BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Absolute Path Traversal - (36)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Acceptance of Extraneous Untrusted Data With Trusted Data - (349)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Access to Critical Private Variable via Public Method - (767)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Addition of Data Structure Sentinel - (464)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Algorithmic Complexity - (407)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Allocation of File Descriptors or Handles Without Limits or Throttling - (774)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Allocation of Resources Without Limits or Throttling - (770)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Always-Incorrect Control Flow Implementation - (670)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Architecture with Number of Horizontal Layers Outside of Expected Range - (1044)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Argument Injection or Modification - (88)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. ASP.NET Misconfiguration: Improper Model Validation - (1174)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. ASP.NET Misconfiguration: Not Using Input Validation Framework - (554)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. ASP.NET Misconfiguration: Password in Configuration File - (13)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Assignment of a Fixed Address to a Pointer - (587)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Asymmetric Resource Consumption (Amplification) - (405)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Attempt to Access Child of a Non-structure Pointer - (588)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Authentication Bypass by Alternate Name - (289)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Authentication Bypass by Assumed-Immutable Data - (302)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Authentication Bypass by Capture-replay - (294)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Authentication Bypass by Primary Weakness - (305)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Authentication Bypass by Spoofing - (290)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Authentication Bypass Using an Alternate Path or Channel - (288)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created - (593)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Authorization Bypass Through User-Controlled Key - (639)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Authorization Bypass Through User-Controlled SQL Primary Key - (566)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations - (1039)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Behavioral Change in New Version or Environment - (439)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Buffer Underwrite ('Buffer Underflow') - (124)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Call to Non-ubiquitous API - (589)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Channel Accessible by Non-Endpoint ('Man-in-the-Middle') - (300)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage in a File or on Disk - (313)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage in the Registry - (314)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage of Sensitive Information - (312)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage of Sensitive Information in a Cookie - (315)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage of Sensitive Information in Executable - (318)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage of Sensitive Information in GUI - (317)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Storage of Sensitive Information in Memory - (316)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Cleartext Transmission of Sensitive Information - (319)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Client-Side Enforcement of Server-Side Security - (602)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Containment Errors (Container Errors) - (216)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Context Switching Race Condition - (368)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Covert Timing Channel - (385)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Creation of Temporary File in Directory with Incorrect Permissions - (379)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Creation of Temporary File With Insecure Permissions - (378)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Critical Data Element Declared Public - (766)
CompositeComposite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. Cross-Site Request Forgery (CSRF) - (352)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Dangerous Signal Handler not Disabled During Sensitive Operations - (432)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Declaration of Catch for Generic Exception - (396)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Declaration of Throws for Generic Exception - (397)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Deletion of Data Structure Sentinel - (463)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Deserialization of Untrusted Data - (502)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Detection of Error Condition Without Action - (390)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Direct Request ('Forced Browsing') - (425)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Double Free - (415)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Download of Code Without Integrity Check - (494)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Duplicate Key in Associative List (Alist) - (462)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. EJB Bad Practices: Use of AWT Swing - (575)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. EJB Bad Practices: Use of Class Loader - (578)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. EJB Bad Practices: Use of Java I/O - (576)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. EJB Bad Practices: Use of Sockets - (577)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. EJB Bad Practices: Use of Synchronization Primitives - (574)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Empty Password in Configuration File - (258)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Execution with Unnecessary Privileges - (250)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Expected Behavior Violation - (440)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Exposed Dangerous Method or Function - (749)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Exposed IOCTL with Insufficient Access Control - (782)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Exposed Unsafe ActiveX Method - (618)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') - (403)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Exposure of Private Information ('Privacy Violation') - (359)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Exposure of Resource to Wrong Sphere - (668)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Exposure of Sensitive Data Through Data Queries - (202)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. External Control of Critical State Data - (642)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. External Control of File Name or Path - (73)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. External Influence of Sphere Definition - (673)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. External Initialization of Trusted Variables or Data Stores - (454)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Externally Controlled Reference to a Resource in Another Sphere - (610)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Failure to Handle Incomplete Element - (239)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Failure to Handle Missing Parameter - (234)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) - (75)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Guessable CAPTCHA - (804)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Heap-based Buffer Overflow - (122)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Hidden Functionality - (912)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Access Control - (284)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code - (781)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Adherence to Coding Standards - (710)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Authentication - (287)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Authorization - (285)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Certificate Validation - (295)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Check for Certificate Revocation - (299)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Check for Dropped Privileges - (273)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Check or Handling of Exceptional Conditions - (703)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Control of Dynamically-Identified Variables - (914)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Control of Dynamically-Managed Code Resources - (913)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') - (98)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Control of Generation of Code ('Code Injection') - (94)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Control of Interaction Frequency - (799)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Control of Resource Identifiers ('Resource Injection') - (99)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Cross-boundary Removal of Sensitive Data - (212)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Encoding or Escaping of Output - (116)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Enforcement of Message Integrity During Transmission in a Communication Channel - (924)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Enforcement of Message or Data Structure - (707)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Export of Android Application Components - (926)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Following of a Certificate's Chain of Trust - (296)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Apple HFS+ Alternate Data Stream Path - (72)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of File Names that Identify Virtual Resources - (66)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Highly Compressed Data (Data Amplification) - (409)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Incomplete Structural Elements - (238)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Inconsistent Structural Elements - (240)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Insufficient Entropy in TRNG - (333)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Insufficient Permissions or Privileges - (280)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Insufficient Privileges - (274)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Length Parameter Inconsistency - (130)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Parameters - (233)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Handling of Syntactically Invalid Structure - (228)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Undefined Parameters - (236)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Undefined Values - (232)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Unexpected Data Type - (241)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Handling of Values - (229)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Windows ::DATA Alternate Data Stream - (69)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Handling of Windows Device Names - (67)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Input Validation - (20)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Interaction Between Multiple Correctly-Behaving Entities - (435)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') - (22)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Locking - (667)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of CRLF Sequences ('CRLF Injection') - (93)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') - (96)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Neutralization of Encoded URI Schemes in a Web Page - (84)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Equivalent Special Elements - (76)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Neutralization of HTTP Headers for Scripting Syntax - (644)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') - (79)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Neutralization of Server-Side Includes (SSI) Within a Web Page - (97)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') - (74)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Neutralization of Special Elements used in a Command ('Command Injection') - (77)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') - (90)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') - (78)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') - (89)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Ownership Management - (282)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Preservation of Permissions - (281)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Privilege Management - (269)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Protection of Alternate Path - (424)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Release of Memory Before Removing Last Reference - (401)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Resource Locking - (413)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Resource Shutdown or Release - (404)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Restriction of Communication Channel to Intended Endpoints - (923)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Restriction of Excessive Authentication Attempts - (307)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Restriction of Names for Files and Other Resources - (641)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Improper Restriction of Operations within the Bounds of a Memory Buffer - (119)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Restriction of Power Consumption - (920)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Synchronization - (662)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Use of Validation Framework - (1173)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Validation of Certificate Expiration - (298)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Validation of Certificate with Host Mismatch - (297)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Validation of Integrity Check Value - (354)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Verification of Cryptographic Signature - (347)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Improper Verification of Intent by Broadcast Receiver - (925)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improper Verification of Source of a Communication Channel - (940)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improperly Controlled Modification of Dynamically-Determined Object Attributes - (915)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Improperly Implemented Security Check for Standard - (358)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Inadequate Encryption Strength - (326)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incomplete Blacklist - (184)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incomplete Cleanup - (459)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incomplete Internal State Distinction - (372)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incomplete Model of Endpoint Features - (437)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Inconsistency Between Implementation and Documented Design - (1068)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') - (444)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Access of Indexable Resource ('Range Error') - (118)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Authorization - (863)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Behavior Order - (696)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrect Behavior Order: Early Amplification - (408)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Calculation - (682)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Control Flow Scoping - (705)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Incorrect Default Permissions - (276)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Incorrect Execution-Assigned Permissions - (279)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrect Ownership Assignment - (708)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Permission Assignment for Critical Resource - (732)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrect Privilege Assignment - (266)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Resource Transfer Between Spheres - (669)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect Type Conversion or Cast - (704)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) - (335)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrect Use of Privileged APIs - (648)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Incorrect User Management - (286)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Incorrectly Specified Destination in a Communication Channel - (941)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Information Exposure - (200)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure of Internal State Through Behavioral Inconsistency - (206)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Information Exposure Through an Error Message - (209)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through an External Behavioral Inconsistency - (207)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Information Exposure Through Behavioral Discrepancy - (205)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Debug Information - (215)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Information Exposure Through Discrepancy - (203)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Environmental Variables - (526)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Information Exposure Through Externally-Generated Error Message - (211)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Indexing of Private Data - (612)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Log