CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE VIEW: Weaknesses Introduced During Design

View ID: 701
Structure: Implicit Slice
Status: Incomplete
Presentation Filter:
+ View Data

View Objective

This view (slice) lists weaknesses that can be introduced during design.

View Filter: .//Introductory_Phase='Architecture and Design'

+ Relationships
Weakness BaseWeakness Base Absolute Path Traversal - (36)
Weakness BaseWeakness Base Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
Weakness VariantWeakness Variant Access to Critical Private Variable via Public Method - (767)
Weakness BaseWeakness Base Addition of Data Structure Sentinel - (464)
Weakness BaseWeakness Base Algorithmic Complexity - (407)
Weakness VariantWeakness Variant Allocation of File Descriptors or Handles Without Limits or Throttling - (774)
Weakness BaseWeakness Base Allocation of Resources Without Limits or Throttling - (770)
Weakness ClassWeakness Class Always-Incorrect Control Flow Implementation - (670)
Weakness VariantWeakness Variant Apple '.DS_Store' - (71)
Weakness BaseWeakness Base Argument Injection or Modification - (88)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Not Using Input Validation Framework - (554)
Weakness VariantWeakness Variant ASP.NET Misconfiguration: Password in Configuration File - (13)
Weakness BaseWeakness Base Assignment of a Fixed Address to a Pointer - (587)
Weakness ClassWeakness Class Asymmetric Resource Consumption (Amplification) - (405)
Weakness VariantWeakness Variant Attempt to Access Child of a Non-structure Pointer - (588)
Weakness VariantWeakness Variant Authentication Bypass by Alternate Name - (289)
Weakness VariantWeakness Variant Authentication Bypass by Assumed-Immutable Data - (302)
Weakness BaseWeakness Base Authentication Bypass by Capture-replay - (294)
Weakness BaseWeakness Base Authentication Bypass by Primary Weakness - (305)
Weakness BaseWeakness Base Authentication Bypass by Spoofing - (290)
Weakness BaseWeakness Base Authentication Bypass Using an Alternate Path or Channel - (288)
Weakness VariantWeakness Variant Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created - (593)
Weakness BaseWeakness Base Authorization Bypass Through User-Controlled Key - (639)
Weakness VariantWeakness Variant Authorization Bypass Through User-Controlled SQL Primary Key - (566)
Weakness BaseWeakness Base Behavioral Change in New Version or Environment - (439)
Weakness BaseWeakness Base Buffer Underwrite ('Buffer Underflow') - (124)
Weakness VariantWeakness Variant Call to Non-ubiquitous API - (589)
Weakness ClassWeakness Class Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - (300)
Weakness VariantWeakness Variant Cleartext Storage in a File or on Disk - (313)
Weakness VariantWeakness Variant Cleartext Storage in the Registry - (314)
Weakness BaseWeakness Base Cleartext Storage of Sensitive Information - (312)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in a Cookie - (315)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in Executable - (318)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in GUI - (317)
Weakness VariantWeakness Variant Cleartext Storage of Sensitive Information in Memory - (316)
Weakness BaseWeakness Base Cleartext Transmission of Sensitive Information - (319)
Weakness BaseWeakness Base Client-Side Enforcement of Server-Side Security - (602)
Weakness ClassWeakness Class Coding Standards Violation - (710)
Weakness ClassWeakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
Weakness ClassWeakness Class Containment Errors (Container Errors) - (216)
Weakness BaseWeakness Base Context Switching Race Condition - (368)
Weakness BaseWeakness Base Covert Timing Channel - (385)
Weakness BaseWeakness Base Creation of Temporary File in Directory with Incorrect Permissions - (379)
