CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Draft 7 and Draft 8  
ID

Differences between Draft 7 and Draft 8
Differences between Draft 7 and Draft 8

Summary
Summary
Total new 22
Total deprecated 0
Total shared 634
Total important changes 176
Total major changes 495
Total minor changes 33
Total minor changes (no major) 1
Total unchanged 138
Back to top
Attribute Change Summary
Attribute Change Summary

"Minor" changes are text changes that only affect capitalization, punctuation, and whitespace. All other changes are marked as "Major." Simple schema changes are ignored, such as the change from AffectedResource to Affected_Resource in Draft 8.

Attribute Major Minor
Affected_Resource 0 0
Alternate_Terms 2 0
Applicable_Platforms 3 0
Black_Box_Definition 0 0
CVEs_Mentioned 13 0
Causal_Nature 0 0
Common_Consequences 5 12
Common_Methods_of_Exploitation 2 0
Context_Notes 9 1
Demonstrative_Example 4 0
Description 54 14
Enabling_Factors_for_Exploitation 0 0
Functional_Area 1 0
Likelihood_of_Exploit 0 0
Name 27 3
Node_Relationship 112 0
Observed_Example 23 0
Potential_Mitigations 35 1
References 5 3
Related_Attack_Patterns 154 0
Research_Gaps 0 0
Source_Taxonomy 0 0
Time_of_Introduction 0 0
Type 349 0
Weakness_Ordinality 0 0
White_Box_Definition 12 0

Nodes Removed from Draft 7

CWE-ID CWE Name
None.

Nodes Added to Draft 8

CWE-ID CWE Name
636 Design Principle Violation: Not Failing Securely
637 Design Principle Violation: Not Using Economy of Mechanism
638 Design Principle Violation: Not Using Complete Mediation
639 Access Control Bypass Through User-Controlled Key
640 Weak Password Recovery Mechanism
641 Insufficient Filtering of File and Other Resource Names for Executable Content
642 Insufficient Management of User State
643 Unsafe Treatment of XPath Input
644 Insufficient Filtering of HTTP Headers for Scripting Syntax
645 Overly Restrictive Account Lockout Mechanism
646 Taking Actions based on File Name or Extension of a User Supplied File
647 Using Non-Canonical Paths for Authorization Decisions
648 Improper Use of Privileged APIs
649 Relying on Obfuscation or Encryption with no Integrity Checking to Protect User Controllable Parameters that are Used to Determine User or System State
650 Trusting HTTP Permission Methods on the Server Side
651 Information Leak through WSDL File
652 Unsafe Treatment of XQuery Input
653 Design Principle Violation: Insufficient Separation of Privileges
654 Design Principle Violation: Reliance on a Single Factor in a Security Decision
655 Design Principle Violation: Failure to Satisfy Psychological Acceptability
656 Design Principle Violation: Reliance on Security through Obscurity
657 Violation of Secure Design Principles

Nodes Deprecated in Draft 8

CWE-ID CWE Name
None.
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

D 15 Setting Manipulation
R 17 Code
R 22 Path Traversal
D 41 Path Equivalence
R 59 Link Following
D 60 UNIX Path Link Problems
R 61 UNIX Symbolic Link (Symlink) Following
D 74 Injection
D 75 Special Element Injection
D 76 Equivalent Special Element Injection
D 77 Command Injection
D R 78 OS Command Injection
D R 79 Cross-site Scripting (XSS)
D 80 Basic XSS
D 81 XSS in Error Pages
D 84 XSS using Script Via Encoded URI Schemes
D 85 Doubled Character XSS Manipulations
D 87 Alternate XSS Syntax
D 88 Argument Injection or Modification
D R 89 SQL Injection
D 90 LDAP Injection
R 91 XML Injection (aka Blind XPath Injection)
R 93 CRLF Injection
D 94 Code Injection
D 95 Direct Dynamic Code Evaluation ('Eval Injection')
D 96 Direct Static Code Injection
D 97 Server-Side Includes (SSI) Injection
D R 98 PHP File Inclusion
D R 99 Resource Injection
D R 113 HTTP Response Splitting
R 116 Output Validation
R 117 Log Forging
R 118 Range Errors
R 119 Buffer Errors
R 120 Unbounded Transfer ('Classic Buffer Overflow')
R 122 Heap-based Buffer Overflow
R 123 Write-what-where Condition
D 124 Boundary Beginning Violation ('Buffer Underwrite')
R 129 Unchecked Array Indexing
D R 130 Length Parameter Inconsistency
DN 131 Incorrect Calculation of Buffer Size
R 134 Uncontrolled Format String
D 138 Special Elements (Characters or Reserved Words)
N 147 Failure to Remove Input Terminator
N 148 Failure to Remove Input Leader