Files - (532)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Persistent Cookies - (539)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Process Environment - (214)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Query Strings in GET Request - (598)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Information Exposure Through Self-generated Error Message - (210)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through Shell Error Message - (535)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Information Exposure Through Timing Discrepancy - (208)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Information Exposure Through WSDL File - (651)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Information Loss or Omission - (221)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Insecure Automated Optimizations - (1038)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insecure Default Variable Initialization - (453)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Insecure Inherited Permissions - (277)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Insecure Preserved Inherited Permissions - (278)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Insecure Storage of Sensitive Information - (922)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insecure Temporary File - (377)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Compartmentalization - (653)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Insufficient Control Flow Management - (691)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Control of Network Message Volume (Network Amplification) - (406)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Entropy - (331)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Insufficient Entropy in PRNG - (332)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Psychological Acceptability - (655)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Resource Pool - (410)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Session Expiration - (613)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient UI Warning of Dangerous Operations - (357)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Insufficient Verification of Data Authenticity - (345)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficient Visual Distinction of Homoglyphs Presented to User - (1007)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Insufficiently Protected Credentials - (522)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Intentional Information Exposure - (213)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Interpretation Conflict - (436)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Bad Practices: Direct Management of Connections - (245)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Bad Practices: Direct Use of Sockets - (246)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Bad Practices: Direct Use of Threads - (383)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Bad Practices: Non-serializable Object Stored in Session - (579)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Framework: Saving Unserializable Objects to Disk - (594)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Misconfiguration: Entity Bean Declared Remote - (8)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Misconfiguration: Insufficient Session-ID Length - (6)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Misconfiguration: Missing Custom Error Page - (7)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Misconfiguration: Plaintext Password in Configuration File - (555)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. J2EE Misconfiguration: Weak Access Permissions for EJB Methods - (9)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Key Exchange without Entity Authentication - (322)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Lack of Administrator Control over Security - (671)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Least Privilege Violation - (272)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Logic/Time Bomb - (511)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Misinterpretation of Input - (115)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Missing Authentication for Critical Function - (306)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Missing Authorization - (862)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Missing Check for Certificate Revocation after Initial Check - (370)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Critical Step in Authentication - (304)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Encryption of Sensitive Data - (311)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Lock Check - (414)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Reference to Active Allocated Resource - (771)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Missing Reference to Active File Descriptor or Handle - (773)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Release of Resource after Effective Lifetime - (772)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Report of Error Condition - (392)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Required Cryptographic Step - (325)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Standardized Error Handling Mechanism - (544)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Missing Support for Integrity Check - (353)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Missing Validation of OpenSSL Certificate - (599)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Modification of Assumed-Immutable Data (MAID) - (471)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Multiple Binds to the Same Port - (605)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Multiple Interpretations of UI Input - (450)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Multiple Locks of a Critical Resource - (764)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. .NET Misconfiguration: Use of Impersonation - (520)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Non-exit on Failed Initialization - (455)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Not Failing Securely ('Failing Open') - (636)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Not Using a Random IV with CBC Mode - (329)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Not Using Complete Mediation - (638)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Not Using Password Aging - (262)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Obscured Security-relevant Information by Alternate Name - (224)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Omission of Security-relevant Information - (223)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Operation on a Resource after Expiration or Release - (672)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Origin Validation Error - (346)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Overly Permissive Cross-domain Whitelist - (942)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Overly Restrictive Account Lockout Mechanism - (645)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Password Aging with Long Expiration - (263)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Password in Configuration File - (260)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Path Traversal: '../filedir' - (24)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Predictability Problems - (340)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Predictable Exact Value from Previous Values - (342)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Predictable from Observable State - (341)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Predictable Seed in Pseudo-Random Number Generator (PRNG) - (337)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Predictable Value Range from Previous Values - (343)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Privilege Chaining - (268)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Privilege Context Switching Error - (270)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Privilege Defined With Unsafe Actions - (267)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Privilege Dropping / Lowering Errors - (271)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Processor Optimization Removal or Modification of Security-critical Code - (1037)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Product UI does not Warn User of Unsafe Actions - (356)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Protection Mechanism Failure - (693)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Race Condition During Access to Alternate Channel - (421)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Race Condition Enabling Link Following - (363)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Race Condition within a Thread - (366)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Reflection Attack in an Authentication Protocol - (301)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on a Single Factor in a Security Decision - (654)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on Cookies without Validation and Integrity Checking - (565)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Reliance