"Minor" changes are text changes that only affect capitalization,
punctuation, and whitespace. All other changes are marked as "Major."
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
| 1 |
Location |
|
Major |
Description |
|
Minor |
None |
| 2 |
Environment |
|
Major |
Description |
|
Minor |
None |
| 3 |
Technology-specific Environment Issues |
|
Major |
Description |
|
Minor |
None |
| 8 |
J2EE Misconfiguration: Entity Bean Declared Remote |
|
Major |
Name, Description, Context_Notes, Potential_Mitigations |
|
Minor |
None |
| 14 |
Insecure Compiler Optimization |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 16 |
Configuration |
|
Major |
Description, Node_Relationship |
|
Minor |
None |
| 17 |
Code |
|
Major |
Description |
|
Minor |
None |
| 18 |
Source Code |
|
Major |
Description |
|
Minor |
None |
| 19 |
Data Handling |
|
Major |
Description |
|
Minor |
None |
| 20 |
Insufficient Input Validation |
|
Major |
Name, Description, Node_Relationship |
|
Minor |
None |
| 21 |
Pathname Traversal and Equivalence Errors |
|
Major |
Applicable_Platforms |
|
Minor |
Description |
| 22 |
Path Traversal |
|
Major |
Description, Context_Notes, AffectedResource, Applicable_Platforms, Potential_Mitigations, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 23 |
Relative Path Traversal |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 24 |
Path Issue - Dot Dot Slash - '../filedir' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 25 |
Path Issue - Leading Dot Dot Slash - '/../filedir' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 26 |
Path Issue - Leading Directory Dot Dot Slash - '/directory/../filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 27 |
Path Issue - Directory Doubled Dot Dot Slash - 'directory/../../filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 28 |
Path Issue - Dot Dot Backslash - '..\filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 29 |
Path Issue - Leading Dot Dot Backslash - '\..\filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 30 |
Path Issue - Leading Directory Dot Dot Backslash - '\directory\..\filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 31 |
Path Issue - Directory Doubled Dot Dot Backslash - 'directory\..\..\filename' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 32 |
Path Issue - Triple Dot - '...' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 33 |
Path Issue - Multiple Dot - '....' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 34 |
Path Issue - Doubled Dot Dot Slash - '....//' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 35 |
Path Issue - Doubled Triple Dot Slash - '.../...//' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 36 |
Absolute Path Traversal |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 37 |
Path Issue - Slash Absolute Path - /absolute/pathname/here |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 38 |
Path Issue - Backslash Absolute Path - \absolute\pathname\here |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 39 |
Path Issue - Drive Letter or Windows Volume - 'C:dirname' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 40 |
Path Issue - Windows UNC Share - '\\UNC\share\name\' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 41 |
Path Equivalence |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 42 |
Path Issue - Trailing Dot - 'filedir.' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 43 |
Path Issue - Multiple Trailing Dot - 'filedir....' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 44 |
Path Issue - Internal Dot - 'file.ordir' |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Context_Notes |
| 45 |
Path Issue - Multiple Internal Dot - 'file...dir' |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Context_Notes |
| 46 |
Path Issue - Trailing Space - 'filedir ' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 47 |
Path Issue - Leading Space - ' filedir' |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 48 |
Path Issue - Internal Space - file(SPACE)name |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Context_Notes |
| 49 |
Path Issue - Trailing Slash - filedir/ |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 50 |
Path Issue - Multiple Leading Slash - //multiple/leading/slash |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 51 |
Path Issue - Multiple Internal Slash - /multiple//internal/slash |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 52 |
Path Issue - Multiple Trailing Slash - /multiple/trailing/slash// |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 53 |
Path Issue - Multiple Internal Backslash - \multiple\\internal\backslash |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 54 |
Path Issue - Trailing Backslash - (filedir\) |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 55 |
Path Issue - Single Dot Directory - /./ |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 56 |
Path Issue - Asterisk Wildcard - filedir* |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 57 |
Path Issue - dirname/fakechild/../realchild/filename |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 58 |
Path Issue - Windows 8.3 Filename |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 59 |
Link Following |
|
Major |
Context_Notes, Alternate_Terms, AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Description, Weakness_Ordinality |
| 60 |
UNIX Path Link Problems |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 61 |
UNIX Symbolic Link (Symlink) Following |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Weakness_Ordinality |
| 62 |
UNIX Hard Link |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Weakness_Ordinality |
| 63 |
Windows Path Link Problems |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 64 |
Windows Shortcut Following (.LNK) |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 65 |
Windows Hard Link |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 66 |
Virtual Files |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 67 |
Windows MS-DOS Device Names |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality |
| 68 |
Windows Virtual File Problems |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 69 |