N 149 Failure to Remove Quoting Element
N 150 Failure to Remove Escape, Meta, or Control Character / Sequence
N 151 Failure to Remove Comment Element
N 152 Failure to Remove Macro Symbol
N 153 Failure to Remove Substitution Character
N 154 Failure to Remove Variable Name Delimiter
N 155 Failure to Remove Wildcard or Matching Element
N 156 Failure to Remove Whitespace
N 158 Failure to Remove Null Character / Null Byte
D 159 Common Special Element Manipulations
R 170 Improper Null Termination
R 178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
R 184 Incomplete Blacklist
R 190 Integer Overflow (Wrap or Wraparound)
R 193 Off-by-one Error
R 195 Signed to Unsigned Conversion Error
D 196 Unsigned to Signed Conversion Error
R 209 Error Message Information Leaks
R 216 Containment Errors (Container Errors)
D R 227 API Abuse
NR 242 Use of Inherently Dangerous Functions
DN 243 Failure to Change Working Directory in chroot Jail
N 248 Uncaught Exception
R 249 Often Misused: Path Manipulation
DNR 250 Design Principle Violation: Failure to Use Least Privilege
R 251 Often Misused: String Management
R 252 Unchecked Return Value
R 254 Security Features
R 255 Credentials Management
N 256 Plaintext Storage of a Password
R 259 Hard-Coded Password
R 261 Weak Cryptography for Passwords
R 264 Permissions, Privileges, and Access Controls
R 265 Privilege / Sandbox Issues
R 271 Privilege Dropping / Lowering Errors
R 275 Permission Issues
R 280 Failure to Handle Insufficient Permissions or Privileges
R 284 Access Control Issues
R 285 Missing or Inconsistent Access Control
R 287 Authentication Issues
R 288 Authentication Bypass by Alternate Path/Channel
R 289 Authentication Bypass by Alternate Name
R 291 Trusting Self-reported IP Address
D 294 Authentication Bypass by Capture-replay
D 300 Man-in-the-middle (MITM)
D 301 Reflection Attack in an Authentication Protocol
R 304 Missing Critical Step in Authentication
R 308 Using Single-factor Authentication
R 309 Using Password Systems
R 310 Cryptographic Issues
R 312 Plaintext Storage of Sensitive Information
R 319 Plaintext Transmission of Sensitive Information
R 321 Use of Hard-coded Cryptographic Key
R 326 Weak Encryption
R 340 Predictability Problems
R 345 Insufficient Verification of Data
R 346 Origin Validation Error
R 348 Use of Less Trusted Source
R 350 Improperly Trusted Reverse DNS
R 351 Insufficient Type Distinction
R 352 Cross-Site Request Forgery (CSRF)
D 355 User Interface Security Issues
R 358 Improperly Implemented Security Check for Standard
R 362 Race Conditions
R 371 State Issues
R 382 J2EE Bad Practices: System.exit()
N 383 J2EE Bad Practices: Use of Threads
D R 384 Session Fixation
R 385 Covert Timing Channel
R 386 Symbolic Name not Mapping to Correct Object
R 388 Error Handling
R 390 Improper Error Handling
R 398 Code Quality
R 401 Memory Leak
D 405 Asymmetric Resource Consumption (Amplification)
D 406 Network Amplification
D 407 Algorithmic Complexity
R 416 Use After Free
R 417 Channel and Path Errors
R 420 Unprotected Alternate Channel
D R 425 Direct Request ('Forced Browsing')
D R 426 Untrusted Search Path
R 427 Uncontrolled Search Path Element
R 428 Unquoted Search Path or Element
R 433 Unparsed Raw Web Content Delivery
R 434 Unrestricted File Upload
D 435 Interaction Errors
R 436 Multiple Interpretation Error (MIE)
R 441 Unintended Proxy/Intermediary
D 444 HTTP Request Smuggling
R 456 Missing Initialization
R 466 Illegal Pointer Value
R 467 Use of sizeof() on a Pointer Type
R 469 Improper Pointer Subtraction
R 470 Unsafe Reflection
R 471 Modification of Assumed-Immutable Data (MAID)
D R 472 Web Parameter Tampering
R 473 PHP External Variable Modification
R 476 NULL Pointer Dereference
N 477 Use of Obsolete Functions
R 480 Using the Wrong Operator
R 481 Assigning instead of Comparing
R 482 Comparing instead of Assigning
R 494 Mobile Code: Invoking Untrusted Mobile Code
R 495 Private Array-Typed Field Returned From A Public Method
R 496 Public Data Assigned to Private Array-Typed Field
D 502 Deserialization of Untrusted Data
N 505 Intentionally Introduced Weakness
N 506 Embedded Malicious Code
N 508 Non-Replicating Malicious Code
N 509 Replicating Malicious Code (virus)