Weakness BaseWeakness Base Creation of Temporary File With Insecure Permissions - (378)
Weakness VariantWeakness Variant Critical Variable Declared Public - (766)
Compound Element: CompositeCompound Element: Composite Cross-Site Request Forgery (CSRF) - (352)
Weakness BaseWeakness Base Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
Weakness BaseWeakness Base Declaration of Catch for Generic Exception - (396)
Weakness BaseWeakness Base Declaration of Throws for Generic Exception - (397)
Weakness BaseWeakness Base Deletion of Data Structure Sentinel - (463)
Weakness VariantWeakness Variant Deserialization of Untrusted Data - (502)
Weakness ClassWeakness Class Detection of Error Condition Without Action - (390)
Weakness BaseWeakness Base Direct Request ('Forced Browsing') - (425)
Weakness VariantWeakness Variant Double Free - (415)
Weakness BaseWeakness Base Download of Code Without Integrity Check - (494)
Weakness BaseWeakness Base Duplicate Key in Associative List (Alist) - (462)
Weakness VariantWeakness Variant EJB Bad Practices: Use of AWT Swing - (575)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Class Loader - (578)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Java I/O - (576)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Sockets - (577)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Synchronization Primitives - (574)
Weakness VariantWeakness Variant Empty Password in Configuration File - (258)
Weakness ClassWeakness Class Execution with Unnecessary Privileges - (250)
Weakness BaseWeakness Base Expected Behavior Violation - (440)
Weakness BaseWeakness Base Exposed Dangerous Method or Function - (749)
Weakness VariantWeakness Variant Exposed IOCTL with Insufficient Access Control - (782)
Weakness BaseWeakness Base Exposed Unsafe ActiveX Method - (618)
Weakness BaseWeakness Base Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') - (403)
Weakness ClassWeakness Class Exposure of Private Information ('Privacy Violation') - (359)
Weakness ClassWeakness Class Exposure of Resource to Wrong Sphere - (668)
Weakness VariantWeakness Variant Exposure of Sensitive Data Through Data Queries - (202)
Weakness ClassWeakness Class External Control of Critical State Data - (642)
Weakness ClassWeakness Class External Control of File Name or Path - (73)
Weakness ClassWeakness Class External Influence of Sphere Definition - (673)
Weakness BaseWeakness Base External Initialization of Trusted Variables or Data Stores - (454)
Weakness ClassWeakness Class Externally Controlled Reference to a Resource in Another Sphere - (610)
Weakness VariantWeakness Variant Failure to Handle Incomplete Element - (239)
Weakness VariantWeakness Variant Failure to Handle Missing Parameter - (234)
Weakness ClassWeakness Class Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - (75)
CategoryCategory File Descriptor Exhaustion - (769)
Weakness BaseWeakness Base Guessable CAPTCHA - (804)
Weakness VariantWeakness Variant Heap-based Buffer Overflow - (122)
Weakness ClassWeakness Class Hidden Functionality - (912)
Weakness ClassWeakness Class Improper Access Control - (284)
Weakness VariantWeakness Variant Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)
Weakness ClassWeakness Class Improper Authentication - (287)
Weakness ClassWeakness Class Improper Authorization - (285)
Weakness BaseWeakness Base Improper Certificate Validation - (295)
Weakness VariantWeakness Variant Improper Check for Certificate Revocation - (299)
Weakness BaseWeakness Base Improper Check for Dropped Privileges - (273)
Weakness ClassWeakness Class Improper Check or Handling of Exceptional Conditions - (703)
Weakness BaseWeakness Base Improper Control of Dynamically-Identified Variables - (914)
Weakness ClassWeakness Class Improper Control of Dynamically-Managed Code Resources - (913)
Weakness BaseWeakness Base Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - (98)