Windows ::DATA Alternate Data Stream |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 70 |
Mac Virtual File Problems |
|
Major |
Description, AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 71 |
Apple '.DS_Store' |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 72 |
Apple HFS+ Alternate Data Stream |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 73 |
Path Manipulation |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 74 |
Injection |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 75 |
Special Element Injection |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 76 |
Equivalent Special Element Injection |
|
Major |
Applicable_Platforms |
|
Minor |
Description, Weakness_Ordinality |
| 77 |
Command Injection |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 78 |
OS Command Injection |
|
Major |
Observed_Example, AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 79 |
Cross-site Scripting (XSS) |
|
Major |
Description, References, Context_Notes, Alternate_Terms, Applicable_Platforms, Potential_Mitigations, Common_Consequences, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality |
| 80 |
Basic XSS |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 81 |
XSS in Error Pages |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Description, Weakness_Ordinality |
| 82 |
Script in IMG Tags |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 83 |
XSS using Script in Attributes |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 84 |
XSS using Script Via Encoded URI Schemes |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 85 |
Doubled Character XSS Manipulations |
|
Major |
Name, Description, Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 86 |
Invalid Characters in Identifiers |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 87 |
Alternate XSS Syntax |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 88 |
Argument Injection or Modification |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Context_Notes, Weakness_Ordinality |
| 89 |
SQL Injection |
|
Major |
Demonstrative_Example, Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 90 |
LDAP Injection |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
References, Context_Notes, Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 92 |
Custom Special Character Injection |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 93 |
CRLF Injection |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 94 |
Code Injection |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
Research_Gaps |
| 95 |
Direct Dynamic Code Evaluation ('Eval Injection') |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 96 |
Direct Static Code Injection |
|
Major |
Context_Notes, AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 97 |
Server-Side Includes (SSI) Injection |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 98 |
PHP File Inclusion |
|
Major |
Research_Gaps, Alternate_Terms, AffectedResource, Node_Relationship |
|
Minor |
Context_Notes |
| 99 |
Resource Injection |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 100 |
Technology-Specific Input Validation Problems |
|
Major |
Description |
|
Minor |
None |
| 101 |
Struts Validation Problems |
|
Major |
Description |
|
Minor |
Name |
| 102 |
Struts: Duplicate Validation Forms |
|
Major |
Description, Context_Notes, Demonstrative_Example |
|
Minor |
Weakness_Ordinality |
| 103 |
Struts: Incomplete validate() Method Definition |
|
Major |
Name, Description, Context_Notes |
|
Minor |
Weakness_Ordinality |
| 104 |
Struts: Form Bean Does Not Extend Validation Class |
|
Major |
Description, Context_Notes |
|
Minor |
Weakness_Ordinality |
| 105 |
Struts: Form Field Without Validator |
|
Major |
Description, Context_Notes, Potential_Mitigations |
|
Minor |
Weakness_Ordinality |
| 106 |
Struts: Plug-in Framework not in Use |
|
Major |
Description, Context_Notes, Weakness_Ordinality |
|
Minor |
Name |
| 107 |
Struts: Unused Validation Form |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 108 |
Struts: Unvalidated Action Form |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 109 |
Struts: Validator Turned Off |
|
Major |
Description, Context_Notes, Potential_Mitigations |
|
Minor |
Weakness_Ordinality |
| 110 |
Struts: Validator Without Form Field |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 111 |
Unsafe JNI |
|
Major |
Description, Context_Notes |
|
Minor |
Weakness_Ordinality |
| 112 |
Missing XML Validation |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 113 |
HTTP Response Splitting |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 114 |
Process Control |
|
Major |
AffectedResource, Applicable_Platforms, Potential_Mitigations, Node_Relationship |
|
Minor |
None |
| 115 |
Misinterpretation Error |
|
Major |
Research_Gaps, Applicable_Platforms |
|
Minor |
None |
| 116 |
Output Validation |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 117 |
Log Forging |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 118 |
Range Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 119 |
Buffer Errors |
|
Major |
Description, AffectedResource, Node_Relationship |
|
Minor |
None |
| 120 |
Unbounded Transfer ('Classic Buffer Overflow') |
|
Major |
AffectedResource, Potential_Mitigations, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality, Common_Consequences |
| 121 |
Stack-based Buffer Overflow |
|
Major |
Name, Description, Context_Notes, Demonstrative_Example, Alternate_Terms, Node_Relationship |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 122 |
Heap-based Buffer Overflow |
|
Major |
Name, Context_Notes, AffectedResource, Node_Relationship |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 123 |
Write-what-where Condition |
|
Major |
Context_Notes, Potential_Mitigations, Common_Consequences, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality |
| 124 |
Boundary Beginning Violation ('Buffer Underwrite') |
|
Major |
Description, References, Context_Notes, Research_Gaps, Demonstrative_Example, Observed_Example, Alternate_Terms, CVEs_Mentioned, Common_Consequences |
|
Minor |
Name, Weakness_Ordinality |
| 125 |
Out-of-bounds Read |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 126 |