D 510 Trapdoor
D 511 Logic/Time Bomb
N 513 Intentionally Introduced Nonmalicious Weakness
R 514 Covert Channel
N 517 Other Intentional, Nonmalicious Weakness
N 518 Inadvertently Introduced Weakness
D 529 Information Leak Through Access Control List Files
D 530 Information Leak Through Backup (.~bk) Files
D 536 Information Leak Through Servlet Runtime Error Message
R 538 File and Directory Information Leaks
D 564 SQL Injection: Hibernate
R 566 Access Control Bypass Through User-Controlled SQL Primary Key
R 573 Failure to Follow Specification
N 581 Object Model Violation: Just One of Equals and Hashcode Defined
D 582 Mobile Code: Unsafe Array Declaration
R 600 Missing Catch Block
R 602 Client-Side Enforcement of Server-Side Security
R 613 Insufficient Session Expiration
R 617 Reachable Assertion
R 630 Weaknesses Examined by SAMATE
Back to top
Detailed Difference Report
Detailed Difference Report
1 Location
Major Type
Minor None
2 Environment
Major Type
Minor None
3 Technology-specific Environment Issues
Major Type
Minor None
4 J2EE Environment Issues
Major Type
Minor None
5 J2EE Misconfiguration: Insecure Transport
Major Type
Minor None
6 J2EE Misconfiguration: Insufficient Session-ID Length
Major Type, Related_Attack_Patterns
Minor None
7 J2EE Misconfiguration: Missing Error Handling
Major Type
Minor None
8 J2EE Misconfiguration: Entity Bean Declared Remote
Major Type
Minor None
9 J2EE Misconfiguration: Weak Access Permissions
Major Type
Minor None
10 ASP.NET Environment Issues
Major Type
Minor None
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Type
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Handling
Major Type
Minor None
13 ASP.NET Misconfiguration: Password in Configuration File
Major Type
Minor None
15 Setting Manipulation
Major Description, Related_Attack_Patterns
Minor None
16 Configuration
Major Type
Minor None
17 Code
Major Type, Node_Relationship
Minor None
18 Source Code
Major Type
Minor None
19 Data Handling
Major Type, Related_Attack_Patterns
Minor None
20 Insufficient Input Validation
Major Related_Attack_Patterns
Minor None
21 Pathname Traversal and Equivalence Errors
Major Related_Attack_Patterns
Minor None
22 Path Traversal
Major Related_Attack_Patterns, Node_Relationship
Minor None
23 Relative Path Traversal
Major Related_Attack_Patterns
Minor None
24 Path Issue - Dot Dot Slash - '../filedir'
Major Type
Minor None
25 Path Issue - Leading Dot Dot Slash - '/../filedir'
Major Type
Minor None
26 Path Issue - Leading Directory Dot Dot Slash - '/directory/../filename'
Major Type
Minor None
27 Path Issue - Directory Doubled Dot Dot Slash - 'directory/../../filename'
Major Type
Minor None
28 Path Issue - Dot Dot Backslash - '..\filename'
Major Type
Minor None
29 Path Issue - Leading Dot Dot Backslash - '\..\filename'
Major Type
Minor None
30 Path Issue - Leading Directory Dot Dot Backslash - '\directory\..\filename'
Major Type
Minor None
31 Path Issue - Directory Doubled Dot Dot Backslash - 'directory\..\..\filename'
Major Type
Minor None
32 Path Issue - Triple Dot - '...'
Major Type
Minor None
33 Path Issue - Multiple Dot - '....'
Major Type
Minor None
34 Path Issue - Doubled Dot Dot Slash - '....//'
Major Type
Minor None
35 Path Issue - Doubled Triple Dot Slash - '.../...//'
Major Type
Minor None
37 Path Issue - Slash Absolute Path - /absolute/pathname/here
Major Type
Minor None
38 Path Issue - Backslash Absolute Path - \absolute\pathname\here
Major Type
Minor None
39 Path Issue - Drive Letter or Windows Volume - 'C:dirname'
Major Type
Minor None
40 Path Issue - Windows UNC Share - '\\UNC\share\name\'
Major Type
Minor None
41 Path Equivalence
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
42 Path Issue - Trailing Dot - 'filedir.'
Major Type
Minor None
43 Path Issue - Multiple Trailing Dot - 'filedir....'
Major Type
Minor None
44 Path Issue - Internal Dot - 'file.ordir'
Major Type
Minor None
45 Path Issue - Multiple Internal Dot - 'file...dir'
Major Type
Minor None
46 Path Issue - Trailing Space - 'filedir '
Major Type
Minor None
