CWE-604: Deprecated Entries
Deprecated Entries
Definition in a New Window
View ID: 604 (View: Implicit Slice) Status: Draft
View Data
View Objective
CWE nodes in this view (slice ) have been deprecated. There should be a reference pointing to the replacement in each deprecated weakness .
View Filter : .//@Status='Deprecated'
View Metrics
CWEs in this view Total CWEs Total 12 out of 909 Views 0 out of 29 Categories 1 out of 178 Weaknesses 11 out of 693 Compound_Elements 0 out of 9
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Relationships,
View_Structure 2008-11-24 CWE Content Team MITRE Internal updated Name, Relationships 2009-05-27 CWE Content Team MITRE Internal updated Relationships 2009-07-27 CWE Content Team MITRE Internal updated Relationships 2009-08-28 CWE Content Team MITRE Internal changed explicit member list to implicit
filter 2009-10-29 CWE Content Team MITRE Internal updated Relationships, View_Filter,
View_Structure Previous Entry Names Change Date Previous Entry
Name 2008-11-24 Deprecated
View Components
View Components
A |
B |
C |
D |
E |
F |
G |
H |
I |
J |
K |
L |
M |
N |
O |
P |
Q |
R |
S |
T |
U |
V |
W |
X |
Y |
Z DEPRECATED (Duplicate): Covert Timing Channel
Definition in a New Window
Weakness ID: 516 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness can be found at
CWE-385 .
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Relationships 2009-10-29 CWE Content Team MITRE Internal updated Relationships
DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
Definition in a New Window
Weakness ID: 218 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness has been deprecated because it was a duplicate of
CWE-493 . All content has been transferred to
CWE-493 .
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Alternate_Terms, Applicable_Platforms,
Common_Consequences, Description, Likelihood_of_Exploit, Name,
Relationships, Type 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-09-09 Failure to Provide
Confidentiality for Stored Data
DEPRECATED (Duplicate): General Information Management Problems
Definition in a New Window
Weakness ID: 225 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness can be found at
CWE-199 .
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Relationships 2009-10-29 CWE Content Team MITRE Internal updated Relationships
DEPRECATED (Duplicate): HTTP response splitting
Definition in a New Window
Weakness ID: 443 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness can be found at
CWE-113 .
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Relationships 2009-10-29 CWE Content Team MITRE Internal updated Relationships
DEPRECATED (Duplicate): Miscalculated Null Termination
Definition in a New Window
Weakness ID: 132 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
entry has been deprecated because it was a duplicate of
CWE-170 . All content has been transferred to
CWE-170 .
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Applicable_Platforms, Causal_Nature,
Common_Consequences, Description, Likelihood_of_Exploit, Name,
Relationships, Type 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-09-09 Miscalculated Null
Termination
DEPRECATED (Duplicate): Proxied Trusted Channel
Definition in a New Window
Weakness ID: 423 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
entry has been deprecated because it was a duplicate of
CWE-441 . All content has been transferred to
CWE-441 .
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Potential_Mitigations,
Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships, Other_Notes,
Taxonomy_Mappings 2008-11-05 CWE Content Team MITRE Internal deprecated this entry as a duplicate of
441 2008-11-24 CWE Content Team MITRE Internal updated Applicable_Platforms, Description, Name,
Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings,
Time_of_Introduction, Type 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-11-24 Proxied Trusted
Channel
DEPRECATED: Failure to Protect Stored Data from Modification
Definition in a New Window
Weakness ID: 217 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this weakness can be found at
CWE-766 and
CWE-767 .
Content History
Submissions Submission Date Submitter Organization Source CLASP Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Common_Consequences, Relationships, Other_Notes,
Taxonomy_Mappings 2009-05-20 CWE Content Team MITRE Internal deprecated this entry in favor of new entries which focus on the multiple weaknesses formerly described here, CWE-766 and CWE-767 2009-05-27 CWE Content Team MITRE Internal updated Alternate_Terms, Applicable_Platforms,
Common_Consequences, Demonstrative_Examples, Description,
Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations,
Related_Attack_Patterns, Relationships, Taxonomy_Mappings,
Time_of_Introduction, Type 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2009-05-27 Failure to Protect Stored
Data from Modification
DEPRECATED: General Special Element Problems
Definition in a New Window
Category ID: 139 (Deprecated Category) Status: Deprecated
Description
Description Summary
This
entry has been deprecated. It is a leftover from PLOVER, but
CWE-138 is a more appropriate mapping.
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Applicable_Platforms, Description,
Functional_Areas, Name, Relationships, Type 2009-10-29 CWE Content Team MITRE Internal updated Relationships 2010-06-21 CWE Content Team MITRE Internal updated Description Previous Entry Names Change Date Previous Entry
Name 2008-09-09 General Special Element
Problems
DEPRECATED: Improper Sanitization of Custom Special Characters
Definition in a New Window
Weakness ID: 92 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations.