Buffer Over-read |
|
Major |
None |
|
Minor |
Name, Weakness_Ordinality |
| 127 |
Buffer Under-read |
|
Major |
None |
|
Minor |
Name, Weakness_Ordinality |
| 128 |
Wrap-around Error |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Weakness_Ordinality, Common_Consequences |
| 129 |
Unchecked Array Indexing |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality, Common_Consequences |
| 130 |
Length Parameter Inconsistency |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 131 |
Other Length Calculation Error |
|
Major |
None |
|
Minor |
Name |
| 132 |
Miscalculated Null Termination |
|
Major |
Demonstrative_Example |
|
Minor |
Name, Weakness_Ordinality, Common_Consequences |
| 133 |
String Errors |
|
Major |
Description |
|
Minor |
None |
| 134 |
Uncontrolled Format String |
|
Major |
Name, AffectedResource, Applicable_Platforms, Common_Consequences, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 135 |
Improper String Length Checking |
|
Major |
None |
|
Minor |
Name |
| 136 |
Type Errors |
|
Major |
Description |
|
Minor |
None |
| 137 |
Representation Errors |
|
Major |
Description |
|
Minor |
None |
| 138 |
Special Elements (Characters or Reserved Words) |
|
Major |
Description |
|
Minor |
None |
| 139 |
General Special Element Problems |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 140 |
Delimiter Problems |
|
Major |
Description |
|
Minor |
None |
| 141 |
Parameter Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 142 |
Value Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 143 |
Record Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 144 |
Line Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 145 |
Section Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 146 |
Delimiter between Expressions or Commands |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 147 |
Input Terminator |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 148 |
Input Leader |
|
Major |
Description |
|
Minor |
None |
| 150 |
Escape, Meta, or Control Character / Sequence |
|
Major |
Applicable_Platforms, Potential_Mitigations |
|
Minor |
None |
| 151 |
Comment Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 152 |
Macro Symbol |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 153 |
Substitution Character |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 154 |
Variable Name Delimiter |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 155 |
Wildcard or Matching Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 156 |
Whitespace |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 157 |
Grouping Element / Paired Delimiter |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 158 |
Null Character / Null Byte |
|
Major |
Applicable_Platforms |
|
Minor |
Description |
| 159 |
Common Special Element Manipulations |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Context_Notes, Research_Gaps |
| 160 |
Leading Special Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 161 |
Multiple Leading Special Elements |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 162 |
Trailing Special Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 163 |
Multiple Trailing Special Elements |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 164 |
Internal Special Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 165 |
Multiple Internal Special Elements |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 166 |
Missing Special Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 167 |
Extra Special Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 168 |
Inconsistent Special Elements |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 169 |
Technology-Specific Special Elements |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 170 |
Improper Null Termination |
|
Major |
Context_Notes, Node_Relationship |
|
Minor |
None |
| 171 |
Cleansing, Canonicalization, and Comparison Errors |
|
Major |
Description |
|
Minor |
None |
| 172 |
Encoding Error |
|
Major |
Description |
|
Minor |
None |
| 178 |
Case Sensitivity (Lowercase, Uppercase, Mixed Case) |
|
Major |
Research_Gaps, AffectedResource, Node_Relationship |
|
Minor |
Name |
| 184 |
Incomplete Blacklist |
|
Major |
None |
|
Minor |
Context_Notes |
| 187 |
Partial Comparison |
|
Major |
None |
|
Minor |
Context_Notes |
| 188 |
Reliance on Data Layout |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 189 |
Numeric Errors |
|
Major |
Description, Node_Relationship |
|
Minor |
None |
| 190 |
Integer Overflow (Wrap or Wraparound) |
|
Major |
Description, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 191 |
Integer Underflow (Wrap or Wraparound) |
|
Major |
None |
|
Minor |
Name |
| 192 |
Integer Coercion Error |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 193 |
Off-by-one Error |
|
Major |
References, Applicable_Platforms |
|
Minor |
Common_Consequences |
| 194 |
Sign Extension Error |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 195 |
Signed to Unsigned Conversion Error |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 196 |
Unsigned to Signed Conversion Error |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 197 |
Numeric Truncation Error |
|
Major |
Context_Notes |
|
Minor |
Name, Common_Consequences |
| 198 |
Numeric Byte Ordering Error |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 199 |
Information Management Errors |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 200 |
Information Leak (Information Disclosure) |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 201 |
Information Leak Through Sent Data |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 202 |
Information Leak Through Data Queries |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 203 |
Discrepancy Information Leaks |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 204 |
Response Discrepancy Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 205 |
Behavioral Discrepancy Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 206 |
Internal Behavioral Inconsistency Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 207 |
External Behavioral Inconsistency Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 208 |