47 Path Issue - Leading Space - ' filedir'
Major Type
Minor None
48 Path Issue - Internal Space - file(SPACE)name
Major Type
Minor None
49 Path Issue - Trailing Slash - filedir/
Major Type
Minor None
50 Path Issue - Multiple Leading Slash - //multiple/leading/slash
Major Type
Minor None
51 Path Issue - Multiple Internal Slash - /multiple//internal/slash
Major Type
Minor None
52 Path Issue - Multiple Trailing Slash - /multiple/trailing/slash//
Major Type
Minor None
53 Path Issue - Multiple Internal Backslash - \multiple\\internal\backslash
Major Type
Minor None
54 Path Issue - Trailing Backslash - (filedir\)
Major Type
Minor None
55 Path Issue - Single Dot Directory - /./
Major Type
Minor None
56 Path Issue - Asterisk Wildcard - filedir*
Major Type
Minor None
57 Path Issue - dirname/fakechild/../realchild/filename
Major Type
Minor None
58 Path Issue - Windows 8.3 Filename
Major Type
Minor None
59 Link Following
Major Related_Attack_Patterns, Node_Relationship
Minor None
60 UNIX Path Link Problems
Major Type, Description
Minor None
61 UNIX Symbolic Link (Symlink) Following
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
62 UNIX Hard Link
Major Type
Minor None
63 Windows Path Link Problems
Major Type
Minor None
64 Windows Shortcut Following (.LNK)
Major Type
Minor None
65 Windows Hard Link
Major Type
Minor None
66 Virtual Files
Major Type
Minor None
67 Windows MS-DOS Device Names
Major Type
Minor None
68 Windows Virtual File Problems
Major Type
Minor None
69 Windows ::DATA Alternate Data Stream
Major Type, Related_Attack_Patterns
Minor None
70 Mac Virtual File Problems
Major Type
Minor None
71 Apple '.DS_Store'
Major Type
Minor None
72 Apple HFS+ Alternate Data Stream
Major Type
Minor None
73 Path Manipulation
Major Related_Attack_Patterns
Minor None
74 Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor Common_Consequences
75 Special Element Injection
Major Description, Potential_Mitigations
Minor None
76 Equivalent Special Element Injection
Major Type, Description, Potential_Mitigations
Minor None
77 Command Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor Common_Consequences
78 OS Command Injection
Major Description, Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
79 Cross-site Scripting (XSS)
Major Description, Context_Notes, Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Node_Relationship
Minor Common_Consequences
80 Basic XSS
Major Type, Description, Related_Attack_Patterns, White_Box_Definition, Potential_Mitigations
Minor None
81 XSS in Error Pages
Major Type, Description, Potential_Mitigations
Minor None
82 Script in IMG Tags
Major Type, Related_Attack_Patterns
Minor None
83 XSS using Script in Attributes
Major Type, Related_Attack_Patterns, Potential_Mitigations
Minor None
84 XSS using Script Via Encoded URI Schemes
Major Type, Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
85 Doubled Character XSS Manipulations
Major Type, Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
86 Invalid Characters in Identifiers
Major Type, Related_Attack_Patterns
Minor None
87 Alternate XSS Syntax
Major Type, Description, Potential_Mitigations
Minor None
88 Argument Injection or Modification
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
89 SQL Injection
Major Description, Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor Common_Consequences
90 LDAP Injection
Major Description, Potential_Mitigations
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Related_Attack_Patterns, Node_Relationship
Minor None
92 Custom Special Character Injection
Major Related_Attack_Patterns, Potential_Mitigations
Minor None
93 CRLF Injection
Major Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
94 Code Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
95 Direct Dynamic Code Evaluation ('Eval Injection')
Major Description, Related_Attack_Patterns
Minor None
96 Direct Static Code Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
97 Server-Side Includes (SSI) Injection
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
