Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE VIEW: CWE Cross-section

View ID: 884
Type: Explicit
Status: Incomplete
Downloads: Booklet | CSV | XML
+ Objective
This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful to most audiences. It can be used by researchers to determine how broad their theories, models, or tools are. It will also be used by the CWE content team in 2012 to focus quality improvement efforts for individual CWE entries.
+ Membership
HasMemberBaseBase14Compiler Removal of Code to Clear Buffers
HasMemberClassClass22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberBaseBase23Relative Path Traversal
HasMemberBaseBase36Absolute Path Traversal
HasMemberBaseBase41Improper Resolution of Path Equivalence
HasMemberBaseBase59Improper Link Resolution Before File Access ('Link Following')
HasMemberBaseBase78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberBaseBase79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberBaseBase88Argument Injection or Modification
HasMemberBaseBase89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberBaseBase90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMemberClassClass94Improper Control of Generation of Code ('Code Injection')
HasMemberBaseBase95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMemberBaseBase96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
HasMemberBaseBase99Improper Control of Resource Identifiers ('Resource Injection')
HasMemberBaseBase113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
HasMemberBaseBase117Improper Output Neutralization for Logs
HasMemberBaseBase120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberBaseBase129Improper Validation of Array Index
HasMemberBaseBase131Incorrect Calculation of Buffer Size
HasMemberBaseBase134Use of Externally-Controlled Format String
HasMemberBaseBase135Incorrect Calculation of Multi-Byte String Length
HasMemberBaseBase170Improper Null Termination
HasMemberVariantVariant173Improper Handling of Alternate Encoding
HasMemberVariantVariant174Double Decoding of the Same Data
HasMemberVariantVariant175Improper Handling of Mixed Encoding
HasMemberBaseBase179Incorrect Behavior Order: Early Validation
HasMemberClassClass185Incorrect Regular Expression
HasMemberBaseBase190Integer Overflow or Wraparound
HasMemberBaseBase191Integer Underflow (Wrap or Wraparound)
HasMemberBaseBase193Off-by-one Error
HasMemberClassClass203Information Exposure Through Discrepancy
HasMemberBaseBase209Information Exposure Through an Error Message
HasMemberBaseBase212Improper Cross-boundary Removal of Sensitive Data
HasMemberBaseBase222Truncation of Security-relevant Information
HasMemberBaseBase223Omission of Security-relevant Information
HasMemberClassClass228Improper Handling of Syntactically Invalid Structure
HasMemberVariantVariant244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberBaseBase248Uncaught Exception
HasMemberClassClass250Execution with Unnecessary Privileges
HasMemberBaseBase252Unchecked Return Value
HasMemberBaseBase253Incorrect Check of Function Return Value
HasMemberVariantVariant262Not Using Password Aging
HasMemberBaseBase263Password Aging with Long Expiration
HasMemberBaseBase266Incorrect Privilege Assignment
HasMemberBaseBase267Privilege Defined With Unsafe Actions
HasMemberBaseBase268Privilege Chaining
HasMemberBaseBase270Privilege Context Switching Error
HasMemberClassClass271Privilege Dropping / Lowering Errors
HasMemberBaseBase273Improper Check for Dropped Privileges
HasMemberBaseBase283Unverified Ownership
HasMemberBaseBase290Authentication Bypass by Spoofing
HasMemberBaseBase294Authentication Bypass by Capture-replay
HasMemberBaseBase296Improper Following of a Certificate's Chain of Trust
HasMemberBaseBase299Improper Check for Certificate Revocation
HasMemberClassClass300Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
HasMemberVariantVariant301Reflection Attack in an Authentication Protocol
HasMemberBaseBase304Missing Critical Step in Authentication
HasMemberVariantVariant306Missing Authentication for Critical Function
HasMemberBaseBase307Improper Restriction of Excessive Authentication Attempts
HasMemberBaseBase308Use of Single-factor Authentication
HasMemberBaseBase312Cleartext Storage of Sensitive Information
HasMemberBaseBase319Cleartext Transmission of Sensitive Information
HasMemberBaseBase322Key Exchange without Entity Authentication
HasMemberBaseBase323Reusing a Nonce, Key Pair in Encryption
HasMemberBaseBase325Missing Required Cryptographic Step
HasMemberBaseBase327Use of a Broken or Risky Cryptographic Algorithm
HasMemberBaseBase331Insufficient Entropy
HasMemberBaseBase334Small Space of Random Values
HasMemberBaseBase335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HasMemberBaseBase341Predictable from Observable State
HasMemberBaseBase347Improper Verification of Cryptographic Signature
HasMemberBaseBase348Use of Less Trusted Source
HasMemberBaseBase349Acceptance of Extraneous Untrusted Data With Trusted Data
HasMemberCompositeComposite352Cross-Site Request Forgery (CSRF)
HasMemberBaseBase353Missing Support for Integrity Check
HasMemberBaseBase354Improper Validation of Integrity Check Value