Weakness ClassWeakness Class Improper Control of Generation of Code ('Code Injection') - (94)
Weakness ClassWeakness Class Improper Control of Interaction Frequency - (799)
Weakness BaseWeakness Base Improper Control of Resource Identifiers ('Resource Injection') - (99)
Weakness BaseWeakness Base Improper Cross-boundary Removal of Sensitive Data - (212)
Weakness ClassWeakness Class Improper Encoding or Escaping of Output - (116)
Weakness ClassWeakness Class Improper Enforcement of Message Integrity During Transmission in a Communication Channel - (924)
Weakness ClassWeakness Class Improper Enforcement of Message or Data Structure - (707)
Weakness VariantWeakness Variant Improper Export of Android Application Components - (926)
Weakness BaseWeakness Base Improper Following of a Certificate's Chain of Trust - (296)
Weakness ClassWeakness Class Improper Fulfillment of API Contract ('API Abuse') - (227)
Weakness VariantWeakness Variant Improper Handling of Apple HFS+ Alternate Data Stream Path - (72)
Weakness VariantWeakness Variant Improper Handling of Extra Parameters - (235)
Weakness VariantWeakness Variant Improper Handling of Extra Values - (231)
Weakness BaseWeakness Base Improper Handling of File Names that Identify Virtual Resources - (66)
Weakness BaseWeakness Base Improper Handling of Highly Compressed Data (Data Amplification) - (409)
Weakness VariantWeakness Variant Improper Handling of Incomplete Structural Elements - (238)
Weakness VariantWeakness Variant Improper Handling of Inconsistent Structural Elements - (240)
Weakness VariantWeakness Variant Improper Handling of Insufficient Entropy in TRNG - (333)
Weakness BaseWeakness Base Improper Handling of Insufficient Permissions or Privileges - (280)
Weakness BaseWeakness Base Improper Handling of Insufficient Privileges - (274)
Weakness BaseWeakness Base Improper Handling of Length Parameter Inconsistency - (130)
Weakness BaseWeakness Base Improper Handling of Parameters - (233)
Weakness ClassWeakness Class Improper Handling of Syntactically Invalid Structure - (228)
Weakness VariantWeakness Variant Improper Handling of Undefined Parameters - (236)
Weakness VariantWeakness Variant Improper Handling of Undefined Values - (232)
Weakness BaseWeakness Base Improper Handling of Unexpected Data Type - (241)
Weakness BaseWeakness Base Improper Handling of Values - (229)
Weakness VariantWeakness Variant Improper Handling of Windows ::DATA Alternate Data Stream - (69)
Weakness VariantWeakness Variant Improper Handling of Windows Device Names - (67)
Weakness ClassWeakness Class Improper Input Validation - (20)
Weakness ClassWeakness Class Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)
Weakness BaseWeakness Base Improper Locking - (667)
Weakness BaseWeakness Base Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
Weakness BaseWeakness Base Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)
Weakness BaseWeakness Base Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - (96)
Weakness VariantWeakness Variant Improper Neutralization of Encoded URI Schemes in a Web Page - (84)
Weakness BaseWeakness Base Improper Neutralization of Equivalent Special Elements - (76)
Weakness VariantWeakness Variant Improper Neutralization of HTTP Headers for Scripting Syntax - (644)
Weakness BaseWeakness Base Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
Weakness VariantWeakness Variant Improper Neutralization of Server-Side Includes (SSI) Within a Web Page - (97)
Weakness ClassWeakness Class Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - (74)
Weakness ClassWeakness Class Improper Neutralization of Special Elements used in a Command ('Command Injection') - (77)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
Weakness ClassWeakness Class Improper Ownership Management - (282)