98 PHP File Inclusion
Major Description, Node_Relationship
Minor None
99 Resource Injection
Major Description, Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor None
102 Struts: Duplicate Validation Forms
Major Type
Minor None
103 Struts: Incomplete validate() Method Definition
Major Type
Minor None
104 Struts: Form Bean Does Not Extend Validation Class
Major Type
Minor None
105 Struts: Form Field Without Validator
Major Type
Minor None
106 Struts: Plug-in Framework not in Use
Major Type
Minor None
107 Struts: Unused Validation Form
Major Type
Minor None
108 Struts: Unvalidated Action Form
Major Type
Minor None
109 Struts: Validator Turned Off
Major Type
Minor None
110 Struts: Validator Without Form Field
Major Type
Minor None
112 Missing XML Validation
Major Related_Attack_Patterns
Minor None
113 HTTP Response Splitting
Major Description, Observed_Example, Related_Attack_Patterns, Node_Relationship
Minor None
116 Output Validation
Major Related_Attack_Patterns, Node_Relationship
Minor None
117 Log Forging
Major References, Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Potential_Mitigations, Node_Relationship
Minor None
118 Range Errors
Major Related_Attack_Patterns, Node_Relationship
Minor None
119 Buffer Errors
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
120 Unbounded Transfer ('Classic Buffer Overflow')
Major Related_Attack_Patterns, White_Box_Definition, Node_Relationship
Minor None
121 Stack-based Buffer Overflow
Major Type, White_Box_Definition
Minor None
122 Heap-based Buffer Overflow
Major Type, Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Node_Relationship
Minor None
123 Write-what-where Condition
Major Node_Relationship
Minor None
124 Boundary Beginning Violation ('Buffer Underwrite')
Major Description
Minor None
126 Buffer Over-read
Major Type
Minor None
127 Buffer Under-read
Major Type
Minor None
128 Wrap-around Error
Major Related_Attack_Patterns
Minor None
129 Unchecked Array Indexing
Major Node_Relationship
Minor Common_Consequences
130 Length Parameter Inconsistency
Major Description, Related_Attack_Patterns, Node_Relationship
Minor None
131 Incorrect Calculation of Buffer Size
Major Name, Type, Description, Observed_Example, Related_Attack_Patterns
Minor None
133 String Errors
Major Type
Minor None
134 Uncontrolled Format String
Major Observed_Example, Related_Attack_Patterns, White_Box_Definition, CVEs_Mentioned, Node_Relationship
Minor None
135 Improper String Length Checking
Major Demonstrative_Example
Minor None
136 Type Errors
Major Type
Minor None
137 Representation Errors
Major Type
Minor None
138 Special Elements (Characters or Reserved Words)
Major Type, Description, Related_Attack_Patterns
Minor None
139 General Special Element Problems
Major Type
Minor None
140 Delimiter Problems
Major Type, Related_Attack_Patterns
Minor None
141 Parameter Delimiter
Major Type
Minor None
142 Value Delimiter
Major Type
Minor None
143 Record Delimiter
Major Type
Minor Description
144 Line Delimiter
Major Type
Minor Description
145 Section Delimiter
Major Type
Minor Description
146 Delimiter between Expressions or Commands
Major Type, Related_Attack_Patterns
Minor Description
147 Failure to Remove Input Terminator
Major Name, Type
Minor None
148 Failure to Remove Input Leader
Major Name, Type
Minor None
149 Failure to Remove Quoting Element
Major Name, Type
Minor None
150 Failure to Remove Escape, Meta, or Control Character / Sequence
Major Name, Type, Related_Attack_Patterns
Minor None
151 Failure to Remove Comment Element
Major Name, Type
Minor None
152 Failure to Remove Macro Symbol
Major Name, Type
Minor Description
153 Failure to Remove Substitution Character
Major Name, Type
Minor None
154 Failure to Remove Variable Name Delimiter
Major Name, Type, Related_Attack_Patterns
Minor Description
155 Failure to Remove Wildcard or Matching Element
Major Name, Type
Minor None
156 Failure to Remove Whitespace
Major Name, Type
Minor None
157 Grouping Element / Paired Delimiter
Major Type, Related_Attack_Patterns
Minor None
