major Common_Consequences
Minor None
651 Information Leak through WSDL File
Major Common_Consequences
Minor None
652 Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')
Major Common_Consequences
Minor None
665 Improper Initialization
Major Common_Consequences
Minor None
668 Exposure of Resource to Wrong Sphere
Major Other_Notes, Theoretical_Notes
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Background_Details, Other_Notes
Minor None
673 External Influence of Sphere Definition
Major Other_Notes, Theoretical_Notes
Minor None
675 Duplicate Operations on Resource
Major Other_Notes, Relationship_Notes
Minor None
682 Incorrect Calculation
Major Demonstrative_Examples, Relationships
Minor None
683 Function Call With Incorrect Order of Arguments
Major Modes_of_Introduction, Other_Notes, Potential_Mitigations
Minor None
685 Function Call With Incorrect Number of Arguments
Major Modes_of_Introduction, Other_Notes, Potential_Mitigations
Minor None
686 Function Call With Incorrect Argument Type
Major Other_Notes, Potential_Mitigations
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Other_Notes, Relationship_Notes
Minor None
688 Function Call With Incorrect Variable or Reference as Argument
Major Modes_of_Introduction, Other_Notes, Potential_Mitigations
Minor None
693 Protection Mechanism Failure
Major Relationships
Minor None
703 Failure to Handle Exceptional Conditions
Major Other_Notes
Minor None
759 Use of a One-Way Hash without a Salt
Major Relationships
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major Observed_Examples, Relationships
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Relationships
Minor None
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Major Relationships
Minor None
Page Last Updated: January 05, 2017