Weakness BaseWeakness Base Improper Preservation of Permissions - (281)
Weakness BaseWeakness Base Improper Privilege Management - (269)
Weakness ClassWeakness Class Improper Protection of Alternate Path - (424)
Weakness BaseWeakness Base Improper Release of Memory Before Removing Last Reference ('Memory Leak') - (401)
Weakness BaseWeakness Base Improper Resource Locking - (413)
Weakness BaseWeakness Base Improper Resource Shutdown or Release - (404)
Weakness ClassWeakness Class Improper Restriction of Communication Channel to Intended Endpoints - (923)
Weakness BaseWeakness Base Improper Restriction of Excessive Authentication Attempts - (307)
Weakness BaseWeakness Base Improper Restriction of Names for Files and Other Resources - (641)
Weakness ClassWeakness Class Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)
Weakness BaseWeakness Base Improper Restriction of Power Consumption - (920)
Weakness BaseWeakness Base Improper Synchronization - (662)
Weakness VariantWeakness Variant Improper Validation of Certificate Expiration - (298)
Weakness VariantWeakness Variant Improper Validation of Certificate with Host Mismatch - (297)
Weakness BaseWeakness Base Improper Validation of Integrity Check Value - (354)
Weakness BaseWeakness Base Improper Verification of Cryptographic Signature - (347)
Weakness VariantWeakness Variant Improper Verification of Intent by Broadcast Receiver - (925)
Weakness BaseWeakness Base Improper Verification of Source of a Communication Channel - (940)
Weakness BaseWeakness Base Improperly Controlled Modification of Dynamically-Determined Object Attributes - (915)
Weakness BaseWeakness Base Improperly Implemented Security Check for Standard - (358)
Weakness ClassWeakness Class Inadequate Encryption Strength - (326)
CategoryCategory Inadvertently Introduced Weakness - (518)
Weakness BaseWeakness Base Incomplete Blacklist - (184)
Weakness BaseWeakness Base Incomplete Cleanup - (459)
Weakness BaseWeakness Base Incomplete Internal State Distinction - (372)
Weakness BaseWeakness Base Incomplete Model of Endpoint Features - (437)
Weakness BaseWeakness Base Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)
Weakness ClassWeakness Class Incorrect Access of Indexable Resource ('Range Error') - (118)
Weakness ClassWeakness Class Incorrect Authorization - (863)
Weakness ClassWeakness Class Incorrect Behavior Order - (696)
Weakness BaseWeakness Base Incorrect Behavior Order: Early Amplification - (408)
Weakness ClassWeakness Class Incorrect Calculation - (682)
Weakness ClassWeakness Class Incorrect Control Flow Scoping - (705)
Weakness VariantWeakness Variant Incorrect Default Permissions - (276)
Weakness VariantWeakness Variant Incorrect Execution-Assigned Permissions - (279)
Weakness BaseWeakness Base Incorrect Ownership Assignment - (708)
Weakness ClassWeakness Class Incorrect Permission Assignment for Critical Resource - (732)
Weakness BaseWeakness Base Incorrect Privilege Assignment - (266)
Weakness ClassWeakness Class Incorrect Resource Transfer Between Spheres - (669)
Weakness ClassWeakness Class Incorrect Type Conversion or Cast - (704)
Weakness BaseWeakness Base Incorrect Use of Privileged APIs - (648)
Weakness ClassWeakness Class Incorrect User Management - (286)
Weakness BaseWeakness Base Incorrectly Specified Destination in a Communication Channel - (941)
Weakness ClassWeakness Class Indicator of Poor Code Quality - (398)
Weakness ClassWeakness Class Information Exposure - (200)
Weakness VariantWeakness Variant Information Exposure of Internal State Through Behavioral Inconsistency - (206)
Weakness BaseWeakness Base Information Exposure Through an Error Message - (209)
Weakness VariantWeakness Variant Information Exposure Through an External Behavioral Inconsistency - (207)
Weakness BaseWeakness Base Information Exposure Through Behavioral Discrepancy - (205)
