Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE CATEGORY: DEPRECATED: ASP.NET Environment Issues
Category ID: 10
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It added unnecessary depth and complexity to its associated views.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-08-15
Veracode
Suggested OWASP Top Ten 2004 mapping
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-12-15 (CWE Draft 5, 2006-12-15)
CWE Content Team
MITRE
Modifications
Modification Date
Modifier
Organization
2008-07-01
Eric Dalci
Cigital
updated Time_of_Introduction
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2009-05-27
CWE Content Team
MITRE
updated Related_Attack_Patterns
2011-06-01
CWE Content Team
MITRE
updated Common_Consequences
2012-05-11
CWE Content Team
MITRE
updated References, Relationships
2014-07-30
CWE Content Team
MITRE
updated Relationships
2017-05-03
CWE Content Team
MITRE
updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated because it redundant with the grouping provided by CWE-417.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2008-11-24
CWE Content Team
MITRE
updated Relationships
2013-02-21
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
Category ID: 171
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. Weaknesses in this category were related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data. These weaknesses can be found in other similar categories.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships
2015-12-07
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2019-06-20
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE-217: DEPRECATED: Failure to Protect Stored Data from Modification
Weakness ID: 217
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-218: DEPRECATED: Failure to provide confidentiality for stored data
Weakness ID: 218
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type
2009-10-29
CWE Content Team
MITRE
updated Relationships
2021-07-20
CWE Content Team
MITRE
updated Name
2023-06-29
CWE Content Team
MITRE
updated Mapping_Notes
Previous Entry Names
Change Date
Previous Entry Name
2008-09-09
Failure to Provide Confidentiality for Stored Data
2021-07-20
DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
CWE-225: DEPRECATED: General Information Management Problems
Weakness ID: 225
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
CWE CATEGORY: DEPRECATED: General Special Element Problems
Category ID: 139
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It is a leftover from PLOVER, but CWE-138 is a more appropriate mapping.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Functional_Areas, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters
Weakness ID: 92
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2008-10-14
CWE Content Team
MITRE
updated Description
2009-07-27
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-542: DEPRECATED: Information Exposure Through Cleanup Log Files
Weakness ID: 542
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-534: DEPRECATED: Information Exposure Through Debug Log Files
Weakness ID: 534
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-533: DEPRECATED: Information Exposure Through Server Log Files
Weakness ID: 533
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2009-07-27
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Relationships
2020-02-24
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: J2EE Time and State Issues
Category ID: 381
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
CWE CATEGORY: DEPRECATED: Mac Virtual File Problems
Category ID: 70
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Affected_Resources, Applicable_Platforms, Description, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE CATEGORY: DEPRECATED: Often Misused: Arguments and Parameters
Category ID: 559
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Other_Notes
2010-04-05
CWE Content Team
MITRE
updated Related_Attack_Patterns
2010-09-27
CWE Content Team
MITRE
updated Other_Notes, Relationship_Notes
2017-11-08
CWE Content Team
MITRE
updated Related_Attack_Patterns, Relationships
2020-02-24
CWE Content Team
MITRE
updated Description, Name, Relationship_Notes, Relationships, Type
CWE-249: DEPRECATED: Often Misused: Path Manipulation
Weakness ID: 249
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.
Extended Description
This entry was deprecated for several reasons. The primary reason is over-loading of the "path manipulation" term and the description. The original description for this entry was the same as that for the "Often Misused: File System" item in the original Seven Pernicious Kingdoms paper. However, Seven Pernicious Kingdoms also has a "Path Manipulation" phrase that is for external control of pathnames (CWE-73), which is a factor in symbolic link following and path traversal, neither of which is explicitly mentioned in 7PK. Fortify uses the phrase "Often Misused: Path Manipulation" for a broader range of problems, generally for issues related to buffer management. Given the multiple conflicting uses of this term, there is a chance that CWE users may have incorrectly mapped to this entry.
The second reason for deprecation is an implied combination of multiple weaknesses within buffer-handling functions. The focus of this entry was generally on the path-conversion functions and their association with buffer overflows. However, some of Fortify's Vulncat entries have the term "path manipulation" but describe a non-overflow weakness in which the buffer is not guaranteed to contain the entire pathname, i.e., there is information truncation (see CWE-222 for a similar concept). A new entry for this non-overflow weakness may be created in a future version of CWE.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description for suggestions for other CWE IDs to use.
CWE CATEGORY: DEPRECATED: Other Intentional, Nonmalicious Weakness
Category ID: 517
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: Pathname Traversal and Equivalence Errors
Category ID: 21
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated. There are no documented cases in which a switch's control expression is evaluated more than once.
Extended Description
It is likely that this entry was initially created based on a misinterpretation of the original source material. The original source intended to explain how switches could be unpredictable when using threads, if the control expressions used data or variables that could change between execution of different threads. That weakness is already covered by CWE-367. Despite the ambiguity in the documentation for some languages and compilers, in practice, they all evaluate the switch control expression only once. If future languages state that the code explicitly evaluates the control expression more than once, then this would not be a weakness, but the language performing as designed.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CLASP
Contributions
Contribution Date
Contributor
Organization
2022-03-31
Yongchool Ryu, MathWorks; Roberto Bagnara, BUGSENG; Guido Persch, Imagix; John Blattner, Imagix; Paul Anderson, GrammaTech; Fulvio Baccaglini; John Viega; Robert Seacord; Members of the CWE-Research mailing list, including Jonathan Hood and Steve Grubb; Commenters on Twitter, including Patricia Aas, Myria, Richard Barrell, and others
Many members of the CWE community contributed important feedback supporting deprecation of this entry. The contribution date reflects the first public request for comment; much feedback was received both before and after that date.