158 Failure to Remove Null Character / Null Byte
Major Name, Type, Related_Attack_Patterns
Minor None
159 Common Special Element Manipulations
Major Description
Minor None
160 Leading Special Element
Major Type
Minor Description
161 Multiple Leading Special Elements
Major Type
Minor Description
162 Trailing Special Element
Major Type
Minor Description
163 Multiple Trailing Special Elements
Major Type
Minor Description
164 Internal Special Element
Major Type
Minor Description
165 Multiple Internal Special Elements
Major Type
Minor Description
169 Technology-Specific Special Elements
Major Type
Minor None
170 Improper Null Termination
Major White_Box_Definition, Node_Relationship
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major Type, Related_Attack_Patterns
Minor None
172 Encoding Error
Major Type, Related_Attack_Patterns
Minor None
173 Alternate Encoding
Major Type, Related_Attack_Patterns
Minor None
174 Double Encoding
Major Type
Minor None
175 Mixed Encoding
Major Type
Minor None
176 Unicode Encoding
Major Type, Related_Attack_Patterns
Minor None
177 URL Encoding (Hex Encoding)
Major Type, Related_Attack_Patterns
Minor None
178 Case Sensitivity (Lowercase, Uppercase, Mixed Case)
Major Observed_Example, Functional_Area, CVEs_Mentioned, Node_Relationship
Minor None
179 Early Validation Errors
Major Related_Attack_Patterns
Minor None
180 Validate-Before-Canonicalize
Major Type, Related_Attack_Patterns
Minor None
181 Validate-before-filter
Major Type, Related_Attack_Patterns
Minor Name
183 Permissive Whitelist
Major Related_Attack_Patterns
Minor None
184 Incomplete Blacklist
Major Observed_Example, Related_Attack_Patterns, CVEs_Mentioned, Node_Relationship
Minor None
185 Regular Expression Error
Major Related_Attack_Patterns
Minor None
189 Numeric Errors
Major Type
Minor None
190 Integer Overflow (Wrap or Wraparound)
Major Related_Attack_Patterns, Node_Relationship
Minor None
192 Integer Coercion Error
Major Type
Minor None
193 Off-by-one Error
Major Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
195 Signed to Unsigned Conversion Error
Major Type, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
196 Unsigned to Signed Conversion Error
Major Type, Description, Related_Attack_Patterns
Minor None
199 Information Management Errors
Major Type
Minor None
200 Information Leak (Information Disclosure)
Major Related_Attack_Patterns
Minor None
201 Information Leak Through Sent Data
Major Type, Related_Attack_Patterns
Minor None
202 Information Leak Through Data Queries
Major Type
Minor None
205 Behavioral Discrepancy Information Leak
Major Type
Minor None
206 Internal Behavioral Inconsistency Information Leak
Major Type
Minor None
207 External Behavioral Inconsistency Information Leak
Major Type
Minor None
209 Error Message Information Leaks
Major Related_Attack_Patterns, Node_Relationship
Minor None
212 Cross-boundary Cleansing Information Leak
Major Type, Context_Notes
Minor Name
214 Process Information Leak to Other Processes
Major Type
Minor None
215 Information Leak Through Debug Information
Major Type
Minor None
216 Containment Errors (Container Errors)
Major Node_Relationship
Minor None
217 Failure to Protect Stored Data from Modification
Major Related_Attack_Patterns
Minor None
219 Sensitive Data Under Web Root
Major Type
Minor None
220 Sensitive Data Under FTP Root
Major Type
Minor None
221 Information Loss or Omission
Major Related_Attack_Patterns
Minor None
225 DEPRECATED (Duplicate): General Information Management Problems
Major Type
Minor None
226 Sensitive Information Uncleared Before Use
Major Observed_Example
Minor None
227 API Abuse
Major Description, Observed_Example, Related_Attack_Patterns, Potential_Mitigations, Node_Relationship
Minor None
233 Parameter Problems
Major Related_Attack_Patterns
Minor None
241 Wrong Data Type
Major Related_Attack_Patterns
Minor None
242 Use of Inherently Dangerous Functions
Major Name, Type, Node_Relationship
Minor None
243 Failure to Change Working Directory in chroot Jail
Major Name, Type, Description