CWE-75 is a more appropriate mapping.
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Maintenance_Notes, Relationships,
Relationship_Notes, Taxonomy_Mappings,
Weakness_Ordinalities 2008-10-14 CWE Content Team MITRE Internal updated Description, Name 2009-05-27 CWE Content Team MITRE Internal updated Description, Name 2009-07-27 CWE Content Team MITRE Internal updated Applicable_Platforms, Causal_Nature,
Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations,
Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps,
Taxonomy_Mappings, Time_of_Introduction, Type,
Weakness_Ordinalities 2009-10-29 CWE Content Team MITRE Internal updated Relationships 2009-12-28 CWE Content Team MITRE Internal updated Related_Attack_Patterns 2010-06-21 CWE Content Team MITRE Internal updated Description,
Maintenance_Notes Previous Entry Names Change Date Previous Entry
Name 2008-10-14 Custom Special Character
Injection 2009-05-27 Insufficient Sanitization of
Custom Special Characters 2009-07-27 Improper Sanitization of
Custom Special Characters
DEPRECATED: Incorrect Initialization
Definition in a New Window
Weakness ID: 458 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
weakness has been deprecated because its name and description did not match. The description duplicated
CWE-454 , while the name suggested a more abstract initialization problem. Please refer to
CWE-665 for the more abstract problem.
Content History
Modifications Modification Date Modifier Organization Source 2008-09-08 CWE Content Team MITRE Internal updated Relationships 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2008-04-11 Incorrect
Initialization
DEPRECATED: Often Misused: Path Manipulation
Definition in a New Window
Weakness ID: 249 (Deprecated Weakness Variant) Status: Deprecated
Description
Description Summary
This
entry has been deprecated because of name confusion and an accidental combination of multiple
weaknesses . Most of its content has been transferred to
CWE-785 .
Maintenance Notes
This entry was deprecated for several reasons. The primary reason is over-loading of the "path manipulation" term and the description. The original description for this entry was the same as that for the "Often Misused: File System" item in the original Seven Pernicious Kingdoms paper. However, Seven Pernicious Kingdoms also has a "Path Manipulation" phrase that is for external control of pathnames (CWE-73 ), which is a factor in symbolic link following and path traversal, neither of which is explicitly mentioned in 7PK. Fortify uses the phrase "Often Misused: Path Manipulation" for a broader range of problems, generally for issues related to buffer management. Given the multiple conflicting uses of this term, there is a chance that CWE users may have incorrectly mapped to this entry.
The second reason for deprecation is an implied combination of multiple weaknesses within buffer-handling functions. The focus of this entry has generally been on the path-conversion functions and their association with buffer overflows. However, some of Fortify's Vulncat entries have the term "path manipulation" but describe a non-overflow weakness in which the buffer is not guaranteed to contain the entire pathname, i.e., there is information truncation (see CWE-222 for a similar concept). A new entry for this non-overflow weakness may be created in a future version of CWE.
Content History
Submissions Submission Date Submitter Organization Source 7 Pernicious Kingdoms Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-08-01 KDM Analytics External added/updated white box definitions 2008-09-08 CWE Content Team MITRE Internal updated Applicable_Platforms, Relationships, Other_Notes,
Taxonomy_Mappings 2009-05-27 CWE Content Team MITRE Internal updated Demonstrative_Examples 2009-07-17(Critical)
KDM Analytics External Described inconsistencies in this entry, which the CWE
Content Team had already slated for deprecation. 2009-07-27 CWE Content Team MITRE Internal updated Affected_Resources, Applicable_Platforms,
Demonstrative_Examples, Description, Maintenance_Notes, Name, Other_Notes,
Potential_Mitigations, Relationships, Taxonomy_Mappings,
Time_of_Introduction, Type, White_Box_Definitions 2009-10-29 CWE Content Team MITRE Internal updated Relationships Previous Entry Names Change Date Previous Entry
Name 2009-07-27 Often Misused: Path
Manipulation
DEPRECATED: State Synchronization Error
Definition in a New Window
Weakness ID: 373 (Deprecated Weakness Base) Status: Deprecated
Description
Description Summary
This
entry was deprecated because it overlapped the same concepts as race condition (
CWE-362 ) and
Improper Synchronization (
CWE-662 ).
Content History
Submissions Submission Date Submitter Organization Source CLASP Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Common_Consequences, Relationships, Other_Notes,
Taxonomy_Mappings 2010-12-12(Critical)
CWE Content Team MITRE Internal Deprecated entry 2010-12-13 CWE Content Team MITRE Internal updated Applicable_Platforms, Common_Consequences,
Demonstrative_Examples, Description, Likelihood_of_Exploit, Name,
Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings,
Time_of_Introduction, Type Previous Entry Names Change Date Previous Entry
Name 2010-12-13 State Synchronization
Error