CWE-247: DEPRECATED: Reliance on DNS Lookups in a Security Decision
Weakness ID: 247
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description for suggestions for other CWE IDs to use.
This view has been deprecated because it is not actively maintained and does not provide utility to stakeholders. It was originally created before CWE 1.0 as a simple example of how views could be structured within CWE.
Relationships
The following graph shows the tree-like relationships between weaknesses that exist at different levels of abstraction. At the highest level, categories and pillars exist to group weaknesses. Categories (which are not technically weaknesses) are special CWE entries used to group weaknesses that share a common characteristic. Pillars are weaknesses that are described in the most abstract fashion. Below these top-level entries are weaknesses are varying levels of abstraction. Classes are still very abstract, typically independent of any specific language or technology. Base level weaknesses are used to present a more specific type of weakness. A variant is a weakness that is described at a very low level of detail, typically limited to a specific language or technology. A chain is a set of weaknesses that must be reachable consecutively in order to produce an exploitable vulnerability. While a composite is a set of weaknesses that must all be present simultaneously in order to produce an exploitable vulnerability.
CWE-1324: DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
Weakness ID: 1324
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was at a lower level of abstraction than supported by CWE. All relevant content has been integrated into CWE-319.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2020-10-01 (CWE 4.3, 2020-12-10)
Accellera IP Security Assurance (IPSA) Working Group
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2015-12-07
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Relationships
2019-06-20
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662).
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Description, Relationships, Type
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally intended as a "catch-all" for environment issues for technologies that did not have their own CWE, but it introduced unnecessary depth and complexity to the Development View (CWE-699).
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally intended as a "catch-all" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-07-01
Eric Dalci
Cigital
updated Time_of_Introduction
2008-09-08
CWE Content Team
MITRE
updated Relationships
2009-05-27
CWE Content Team
MITRE
updated Related_Attack_Patterns
2009-10-15
CWE Content Team
MITRE
changed from weakness to category, updated Relationships, added Taxonomy_Mapping
2009-10-29
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings, Type
2010-04-05
CWE Content Team
MITRE
updated Related_Attack_Patterns
2012-05-11
CWE Content Team
MITRE
updated Relationships
2014-07-30
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
CWE CATEGORY: DEPRECATED: Technology-Specific Special Elements
Category ID: 169
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally intended as a "catch-all" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
CWE CATEGORY: DEPRECATED: Technology-Specific Time and State Issues
Category ID: 380
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. Consider using the File Handling Issues category (CWE-1219).
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE-292: DEPRECATED: Trusting Self-reported DNS Name
Weakness ID: 292
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2009-05-08 (CWE 1.4, 2009-05-27)
CWE Content Team
MITRE
Modifications
Modification Date
Modifier
Organization
2010-04-05
CWE Content Team
MITRE
updated Potential_Mitigations
2010-06-21
CWE Content Team
MITRE
updated Description
2010-12-13
CWE Content Team
MITRE
updated Description
2013-02-21
CWE Content Team
MITRE
updated Maintenance_Notes
2015-12-07
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Relationships, Type
2019-01-03
CWE Content Team
MITRE
updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Type
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-1187: DEPRECATED: Use of Uninitialized Resource
Weakness ID: 1187
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction: BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This weakness has been deprecated because it was a duplicate of CWE-355. All content has been transferred to CWE-355.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Research_Gaps, Taxonomy_Mappings, Type
This view has been deprecated. It was only used for an early year of the NIST SAMATE project, and it did not represent any official or commonly-utilized list.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated. It is also a View.
Comments:
N/A
View Metrics
CWEs in this view
Total CWEs
Weaknesses
0
out of
938
Categories
0
out of
374
Views
0
out of
50
Total
0
out of
1362
Content History
Submissions
Submission Date
Submitter
Organization
2007-10-01 (CWE Draft 7, 2007-10-01)
CWE Content Team
MITRE
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, References, View_Structure
2012-05-11
CWE Content Team
MITRE
updated References
2017-11-08
CWE Content Team
MITRE
updated Description, Name, References, Relationships, Type
CWE CATEGORY: DEPRECATED: Weaknesses that Affect Files or Directories
Category ID: 632
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2007-10-01 (CWE Draft 7, 2007-10-01)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE CATEGORY: DEPRECATED: Weaknesses that Affect Memory
Category ID: 633
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
CWE CATEGORY: DEPRECATED: Weaknesses that Affect System Processes
Category ID: 634
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
This view has been deprecated. It was based on gaps in another view (CWE-888) related to research that is no longer updated, but was complete with respect to CWE at the time it was conducted.
Filter
/Weakness_Catalog[false()]
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason: Deprecated
Rationale:
This CWE has been deprecated. It is also a View.
Comments:
N/A
View Metrics
CWEs in this view
Total CWEs
Weaknesses
0
out of
938
Categories
0
out of
374
Views
0
out of
50
Total
0
out of
1362
Content History
Submissions
Submission Date
Submitter
Organization
2014-07-29 (CWE 2.8, 2014-07-31)
CWE Content Team
MITRE
Contributions
Contribution Date
Contributor
Organization
2022-07-21
Djenana Campara
KDM Analytics
suggested that there were errors in this view (leading to changes in taxonomy mappings in some entries), and that this view was outdated, leading to the decision to deprecate
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
CWE CATEGORY: DEPRECATED: Windows Path Link Problems
Category ID: 63
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Applicable_Platforms, Relationships
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Type
CWE CATEGORY: DEPRECATED: Windows Virtual File Problems
Category ID: 68
Vulnerability Mapping:
PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships.
Vulnerability Mapping Notes
Usage: PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons: Category, Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content History
Submissions
Submission Date
Submitter
Organization
2006-07-19 (CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Type
Objective
