CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE CATEGORY: OWASP Top Ten 2013 Category A4 - Insecure Direct Object References

Category ID: 932
Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A4 category in the OWASP Top Ten 2013.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Weaknesses in OWASP Top Ten (2013) (primary)928
ParentOfWeakness BaseWeakness Base639Authorization Bypass Through User-Controlled Key
Weaknesses in OWASP Top Ten (2013) (primary)928
MemberOfViewView928Weaknesses in OWASP Top Ten (2013)
Weaknesses in OWASP Top Ten (2013) (primary)928
+ References
OWASP. "Top 10 2013-A4-Insecure Direct Object References". <https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References>.
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2013-07-16MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2014-06-23CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017