Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE CATEGORY: Web Problems

Category ID: 442
Status: Draft
+ Summary
Weaknesses in this category are related to World Wide Web technology.
+ Membership
MemberOfViewView699Development Concepts
HasMemberBaseBase79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberBaseBase113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
HasMemberCompositeComposite352Cross-Site Request Forgery (CSRF)
HasMemberBaseBase425Direct Request ('Forced Browsing')
HasMemberBaseBase444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
HasMemberVariantVariant601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberVariantVariant611Improper Restriction of XML External Entity Reference ('XXE')
HasMemberVariantVariant614Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
HasMemberVariantVariant644Improper Neutralization of HTTP Headers for Scripting Syntax
HasMemberVariantVariant646Reliance on File Name or Extension of Externally-Supplied File
HasMemberVariantVariant647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberVariantVariant776Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
HasMemberVariantVariant784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
HasMemberBaseBase827Improper Control of Document Type Definition
HasMemberBaseBase918Server-Side Request Forgery (SSRF)
HasMemberVariantVariant1004Sensitive Cookie Without 'HttpOnly' Flag
HasMemberBaseBase1007Insufficient Visual Distinction of Homoglyphs Presented to User
HasMemberBaseBase1021Improper Restriction of Rendered UI Layers or Frames
HasMemberVariantVariant1022Improper Restriction of Cross-Origin Permission to window.opener.location
+ Content History
Submission DateSubmitterOrganization
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Description, Relationships, Taxonomy_Mappings
2008-10-14CWE Content TeamMITRE
updated Relationships
2009-07-27CWE Content TeamMITRE
updated Relationships
2011-03-29CWE Content TeamMITRE
updated Relationships
2013-02-21CWE Content TeamMITRE
updated Relationships
2017-01-19CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018