Weakness VariantWeakness Variant Information Exposure Through Cleanup Log Files - (542)
Weakness VariantWeakness Variant Information Exposure Through Debug Information - (215)
Weakness ClassWeakness Class Information Exposure Through Discrepancy - (203)
Weakness VariantWeakness Variant Information Exposure Through Environmental Variables - (526)
Weakness BaseWeakness Base Information Exposure Through Externally-generated Error Message - (211)
Weakness VariantWeakness Variant Information Exposure Through Indexing of Private Data - (612)
Weakness VariantWeakness Variant Information Exposure Through Log Files - (532)
Weakness VariantWeakness Variant Information Exposure Through Persistent Cookies - (539)
Weakness VariantWeakness Variant Information Exposure Through Process Environment - (214)
Weakness VariantWeakness Variant Information Exposure Through Query Strings in GET Request - (598)
Weakness BaseWeakness Base Information Exposure Through Self-generated Error Message - (210)
Weakness VariantWeakness Variant Information Exposure Through Shell Error Message - (535)
Weakness BaseWeakness Base Information Exposure Through Timing Discrepancy - (208)
Weakness VariantWeakness Variant Information Exposure Through WSDL File - (651)
Weakness ClassWeakness Class Information Loss or Omission - (221)
Weakness BaseWeakness Base Insecure Default Variable Initialization - (453)
Weakness VariantWeakness Variant Insecure Inherited Permissions - (277)
Weakness VariantWeakness Variant Insecure Preserved Inherited Permissions - (278)
Weakness ClassWeakness Class Insecure Storage of Sensitive Information - (922)
Weakness BaseWeakness Base Insecure Temporary File - (377)
Weakness BaseWeakness Base Insufficient Compartmentalization - (653)
Weakness ClassWeakness Class Insufficient Control Flow Management - (691)
Weakness BaseWeakness Base Insufficient Control of Network Message Volume (Network Amplification) - (406)
Weakness ClassWeakness Class Insufficient Encapsulation - (485)
Weakness BaseWeakness Base Insufficient Entropy - (331)
Weakness VariantWeakness Variant Insufficient Entropy in PRNG - (332)
Weakness BaseWeakness Base Insufficient Psychological Acceptability - (655)
Weakness BaseWeakness Base Insufficient Resource Pool - (410)
Weakness BaseWeakness Base Insufficient Session Expiration - (613)
Weakness BaseWeakness Base Insufficient UI Warning of Dangerous Operations - (357)
Weakness ClassWeakness Class Insufficient Verification of Data Authenticity - (345)
Weakness BaseWeakness Base Insufficiently Protected Credentials - (522)
Weakness BaseWeakness Base Intentional Information Exposure - (213)
Weakness ClassWeakness Class Interaction Error - (435)
Weakness BaseWeakness Base Interpretation Conflict - (436)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Management of Connections - (245)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Sockets - (246)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Threads - (383)
Weakness VariantWeakness Variant J2EE Bad Practices: Non-serializable Object Stored in Session - (579)
Weakness VariantWeakness Variant J2EE Framework: Saving Unserializable Objects to Disk - (594)
Weakness VariantWeakness Variant J2EE Misconfiguration: Entity Bean Declared Remote - (8)
Weakness VariantWeakness Variant J2EE Misconfiguration: Insufficient Session-ID Length - (6)
Weakness VariantWeakness Variant J2EE Misconfiguration: Missing Custom Error Page - (7)
Weakness VariantWeakness Variant J2EE Misconfiguration: Plaintext Password in Configuration File - (555)
Weakness VariantWeakness Variant J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)
Weakness BaseWeakness Base Key Exchange without Entity Authentication - (322)
Weakness ClassWeakness Class Lack of Administrator Control over Security - (671)