Timing Discrepancy Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 209 |
Error Message Information Leaks |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 210 |
Product-Generated Error Message Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 211 |
Product-External Error Message Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
Description |
| 212 |
Cross-Boundary Cleansing Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 213 |
Intended Information Leak |
|
Major |
Description, Context_Notes, Applicable_Platforms, Potential_Mitigations |
|
Minor |
None |
| 214 |
Process Information Leak to Other Processes |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 215 |
Information Leak Through Debug Information |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 216 |
Containment Errors (Container Errors) |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Context_Notes |
| 217 |
Failure to Protect Stored Data from Modification |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 218 |
Failure to Provide Confidentiality for Stored Data |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 219 |
Sensitive Data Under Web Root |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 220 |
Sensitive Data Under FTP Root |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 221 |
Information Loss or Omission |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 222 |
Truncation of Security-relevant Information |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 223 |
Omission of Security-relevant Information |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 224 |
Obscured Security-relevant Information by Alternate Name |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 225 |
DEPRECATED (Duplicate): General Information Management Problems |
|
Major |
Name, Description, Node_Relationship |
|
Minor |
None |
| 226 |
Sensitive Information Uncleared Before Use |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 228 |
Structure and Validity Problems |
|
Major |
Description |
|
Minor |
None |
| 229 |
Value Problems |
|
Major |
Description |
|
Minor |
None |
| 230 |
Missing Value Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 231 |
Extra Value Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 233 |
Parameter Problems |
|
Major |
Description |
|
Minor |
None |
| 234 |
Missing Parameter Error |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 235 |
Extra Parameter Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 237 |
Element Problems |
|
Major |
Description |
|
Minor |
None |
| 238 |
Missing Element Error |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 239 |
Incomplete Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 240 |
Inconsistent Elements |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes |
| 241 |
Wrong Data Type |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 242 |
Dangerous Functions |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 243 |
Directory Restriction |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 244 |
Heap Inspection |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 245 |
J2EE Bad Practices: getConnection() |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 246 |
J2EE Bad Practices: Sockets |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 247 |
Often Misused: Authentication |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 249 |
Often Misused: Path Manipulation |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 250 |
Often Misused: Privilege Management |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 251 |
Often Misused: String Management |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 252 |
Unchecked Return Value |
|
Major |
Applicable_Platforms |
|
Minor |
Demonstrative_Example, Common_Consequences |
| 253 |
Misinterpreted Function Return Value |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 255 |
Credentials Management |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 256 |
Plaintext Storage |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 257 |
Storing Passwords in a Recoverable Format |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 258 |
Empty Password in Configuration File |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 259 |
Hard-Coded Password |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 260 |
Password in Configuration File |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 261 |
Weak Cryptography for Passwords |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 262 |
Not Allowing Password Aging |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 263 |
Allowing Unchecked Password Aging |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 264 |
Permissions, Privileges, and Access Controls |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 265 |
Privilege / Sandbox Issues |
|
Major |
None |
|
Minor |
Name, Research_Gaps |
| 266 |
Incorrect Privilege Assignment |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Weakness_Ordinality |
| 267 |
Unsafe Privilege |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 268 |
Privilege Chaining |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes, Weakness_Ordinality |
| 269 |
Privilege Management Error |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 270 |
Privilege Context Switching Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 271 |
Privilege Dropping / Lowering Errors |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 272 |
Least Privilege Violation |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality, Common_Consequences |
| 273 |
Failure to Check Whether Privileges Were Dropped Successfully |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality, Common_Consequences |
| 274 |
Insufficient Privileges |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Context_Notes, Weakness_Ordinality |
| 275 |
Permission Issues |
|
Major |
Description, AffectedResource, Node_Relationship |
|
Minor |
None |
| 276 |
Insecure Default Permissions |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 277 |
Insecure Inherited Permissions |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 278 |
Insecure Preserved Inherited Permissions |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 279 |
