CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.1)  
ID

CWE VIEW: Weaknesses Originally Used by NVD from 2008 to 2016

View ID: 635
Type: Explicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.
+ Membership
NatureTypeIDName
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.16Configuration
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.20Improper Input Validation
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.59Improper Link Resolution Before File Access ('Link Following')
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.94Improper Control of Generation of Code ('Code Injection')
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.134Use of Externally-Controlled Format String
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.189Numeric Errors
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.200Information Exposure
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.255Credentials Management
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.264Permissions, Privileges, and Access Controls
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.287Improper Authentication
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.310Cryptographic Issues
HasMemberCompositeComposite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability.352Cross-Site Request Forgery (CSRF)
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.399Resource Management Errors
+ Notes

Maintenance

This view is effectively obsolete, although it is probably still in active use by CWE consumers.

In Summer 2007, NIST began using this set of CWE elements to classify CVE entries within the National Vulnerability Database (NVD). The data was made publicly available beginning in 2008. In 2016, NIST began using a different list as derived from the "Weaknesses for Simplified Mapping of Published Vulnerabilities" view (CWE-1003).

+ References
[REF-1] NIST. "CWE - Common Weakness Enumeration". <http://nvd.nist.gov/cwe.cfm>.
+ View Metrics
CWEs in this viewTotal CWEs
Weaknesses13out of 716
Categories6out of 247
Views0out of 32
Total19out of995
+ Content History
Modifications
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Maintenance_Notes, Relationships, References, View_Structure
2017-01-19CWE Content TeamMITRE
updated Description, Maintenance_Notes
2017-11-08CWE Content TeamMITRE
updated Description, Maintenance_Notes, Name
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08Weaknesses Used by NVD

More information is available — Please select a different filter.
Page Last Updated: March 29, 2018