Weakness BaseWeakness Base Least Privilege Violation - (272)
Weakness BaseWeakness Base Logic/Time Bomb - (511)
Weakness BaseWeakness Base Misinterpretation of Input - (115)
Weakness VariantWeakness Variant Missing Authentication for Critical Function - (306)
Weakness ClassWeakness Class Missing Authorization - (862)
Weakness BaseWeakness Base Missing Check for Certificate Revocation after Initial Check - (370)
Weakness BaseWeakness Base Missing Critical Step in Authentication - (304)
Weakness BaseWeakness Base Missing Encryption of Sensitive Data - (311)
Weakness BaseWeakness Base Missing Lock Check - (414)
Weakness BaseWeakness Base Missing Reference to Active Allocated Resource - (771)
Weakness VariantWeakness Variant Missing Reference to Active File Descriptor or Handle - (773)
Weakness BaseWeakness Base Missing Release of Resource after Effective Lifetime - (772)
Weakness BaseWeakness Base Missing Report of Error Condition - (392)
Weakness BaseWeakness Base Missing Required Cryptographic Step - (325)
Weakness BaseWeakness Base Missing Standardized Error Handling Mechanism - (544)
Weakness BaseWeakness Base Missing Support for Integrity Check - (353)
Weakness VariantWeakness Variant Missing Validation of OpenSSL Certificate - (599)
Weakness BaseWeakness Base Modification of Assumed-Immutable Data (MAID) - (471)
Weakness BaseWeakness Base Multiple Binds to the Same Port - (605)
Weakness BaseWeakness Base Multiple Interpretations of UI Input - (450)
Weakness VariantWeakness Variant Multiple Locks of a Critical Resource - (764)
Weakness VariantWeakness Variant .NET Misconfiguration: Use of Impersonation - (520)
Weakness BaseWeakness Base Non-exit on Failed Initialization - (455)
Weakness ClassWeakness Class Not Failing Securely ('Failing Open') - (636)
Weakness VariantWeakness Variant Not Using a Random IV with CBC Mode - (329)
Weakness ClassWeakness Class Not Using Complete Mediation - (638)
Weakness VariantWeakness Variant Not Using Password Aging - (262)
Weakness BaseWeakness Base Obscured Security-relevant Information by Alternate Name - (224)
Weakness BaseWeakness Base Omission of Security-relevant Information - (223)
Weakness BaseWeakness Base Operation on a Resource after Expiration or Release - (672)
Weakness BaseWeakness Base Origin Validation Error - (346)
Weakness VariantWeakness Variant Overly Permissive Cross-domain Whitelist - (942)
Weakness BaseWeakness Base Overly Restrictive Account Lockout Mechanism - (645)
Weakness BaseWeakness Base Password Aging with Long Expiration - (263)
Weakness VariantWeakness Variant Password in Configuration File - (260)
Weakness VariantWeakness Variant Path Traversal: '../filedir' - (24)
Weakness VariantWeakness Variant Plaintext Storage of a Password - (256)
Weakness ClassWeakness Class Predictability Problems - (340)
Weakness BaseWeakness Base Predictable Exact Value from Previous Values - (342)
Weakness BaseWeakness Base Predictable from Observable State - (341)
Weakness BaseWeakness Base Predictable Seed in PRNG - (337)
Weakness BaseWeakness Base Predictable Value Range from Previous Values - (343)
Weakness BaseWeakness Base Privilege Chaining - (268)
Weakness BaseWeakness Base Privilege Context Switching Error - (270)
Weakness BaseWeakness Base Privilege Defined With Unsafe Actions - (267)
Weakness ClassWeakness Class Privilege Dropping / Lowering Errors - (271)
Weakness ClassWeakness Class PRNG Seed Error - (335)
Weakness BaseWeakness Base Product UI does not Warn User of Unsafe Actions - (356)
Weakness ClassWeakness Class Protection Mechanism Failure - (693)
Weakness BaseWeakness Base Race Condition During Access to Alternate Channel - (421)
Weakness BaseWeakness Base Race Condition Enabling Link Following - (363)
Weakness BaseWeakness Base Race Condition within a Thread - (366)
Weakness VariantWeakness Variant Reflection Attack in an Authentication Protocol - (301)