Insecure Execution-assigned Permissions |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 280 |
Failure to Handle Insufficient Permissions or Privileges |
|
Major |
Name, Description, Context_Notes, Research_Gaps, Observed_Example, Applicable_Platforms, Potential_Mitigations, Node_Relationship |
|
Minor |
None |
| 281 |
Permission Preservation Failure |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 282 |
Ownership Issues |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 283 |
Unverified Ownership |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 284 |
Access Control Issues |
|
Major |
Description, Context_Notes, AffectedResource, Node_Relationship |
|
Minor |
None |
| 285 |
Missing or Inconsistent Access Control |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 286 |
User Management Issues |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 287 |
Authentication Issues |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 288 |
Authentication Bypass by Alternate Path/Channel |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 289 |
Authentication Bypass by Alternate Name |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 290 |
Authentication Bypass by Spoofing |
|
Major |
Description |
|
Minor |
None |
| 291 |
Trusting Self-reported IP Address |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Weakness_Ordinality |
| 292 |
Trusting Self-reported DNS Name |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 293 |
Using Referer Field for Authentication |
|
Major |
Name, Description, Context_Notes, Applicable_Platforms |
|
Minor |
Common_Consequences |
| 294 |
Authentication Bypass by Capture-replay |
|
Major |
Name, Context_Notes, Applicable_Platforms |
|
Minor |
Common_Consequences |
| 295 |
Certificate Issues |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 296 |
Failure to Follow Chain of Trust in Certificate Validation |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 297 |
Failure to Validate Host-specific Certificate Data |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 298 |
Failure to Validate Certificate Expiration |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 299 |
Failure to Check for Certificate Revocation |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 300 |
Man-in-the-middle (MITM) |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 301 |
Reflection Attack in an Authentication Protocol |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 302 |
Authentication Bypass by Assumed-Immutable Data |
|
Major |
Observed_Example, Applicable_Platforms |
|
Minor |
None |
| 303 |
Authentication Logic Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 304 |
Missing Critical Step in Authentication |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 305 |
Authentication Bypass by Primary Weakness |
|
Major |
Applicable_Platforms |
|
Minor |
Description |
| 306 |
No Authentication for Critical Function |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 307 |
Multiple Failed Authentication Attempts not Prevented |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 308 |
Using Single-factor Authentication |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 309 |
Using Password Systems |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 310 |
Cryptographic Issues |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 311 |
Failure to Encrypt Data |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 312 |
Plaintext Storage of Sensitive Information |
|
Major |
Description |
|
Minor |
None |
| 313 |
Plaintext Storage in File or on Disk |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 314 |
Plaintext Storage in Registry |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 315 |
Plaintext Storage in Cookie |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 316 |
Plaintext Storage in Memory |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Context_Notes |
| 317 |
Plaintext Storage in GUI |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 318 |
Plaintext Storage in Executable |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 319 |
Plaintext Transmission of Sensitive Information |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 320 |
Key Management Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Demonstrative_Example, Common_Consequences |
| 322 |
Key Exchange without Entity Authentication |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 323 |
Reusing a Nonce, Key Pair in Encryption |
|
Major |
Demonstrative_Example, Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 324 |
Using a Key Past its Expiration Date |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 325 |
Missing Required Cryptographic Step |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 326 |
Weak Encryption |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 327 |
Using a Broken or Risky Cryptographic Algorithm |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 328 |
Reversible One-Way Hash |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 329 |
Not Using a Random IV with CBC Mode |
|
Major |
Applicable_Platforms, Common_Consequences |
|
Minor |
Name |
| 330 |
Randomness and Predictability |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 331 |
Insufficient Entropy |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 332 |
Insufficient Entropy in PRNG |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 333 |
Failure of TRNG |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 334 |
Small Space of Random Values |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 335 |
PRNG Seed Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 336 |
Same Seed in PRNG |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 337 |
Predictable Seed in PRNG |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 338 |
Non-cryptographic PRNG |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 339 |
Small Seed Space in PRNG |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 340 |
Predictability Problems |
|
Major |
Description |
|
Minor |
Name |
| 341 |
Predictable from Observable State |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 342 |