Minor None
244 Heap Inspection
Major Type
Minor None
245 J2EE Bad Practices: getConnection()
Major Type
Minor None
246 J2EE Bad Practices: Sockets
Major Type
Minor None
247 Often Misused: Authentication
Major Type, Related_Attack_Patterns
Minor None
248 Uncaught Exception
Major Name, Related_Attack_Patterns
Minor None
249 Often Misused: Path Manipulation
Major Type, Potential_Mitigations, Node_Relationship
Minor None
250 Design Principle Violation: Failure to Use Least Privilege
Major Name, Type, Description, References, Context_Notes, Related_Attack_Patterns, Node_Relationship
Minor None
251 Often Misused: String Management
Major Type, Node_Relationship
Minor None
252 Unchecked Return Value
Major Node_Relationship
Minor None
254 Security Features
Major Type, Node_Relationship
Minor None
255 Credentials Management
Major Type, Node_Relationship
Minor None
256 Plaintext Storage of a Password
Major Name, Type
Minor None
257 Storing Passwords in a Recoverable Format
Major Related_Attack_Patterns
Minor None
258 Empty Password in Configuration File
Major Type
Minor None
259 Hard-Coded Password
Major Node_Relationship
Minor None
260 Password in Configuration File
Major Type
Minor None
261 Weak Cryptography for Passwords
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
262 Not Allowing Password Aging
Major Type, Related_Attack_Patterns
Minor None
263 Allowing Unchecked Password Aging
Major Related_Attack_Patterns
Minor None
264 Permissions, Privileges, and Access Controls
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
265 Privilege / Sandbox Issues
Major Type, Node_Relationship
Minor None
267 Unsafe Privilege
Major Related_Attack_Patterns
Minor None
269 Privilege Management Error
Major Related_Attack_Patterns
Minor None
270 Privilege Context Switching Error
Major Related_Attack_Patterns
Minor None
271 Privilege Dropping / Lowering Errors
Major Type, Node_Relationship
Minor None
272 Least Privilege Violation
Major Related_Attack_Patterns
Minor None
275 Permission Issues
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
276 Insecure Default Permissions
Major Type, Related_Attack_Patterns
Minor None
277 Insecure Inherited Permissions
Major Type
Minor None
278 Insecure Preserved Inherited Permissions
Major Type
Minor None
279 Insecure Execution-assigned Permissions
Major Type, Related_Attack_Patterns
Minor None
280 Failure to Handle Insufficient Permissions or Privileges
Major Node_Relationship
Minor None
282 Ownership Issues
Major Related_Attack_Patterns
Minor None
284 Access Control Issues
Major Related_Attack_Patterns, Node_Relationship
Minor None
285 Missing or Inconsistent Access Control
Major Related_Attack_Patterns, Node_Relationship
Minor None
287 Authentication Issues
Major Related_Attack_Patterns, Node_Relationship
Minor None
288 Authentication Bypass by Alternate Path/Channel
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
289 Authentication Bypass by Alternate Name
Major Type, Node_Relationship
Minor None
290 Authentication Bypass by Spoofing
Major Related_Attack_Patterns
Minor None
291 Trusting Self-reported IP Address
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
292 Trusting Self-reported DNS Name
Major Type, Related_Attack_Patterns
Minor None
293 Using Referer Field for Authentication
Major Type
Minor None
294 Authentication Bypass by Capture-replay
Major Description, Related_Attack_Patterns
Minor None
295 Certificate Issues
Major Type
Minor None
300 Man-in-the-middle (MITM)
Major Type, Description, Related_Attack_Patterns
Minor None
301 Reflection Attack in an Authentication Protocol
Major Type, Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Type, Related_Attack_Patterns
Minor None
303 Authentication Logic Error
Major Related_Attack_Patterns
Minor None
304 Missing Critical Step in Authentication
Major Node_Relationship
Minor Description
306 No Authentication for Critical Function
Major Type, Related_Attack_Patterns
Minor None
308 Using Single-factor Authentication
Major Node_Relationship
Minor None
309 Using Password Systems