HasMemberBaseBase364Signal Handler Race Condition
HasMemberBaseBase367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberBaseBase369Divide By Zero
HasMemberClassClass390Detection of Error Condition Without Action
HasMemberBaseBase392Missing Report of Error Condition
HasMemberBaseBase393Return of Wrong Status Code
HasMemberBaseBase400Uncontrolled Resource Consumption ('Resource Exhaustion')
HasMemberBaseBase406Insufficient Control of Network Message Volume (Network Amplification)
HasMemberBaseBase407Algorithmic Complexity
HasMemberBaseBase408Incorrect Behavior Order: Early Amplification
HasMemberBaseBase409Improper Handling of Highly Compressed Data (Data Amplification)
HasMemberBaseBase434Unrestricted Upload of File with Dangerous Type
HasMemberBaseBase444Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
HasMemberClassClass451User Interface (UI) Misrepresentation of Critical Information
HasMemberBaseBase453Insecure Default Variable Initialization
HasMemberBaseBase454External Initialization of Trusted Variables or Data Stores
HasMemberBaseBase455Non-exit on Failed Initialization
HasMemberBaseBase456Missing Initialization of a Variable
HasMemberVariantVariant467Use of sizeof() on a Pointer Type
HasMemberBaseBase468Incorrect Pointer Scaling
HasMemberBaseBase469Use of Pointer Subtraction to Determine Size
HasMemberBaseBase470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberBaseBase476NULL Pointer Dereference
HasMemberVariantVariant478Missing Default Case in Switch Statement
HasMemberBaseBase480Use of Incorrect Operator
HasMemberVariantVariant483Incorrect Block Delimitation
HasMemberBaseBase484Omitted Break Statement in Switch
HasMemberVariantVariant486Comparison of Classes by Name
HasMemberBaseBase494Download of Code Without Integrity Check
HasMemberVariantVariant495Private Array-Typed Field Returned From A Public Method
HasMemberVariantVariant496Public Data Assigned to Private Array-Typed Field
HasMemberVariantVariant498Cloneable Class Containing Sensitive Information
HasMemberVariantVariant499Serializable Class Containing Sensitive Data
HasMemberVariantVariant502Deserialization of Untrusted Data
HasMemberBaseBase521Weak Password Requirements
HasMemberBaseBase522Insufficiently Protected Credentials
HasMemberVariantVariant546Suspicious Comment
HasMemberVariantVariant547Use of Hard-coded, Security-relevant Constants
HasMemberVariantVariant561Dead Code
HasMemberVariantVariant563Assignment to Variable without Use
HasMemberBaseBase567Unsynchronized Access to Shared Data in a Multithreaded Context
HasMemberBaseBase587Assignment of a Fixed Address to a Pointer
HasMemberBaseBase595Comparison of Object References Instead of Object Contents
HasMemberVariantVariant601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberBaseBase602Client-Side Enforcement of Server-Side Security
HasMemberBaseBase605Multiple Binds to the Same Port
HasMemberVariantVariant617Reachable Assertion
HasMemberBaseBase621Variable Extraction Error
HasMemberBaseBase627Dynamic Variable Evaluation
HasMemberBaseBase628Function Call with Incorrectly Specified Arguments
HasMemberClassClass642External Control of Critical State Data
HasMemberBaseBase648Incorrect Use of Privileged APIs
HasMemberBaseBase667Improper Locking
HasMemberBaseBase672Operation on a Resource after Expiration or Release
HasMemberBaseBase674Uncontrolled Recursion
HasMemberBaseBase676Use of Potentially Dangerous Function
HasMemberClassClass681Incorrect Conversion between Numeric Types
HasMemberBaseBase698Execution After Redirect (EAR)
HasMemberBaseBase708Incorrect Ownership Assignment
HasMemberClassClass732Incorrect Permission Assignment for Critical Resource
HasMemberClassClass756Missing Custom Error Page
HasMemberBaseBase763Release of Invalid Pointer or Reference
HasMemberBaseBase770Allocation of Resources Without Limits or Throttling
HasMemberBaseBase772Missing Release of Resource after Effective Lifetime
HasMemberVariantVariant783Operator Precedence Logic Error
HasMemberBaseBase786Access of Memory Location Before Start of Buffer
HasMemberBaseBase788Access of Memory Location After End of Buffer
HasMemberBaseBase798Use of Hard-coded Credentials
HasMemberBaseBase805Buffer Access with Incorrect Length Value
HasMemberBaseBase807Reliance on Untrusted Inputs in a Security Decision
HasMemberBaseBase822Untrusted Pointer Dereference
HasMemberBaseBase825Expired Pointer Dereference
HasMemberClassClass829Inclusion of Functionality from Untrusted Control Sphere
HasMemberBaseBase835Loop with Unreachable Exit Condition ('Infinite Loop')
HasMemberBaseBase838Inappropriate Encoding for Output Context
HasMemberBaseBase839Numeric Range Comparison Without Minimum Check
HasMemberBaseBase841Improper Enforcement of Behavioral Workflow
HasMemberClassClass862Missing Authorization
HasMemberClassClass863Incorrect Authorization
+ View Metrics
CWEs in this viewTotal CWEs
Weaknesses157out of 714
Categories0out of 237
Views0out of 31
Total157out of982
+ Content History
Submission DateSubmitterOrganization
2011-12-15CWE Content TeamMITRE
Modification DateModifierOrganization
2017-05-03CWE Content TeamMITRE
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018