Predictable Exact Value from Previous Values |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 343 |
Predictable Value Range from Previous Values |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 344 |
Static Value in Unpredictable Context |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 345 |
Insufficient Verification of Data |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 346 |
Origin Validation Error |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes, Weakness_Ordinality |
| 347 |
Improperly Verified Signature |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 348 |
Use of Less Trusted Source |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 349 |
Untrusted Data Appended with Trusted Data |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 350 |
Improperly Trusted Reverse DNS |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 351 |
Insufficient Type Distinction |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 353 |
Failure to Add Integrity Check Value |
|
Major |
Demonstrative_Example, Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 354 |
Failure to Check Integrity Check Value |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 355 |
User Interface Security Issues |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 356 |
Product UI does not Warn User of Unsafe Actions |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 357 |
Insufficient UI Warning of Dangerous Operations |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 358 |
Improperly Implemented Security Check for Standard |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes |
| 359 |
Privacy Violation |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 360 |
Trust of System Event Data |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 362 |
Race Conditions |
|
Major |
Description, Node_Relationship |
|
Minor |
None |
| 363 |
Race Condition Enabling Link Following |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 364 |
Signal Handler Race Condition |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 365 |
Race Condition in Switch |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 366 |
Race Condition within a Thread |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 367 |
Time-of-check Time-of-use Race Condition |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 368 |
Context Switching Race Condition |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 370 |
Race Condition in Checking for Certificate Revocation |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 371 |
State Issues |
|
Major |
Description |
|
Minor |
None |
| 372 |
Incomplete Internal State Distinction |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes |
| 373 |
State Synchronization Error |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 374 |
Mutable Objects Passed by Reference |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 375 |
Passing Mutable Objects to an Untrusted Method |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 376 |
Temporary File Issues |
|
Major |
Description, AffectedResource, Node_Relationship |
|
Minor |
None |
| 377 |
Insecure Temporary File |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 378 |
Improper Temporary File Opening |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 379 |
Guessed or Visible Temporary File |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 380 |
Technology-Specific Time and State Issues |
|
Major |
Description |
|
Minor |
None |
| 381 |
J2EE Time and State Issues |
|
Major |
Description |
|
Minor |
None |
| 383 |
J2EE Bad Practices: Threads |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 384 |
Session Fixation |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 385 |
Covert Timing Channel |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 386 |
Symbolic Name not Mapping to Correct Object |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 387 |
Signal Errors |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 388 |
Error Handling |
|
Major |
None |
|
Minor |
Common_Consequences |
| 389 |
Error Conditions, Return Values, Status Codes |
|
Major |
Research_Gaps, Applicable_Platforms |
|
Minor |
Context_Notes |
| 390 |
Improper Error Handling |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 391 |
Unchecked Error Condition |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 392 |
Missing Error Status Code |
|
Major |
Applicable_Platforms |
|
Minor |
Observed_Example |
| 393 |
Wrong Status Code |
|
Major |
Applicable_Platforms |
|
Minor |
Observed_Example |
| 394 |
Unexpected Status Code or Return Value |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 398 |
Code Quality |
|
Major |
Description |
|
Minor |
None |
| 399 |
Resource Management Errors |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 400 |
Resource Exhaustion |
|
Major |
Name, Context_Notes, Applicable_Platforms |
|
Minor |
Common_Consequences |
| 401 |
Memory Leak |
|
Major |
AffectedResource, Common_Consequences, Node_Relationship |
|
Minor |
Name, Context_Notes |
| 402 |
Resource Leaks |
|
Major |
Description |
|
Minor |
Name |
| 403 |
UNIX File Descriptor Leak |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 404 |
Improper Resource Shutdown or Release |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 406 |
Network Amplification |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 407 |
Algorithmic Complexity |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 408 |
Early Amplification |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 409 |
Data Amplification |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 410 |
Insufficient Resource Pool |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 411 |
Resource Locking Problems |
|
Major |
Description |
|
Minor |
Name |
| 412 |
Unrestricted Critical Resource Lock |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 413 |
Insufficient Resource Locking |
|
Major |
Applicable_Platforms |
|
Minor |
Description |
| 414 |
Missing Lock Check |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 415 |
Double Free |
|
Major |
Observed_Example, Alternate_Terms, AffectedResource, Node_Relationship |
|
Minor |
Context_Notes, Common_Consequences |