Weakness BaseWeakness Base Reliance on a Single Factor in a Security Decision - (654)
Weakness BaseWeakness Base Reliance on Cookies without Validation and Integrity Checking - (565)
Weakness VariantWeakness Variant Reliance on Cookies without Validation and Integrity Checking in a Security Decision - (784)
Weakness BaseWeakness Base Reliance on Data/Memory Layout - (188)
Weakness VariantWeakness Variant Reliance on File Name or Extension of Externally-Supplied File - (646)
Weakness VariantWeakness Variant Reliance on IP Address for Authentication - (291)
Weakness BaseWeakness Base Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)
Weakness VariantWeakness Variant Reliance on Reverse DNS Resolution for a Security-Critical Action - (350)
Weakness BaseWeakness Base Reliance on Security Through Obscurity - (656)
Weakness BaseWeakness Base Reliance on Untrusted Inputs in a Security Decision - (807)
Weakness BaseWeakness Base Response Discrepancy Information Exposure - (204)
Weakness BaseWeakness Base Return of Pointer Value Outside of Expected Range - (466)
Weakness BaseWeakness Base Return of Wrong Status Code - (393)
Weakness BaseWeakness Base Reusing a Nonce, Key Pair in Encryption - (323)
Weakness BaseWeakness Base Reversible One-Way Hash - (328)
Weakness BaseWeakness Base Same Seed in PRNG - (336)
Weakness VariantWeakness Variant Sensitive Cookie Without 'HttpOnly' Flag - (1004)
Weakness VariantWeakness Variant Sensitive Data Under FTP Root - (220)
Weakness BaseWeakness Base Sensitive Information Uncleared Before Release - (226)
Weakness BaseWeakness Base Server-Side Request Forgery (SSRF) - (918)
Compound Element: CompositeCompound Element: Composite Session Fixation - (384)
Weakness BaseWeakness Base Signal Handler Race Condition - (364)
Weakness VariantWeakness Variant Signal Handler Use of a Non-reentrant Function - (479)
Weakness BaseWeakness Base Small Seed Space in PRNG - (339)
Weakness BaseWeakness Base Small Space of Random Values - (334)
Weakness BaseWeakness Base Spyware - (512)
Weakness VariantWeakness Variant SQL Injection: Hibernate - (564)
Weakness VariantWeakness Variant Stack-based Buffer Overflow - (121)
Weakness BaseWeakness Base Storage of Sensitive Data in a Mechanism without Access Control - (921)
Weakness BaseWeakness Base Storing Passwords in a Recoverable Format - (257)
Weakness BaseWeakness Base Symbolic Name not Mapping to Correct Object - (386)
CategoryCategory Technology-Specific Input Validation Problems - (100)
Weakness ClassWeakness Class Transmission of Private Resources into a New Sphere ('Resource Leak') - (402)
Weakness BaseWeakness Base Trapdoor - (510)
Weakness BaseWeakness Base Truncation of Security-relevant Information - (222)
Weakness BaseWeakness Base Trust Boundary Violation - (501)
Weakness BaseWeakness Base Trust of System Event Data - (360)
Weakness VariantWeakness Variant Trusting HTTP Permission Methods on the Server Side - (650)
Weakness BaseWeakness Base UI Discrepancy for Security Feature - (446)
Weakness BaseWeakness Base Unchecked Error Condition - (391)
Weakness VariantWeakness Variant Uncontrolled Memory Allocation - (789)
Weakness BaseWeakness Base Uncontrolled Recursion - (674)
Weakness BaseWeakness Base Uncontrolled Resource Consumption ('Resource Exhaustion') - (400)
Weakness BaseWeakness Base Undefined Behavior for Input to API - (475)
Weakness BaseWeakness Base Unexpected Status Code or Return Value - (394)
Weakness BaseWeakness Base Unimplemented or Unsupported Feature in UI - (447)
Weakness ClassWeakness Class Unintended Proxy or Intermediary ('Confused Deputy') - (441)
Weakness ClassWeakness Class Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') - (637)
Weakness BaseWeakness Base Unprotected Alternate Channel - (420)
Weakness BaseWeakness Base Unprotected Primary Channel - (419)