on Cookies without Validation and Integrity Checking in a Security Decision - (784)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on Data/Memory Layout - (188)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Reliance on File Name or Extension of Externally-Supplied File - (646)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Reliance on IP Address for Authentication - (291)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking - (649)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Reliance on Reverse DNS Resolution for a Security-Critical Action - (350)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on Security Through Obscurity - (656)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reliance on Untrusted Inputs in a Security Decision - (807)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Response Discrepancy Information Exposure - (204)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Return of Pointer Value Outside of Expected Range - (466)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Return of Wrong Status Code - (393)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reusing a Nonce, Key Pair in Encryption - (323)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Reversible One-Way Hash - (328)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Same Seed in Pseudo-Random Number Generator (PRNG) - (336)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') - (757)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Sensitive Cookie Without 'HttpOnly' Flag - (1004)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Sensitive Data Under FTP Root - (220)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Sensitive Information Uncleared Before Release - (226)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Server-Side Request Forgery (SSRF) - (918)
CompositeComposite - a Compound Element that consists of two or more distinct weaknesses, in which all weaknesses must be present at the same time in order for a potential vulnerability to arise. Removing any of the weaknesses eliminates or sharply reduces the risk. One weakness, X, can be "broken down" into component weaknesses Y and Z. There can be cases in which one weakness might not be essential to a composite, but changes the nature of the composite when it becomes a vulnerability. Session Fixation - (384)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Signal Handler Race Condition - (364)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Signal Handler Use of a Non-reentrant Function - (479)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Small Seed Space in PRNG - (339)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Small Space of Random Values - (334)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Spyware - (512)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. SQL Injection: Hibernate - (564)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Stack-based Buffer Overflow - (121)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Storage of Sensitive Data in a Mechanism without Access Control - (921)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Storing Passwords in a Recoverable Format - (257)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Symbolic Name not Mapping to Correct Object - (386)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Transmission of Private Resources into a New Sphere ('Resource Leak') - (402)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Trapdoor - (510)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Truncation of Security-relevant Information - (222)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Trust Boundary Violation - (501)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Trust of System Event Data - (360)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Trusting HTTP Permission Methods on the Server Side - (650)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. UI Discrepancy for Security Feature - (446)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unchecked Error Condition - (391)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Uncontrolled Memory Allocation - (789)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Uncontrolled Recursion - (674)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Uncontrolled Resource Consumption - (400)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Undefined Behavior for Input to API - (475)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unexpected Status Code or Return Value - (394)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unimplemented or Unsupported Feature in UI - (447)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Unintended Proxy or Intermediary ('Confused Deputy') - (441)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') - (637)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unprotected Alternate Channel - (420)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unprotected Primary Channel - (419)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Unprotected Storage of Credentials - (256)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Unprotected Transport of Credentials - (523)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Unprotected Windows Messaging Channel ('Shatter') - (422)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unrestricted Externally Accessible Lock - (412)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unrestricted Upload of File with Dangerous Type - (434)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Unsafe ActiveX Control Marked Safe For Scripting - (623)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unsynchronized Access to Shared Data in a Multithreaded Context - (567)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Untrusted Search Path - (426)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Unverified Ownership - (283)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Unverified Password Change - (620)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. URL Redirection to Untrusted Site ('Open Redirect') - (601)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use After Free - (416)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of a Broken or Risky Cryptographic Algorithm - (327)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of a Key Past its Expiration Date - (324)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of a Non-reentrant Function in a Concurrent Context - (663)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Client-Side Authentication - (603)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) - (338)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Function with Inconsistent Implementations - (474)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Hard-coded Credentials - (798)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Hard-coded Cryptographic Key - (321)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Hard-coded Password - (259)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Use of Implicit Intent for Sensitive Communication - (927)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Incorrect Byte Ordering - (198)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Use of Incorrectly-Resolved Name or Reference - (706)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Use of Insufficiently Random Values - (330)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Invariant Value in Dynamically Changing Context - (344)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Less Trusted Source - (348)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Low-Level Functionality - (695)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Multiple Resources with Duplicate Identifier - (694)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Use of Non-Canonical URL Paths for Authorization Decisions - (647)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Password Hash With Insufficient Computational Effort - (916)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Password System for Primary Authentication - (309)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Potentially Dangerous Function - (676)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Use of RSA Algorithm without OAEP - (780)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Use of Single-factor Authentication - (308)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Use of Web Link to Untrusted Target with window.opener Access - (1022)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. User Interface (UI) Misrepresentation of Critical Information - (451)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Using Referer Field for Authentication - (293)
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness. Violation of Secure Design Principles - (657)
VariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness. Weak Cryptography for Passwords - (261)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Weak Password Recovery Mechanism for Forgotten Password - (640)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. Weak Password Requirements - (521)
BaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness. XML Injection (aka Blind XPath Injection) - (91)