| 416 |
Use After Free |
|
Major |
Context_Notes, AffectedResource, Node_Relationship |
|
Minor |
Common_Consequences |
| 417 |
Channel and Path Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 418 |
Channel Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 419 |
Unprotected Primary Channel |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 420 |
Unprotected Alternate Channel |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 421 |
Alternate Channel Race Condition |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 422 |
Unprotected Windows Messaging Channel ('Shatter') |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 423 |
Proxied Trusted Channel |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 424 |
Alternate Path Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
None |
| 425 |
Direct Request ('Forced Browsing') |
|
Major |
Name, Context_Notes, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 426 |
Untrusted Search Path |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
Common_Consequences |
| 427 |
Uncontrolled Search Path Element |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 428 |
Unquoted Search Path or Element |
|
Major |
Context_Notes, Applicable_Platforms |
|
Minor |
None |
| 429 |
Handler Errors |
|
Major |
Description |
|
Minor |
None |
| 430 |
Improper Handler Deployment |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 431 |
Missing Handler |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 432 |
Dangerous Handler not Cleared/Disabled During Sensitive Operations |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 433 |
Unparsed Raw Web Content Delivery |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 434 |
Unrestricted File Upload |
|
Major |
AffectedResource, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 435 |
Interaction Errors |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 436 |
Multiple Interpretation Error (MIE) |
|
Major |
References, Context_Notes, Applicable_Platforms |
|
Minor |
None |
| 437 |
Extra Unhandled Features |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 438 |
Behavioral Problems |
|
Major |
Description |
|
Minor |
Name |
| 439 |
Behavioral Change |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 440 |
Expected Behavior Violation |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 441 |
Unintended Proxy/Intermediary |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 442 |
Web Problems |
|
Major |
Description |
|
Minor |
Name |
| 444 |
HTTP Request Smuggling |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 445 |
User Interface Quality Errors |
|
Major |
Description, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 446 |
User Interface Discrepancy for Security Feature |
|
Major |
Name, Description, Context_Notes, Applicable_Platforms, Node_Relationship |
|
Minor |
None |
| 447 |
Unimplemented or Unsupported Feature in UI |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 448 |
Obsolete Feature in UI |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 449 |
The UI Performs the Wrong Action |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Name |
| 450 |
Multiple Interpretations of UI Input |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 451 |
UI Misrepresentation of Critical Information |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 452 |
Initialization and Cleanup Errors |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Context_Notes |
| 453 |
Insecure Default Variable Initialization |
|
Major |
Applicable_Platforms |
|
Minor |
Name |
| 454 |
External Initialization of Trusted Variables or Values |
|
Major |
Context_Notes, Applicable_Platforms |
|
Minor |
Name |
| 455 |
Non-exit on Failed Initialization |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 456 |
Missing Initialization |
|
Major |
Applicable_Platforms |
|
Minor |
Context_Notes, Research_Gaps |
| 457 |
Uninitialized Variable |
|
Major |
References, Applicable_Platforms, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 458 |
Incorrect Initialization |
|
Major |
Observed_Example, Applicable_Platforms |
|
Minor |
Name |
| 459 |
Incomplete Cleanup |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 460 |
Improper Cleanup on Thrown Exception |
|
Major |
Demonstrative_Example |
|
Minor |
Name, Common_Consequences |
| 461 |
Data Structure Issues |
|
Major |
Description |
|
Minor |
None |
| 462 |
Duplicate Key in Associative List (Alist) |
|
Major |
None |
|
Minor |
Name |
| 463 |
Deletion of Data-structure Sentinel |
|
Major |
Description, Context_Notes |
|
Minor |
Name, Common_Consequences |
| 464 |
Addition of Data-structure Sentinel |
|
Major |
Description |
|
Minor |
Name, Common_Consequences |
| 465 |
Pointer Issues |
|
Major |
Description |
|
Minor |
None |
| 466 |
Illegal Pointer Value |
|
Major |
Description, Node_Relationship |
|
Minor |
None |
| 467 |
Use of sizeof() on a Pointer Type |
|
Major |
Description, References, Context_Notes, Demonstrative_Example, Weakness_Ordinality, Potential_Mitigations, Common_Consequences, Node_Relationship |
|
Minor |
Name |
| 468 |
Unintentional Pointer Scaling |
|
Major |
Demonstrative_Example, Node_Relationship |
|
Minor |
Name |
| 469 |
Improper Pointer Subtraction |
|
Major |
Description, Potential_Mitigations, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 470 |
Unsafe Reflection |
|
Major |
Node_Relationship |
|
Minor |
None |
| 471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Name, Applicable_Platforms |
|
Minor |
Context_Notes |
| 472 |
Web Parameter Tampering |
|
Major |
Applicable_Platforms, Node_Relationship |
|
Minor |
Context_Notes |
| 473 |
PHP External Variable Modification |
|
Major |
Description, Context_Notes, Potential_Mitigations, Node_Relationship |
|
Minor |
None |
| 474 |
Inconsistent Implementations |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 475 |
Undefined Behavior |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 476 |
NULL Pointer Dereference |
|
Major |
Description, Context_Notes, Demonstrative_Example, Observed_Example, CVEs_Mentioned, Potential_Mitigations, Common_Consequences, Node_Relationship |
|
Minor |
Name, Weakness_Ordinality |
| 477 |