Weakness VariantWeakness Variant Unprotected Transport of Credentials - (523)
Weakness VariantWeakness Variant Unprotected Windows Messaging Channel ('Shatter') - (422)
Weakness BaseWeakness Base Unrestricted Externally Accessible Lock - (412)
Weakness BaseWeakness Base Unrestricted Upload of File with Dangerous Type - (434)
Weakness VariantWeakness Variant Unsafe ActiveX Control Marked Safe For Scripting - (623)
Weakness BaseWeakness Base Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
Compound Element: CompositeCompound Element: Composite Untrusted Search Path - (426)
Weakness BaseWeakness Base Unverified Ownership - (283)
Weakness VariantWeakness Variant Unverified Password Change - (620)
Weakness VariantWeakness Variant URL Redirection to Untrusted Site ('Open Redirect') - (601)
Weakness BaseWeakness Base Use After Free - (416)
Weakness BaseWeakness Base Use of a Broken or Risky Cryptographic Algorithm - (327)
Weakness BaseWeakness Base Use of a Key Past its Expiration Date - (324)
Weakness BaseWeakness Base Use of a Non-reentrant Function in a Concurrent Context - (663)
Weakness BaseWeakness Base Use of Client-Side Authentication - (603)
Weakness BaseWeakness Base Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
Weakness BaseWeakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
Weakness BaseWeakness Base Use of Function with Inconsistent Implementations - (474)
Weakness BaseWeakness Base Use of Hard-coded Credentials - (798)
Weakness BaseWeakness Base Use of Hard-coded Cryptographic Key - (321)
Weakness BaseWeakness Base Use of Hard-coded Password - (259)
Weakness VariantWeakness Variant Use of Implicit Intent for Sensitive Communication - (927)
Weakness BaseWeakness Base Use of Incorrect Byte Ordering - (198)
Weakness ClassWeakness Class Use of Incorrectly-Resolved Name or Reference - (706)
Weakness ClassWeakness Class Use of Insufficiently Random Values - (330)
Weakness BaseWeakness Base Use of Invariant Value in Dynamically Changing Context - (344)
Weakness BaseWeakness Base Use of Less Trusted Source - (348)
Weakness BaseWeakness Base Use of Low-Level Functionality - (695)
Weakness BaseWeakness Base Use of Multiple Resources with Duplicate Identifier - (694)
Weakness VariantWeakness Variant Use of Non-Canonical URL Paths for Authorization Decisions - (647)
Weakness BaseWeakness Base Use of Password Hash With Insufficient Computational Effort - (916)
Weakness BaseWeakness Base Use of Password System for Primary Authentication - (309)
Weakness BaseWeakness Base Use of Potentially Dangerous Function - (676)
Weakness VariantWeakness Variant Use of RSA Algorithm without OAEP - (780)
Weakness BaseWeakness Base Use of Single-factor Authentication - (308)
Weakness BaseWeakness Base User Interface (UI) Misrepresentation of Critical Information - (451)
Weakness VariantWeakness Variant Using Referer Field for Authentication - (293)
Weakness ClassWeakness Class Violation of Secure Design Principles - (657)
Weakness VariantWeakness Variant Weak Cryptography for Passwords - (261)
Weakness BaseWeakness Base Weak Password Recovery Mechanism for Forgotten Password - (640)
Weakness BaseWeakness Base Weak Password Requirements - (521)
Weakness BaseWeakness Base XML Injection (aka Blind XPath Injection) - (91)
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2009-02-10
(Critical)
CWE Content TeamMITREInternal
Updated the View_Filter to reflect new structure in CWE Schema v4.2
2009-03-10CWE Content TeamMITREInternal
updated View_Filter
2017-01-19CWE Content TeamMITREInternal
updated Relationships
+ View Metrics
CWEs in this viewTotal CWEs
Total382out of1006
Views0out of33
Categories3out of245
Weaknesses376out of720
Compound_Elements3out of8

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
Privacy policy
Terms of use
Contact us