Obsolete |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 478 |
Failure to Account for Default Case in Switch |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 479 |
Unsafe Function Call from a Signal Handler |
|
Major |
Context_Notes, AffectedResource, Node_Relationship |
|
Minor |
Name, Common_Consequences |
| 480 |
Using the Wrong Operator |
|
Major |
Description, Applicable_Platforms |
|
Minor |
Name |
| 481 |
Assigning instead of Comparing |
|
Major |
None |
|
Minor |
Name |
| 482 |
Comparing instead of Assigning |
|
Major |
None |
|
Minor |
Name |
| 483 |
Incorrect Block Delimitation |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 484 |
Omitted Break Statement |
|
Major |
None |
|
Minor |
Name |
| 486 |
Comparing Classes by Name |
|
Major |
None |
|
Minor |
Common_Consequences |
| 487 |
Relying on Package-level Scope |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 488 |
Data Leaking Between Users |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 489 |
Leftover Debug Code |
|
Major |
Context_Notes, Applicable_Platforms, Node_Relationship |
|
Minor |
Common_Consequences |
| 490 |
Mobile Code Issues |
|
Major |
Description |
|
Minor |
None |
| 492 |
Mobile Code: Use of Inner Class |
|
Major |
None |
|
Minor |
Common_Consequences |
| 494 |
Mobile Code: Invoking Untrusted Mobile Code |
|
Major |
None |
|
Minor |
Name |
| 495 |
Private Array-Typed Field Returned From A Public Method |
|
Major |
Node_Relationship |
|
Minor |
None |
| 496 |
Public Data Assigned to Private Array-Typed Field |
|
Major |
Description, Node_Relationship |
|
Minor |
None |
| 497 |
System Information Leak |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 498 |
Information Leak through Class Cloning |
|
Major |
Context_Notes, Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 499 |
Information Leak through Serialization |
|
Major |
None |
|
Minor |
Name, Common_Consequences |
| 500 |
Overflow of Static Internal Buffer |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 501 |
Trust Boundary Violation |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 502 |
Deserialization of Untrusted Data |
|
Major |
Applicable_Platforms |
|
Minor |
Name, Common_Consequences |
| 503 |
Byte/Object Code |
|
Major |
Description |
|
Minor |
None |
| 504 |
Motivation/Intent |
|
Major |
Description |
|
Minor |
None |
| 508 |
Non-Replicating |
|
Major |
Description |
|
Minor |
None |
| 509 |
Replicating (virus) |
|
Major |
Description |
|
Minor |
None |
| 512 |
Spyware |
|
Major |
Description |
|
Minor |
None |
| 513 |
Nonmalicious |
|
Major |
Description |
|
Minor |
None |
| 514 |
Covert Channel |
|
Major |
Description, Context_Notes |
|
Minor |
None |
| 515 |
Covert Storage Channel |
|
Major |
Description |
|
Minor |
Common_Consequences |
| 522 |
Insufficiently Protected Credentials |
|
Major |
Node_Relationship |
|
Minor |
None |
| 533 |
Information Leak Through Server Log Files |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 538 |
File and Directory Information Leaks |
|
Major |
Description |
|
Minor |
None |
| 548 |
Information Leak Through Directory Listing |
|
Major |
Description |
|
Minor |
None |
| 552 |
Errant Files or Directories Accessible |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 553 |
Possible Command Shell (csh) |
|
Major |
Description |
|
Minor |
None |
| 558 |
Misused Authentication: getlogin() |
|
Major |
Name |
|
Minor |
None |
| 559 |
Often Misused: Arguments and Parameters |
|
Major |
Description |
|
Minor |
None |
| 560 |
Often Misused: umask() |
|
Major |
None |
|
Minor |
Name |
| 569 |
Expression Issues |
|
Major |
Description |
|
Minor |
None |
| 572 |
Call to Thread.run() |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 576 |
EJB Bad Practices: Use of Java I/O |
|
Major |
Context_Notes |
|
Minor |
Name |
| 581 |
Object Model Violation: Just One of Equals and Haschode Defined |
|
Major |
None |
|
Minor |
Common_Consequences |
| 582 |
Mobile Code: Unsafe Array Declaration |
|
Major |
Weakness_Ordinality |
|
Minor |
None |
| 587 |
Assignment of a Fixed Address to a Pointer |
|
Major |
Context_Notes, Demonstrative_Example, Weakness_Ordinality |
|
Minor |
Description |
| 590 |
Improperly Freeing Heap Memory |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
None |
| 591 |
Memory Locking |
|
Major |
AffectedResource, Node_Relationship |
|
Minor |
Common_Consequences |
| 592 |
Authentication Bypass Issues |
|
Major |
Description |
|
Minor |
None |
| 593 |
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created |
|
Major |
None |
|
Minor |
Common_Consequences |
| 594 |
Persistence in J2EE Frameworks |
|
Major |
None |
|
Minor |
Common_Consequences |
| 599 |
No OpenSSL Certificate Check Performed before Use |
|
Major |
Name |
|
Minor |
Common_Consequences |
| 602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 604 |
Deprecated |
|
Major |
Node_Relationship |
|
Minor |
None |
| 605 |
Multiple Binds to Same Port |
|
Major |
Applicable_Platforms |
|
Minor |
Common_Consequences |
| 608 |
Struts: Non-private Field in ActionForm Class |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 609 |
Double Checked Locking |
|
Major |
Context_Notes |
|
Minor |
None |
| 616 |
Incomplete Identification of Uploaded File Variables (PHP) |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 617 |
Reachable Assertion |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 618 |
Exposed Unsafe ActiveX Method |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 621 |
Variable Extraction Error |
|
Major |
Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 623 |
Unsafe ActiveX Control Marked Safe For Scripting |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 624 |
Executable Regular Expression Error |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 625 |
Permissive Regular Expression |
|
Major |
Context_Notes, Applicable_Platforms |
|
Minor |
Weakness_Ordinality |
| 626 |
Null Byte Interaction Error (Poison Null Byte) |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
| 627 |
Dynamic Variable Evaluation |
|
Major |
Applicable_Platforms |
|
Minor |
None |
| 628 |
Incorrectly Specified Arguments |
|
Major |
None |
|
Minor |
Weakness_Ordinality |