Major Node_Relationship
Minor None
310 Cryptographic Issues
Major Type, Node_Relationship
Minor None
311 Failure to Encrypt Data
Major Related_Attack_Patterns
Minor None
312 Plaintext Storage of Sensitive Information
Major Related_Attack_Patterns, Node_Relationship
Minor None
313 Plaintext Storage in File or on Disk
Major Type
Minor None
314 Plaintext Storage in Registry
Major Type, Related_Attack_Patterns
Minor None
315 Plaintext Storage in Cookie
Major Type, Related_Attack_Patterns
Minor None
316 Plaintext Storage in Memory
Major Type
Minor None
317 Plaintext Storage in GUI
Major Type
Minor None
318 Plaintext Storage in Executable
Major Type, Related_Attack_Patterns
Minor None
319 Plaintext Transmission of Sensitive Information
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
320 Key Management Errors
Major Type, Observed_Example
Minor None
321 Use of Hard-coded Cryptographic Key
Major Node_Relationship
Minor Common_Consequences
325 Missing Required Cryptographic Step
Major Related_Attack_Patterns
Minor None
326 Weak Encryption
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
327 Using a Broken or Risky Cryptographic Algorithm
Major Related_Attack_Patterns
Minor None
328 Reversible One-Way Hash
Major Related_Attack_Patterns
Minor None
329 Not Using a Random IV with CBC Mode
Major Type
Minor None
330 Randomness and Predictability
Major Type, Related_Attack_Patterns
Minor None
331 Insufficient Entropy
Major Related_Attack_Patterns
Minor None
332 Insufficient Entropy in PRNG
Major Type
Minor None
333 Failure of TRNG
Major Type
Minor None
340 Predictability Problems
Major Node_Relationship
Minor None
345 Insufficient Verification of Data
Major Related_Attack_Patterns, Common_Methods_of_Exploitation, Node_Relationship
Minor None
346 Origin Validation Error
Major Related_Attack_Patterns, Node_Relationship
Minor None
348 Use of Less Trusted Source
Major Related_Attack_Patterns, Node_Relationship
Minor None
349 Untrusted Data Appended with Trusted Data
Major Related_Attack_Patterns
Minor None
350 Improperly Trusted Reverse DNS
Major Related_Attack_Patterns, Node_Relationship
Minor None
351 Insufficient Type Distinction
Major Node_Relationship
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
353 Failure to Add Integrity Check Value
Major Related_Attack_Patterns
Minor None
354 Failure to Check Integrity Check Value
Major Related_Attack_Patterns
Minor None
355 User Interface Security Issues
Major Type, Description
Minor None
358 Improperly Implemented Security Check for Standard
Major Node_Relationship
Minor None
359 Privacy Violation
Major Type, References
Minor None
361 Time and State
Major Type, Related_Attack_Patterns
Minor None
362 Race Conditions
Major Related_Attack_Patterns, Node_Relationship
Minor None
363 Race Condition Enabling Link Following
Major Related_Attack_Patterns
Minor None
366 Race Condition within a Thread
Major Related_Attack_Patterns
Minor None
367 Time-of-check Time-of-use Race Condition
Major Related_Attack_Patterns
Minor None
368 Context Switching Race Condition
Major Related_Attack_Patterns
Minor None
370 Race Condition in Checking for Certificate Revocation
Major Related_Attack_Patterns
Minor None
371 State Issues
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
372 Incomplete Internal State Distinction
Major Related_Attack_Patterns
Minor None
374 Mutable Objects Passed by Reference
Major Potential_Mitigations
Minor Common_Consequences
375 Passing Mutable Objects to an Untrusted Method
Major Potential_Mitigations
Minor Context_Notes, Common_Consequences
376 Temporary File Issues
Major Type
Minor None
377 Insecure Temporary File
Major Type
Minor None
379 Guessed or Visible Temporary File
Major Potential_Mitigations
Minor None
380 Technology-Specific Time and State Issues
Major Type
Minor None
381 J2EE Time and State Issues
Major Type
Minor None
382 J2EE Bad Practices: System.exit()
Major Type, Node_Relationship
Minor None
383 J2EE Bad Practices: Use of Threads
Major Name, Type, Potential_Mitigations
Minor None
384 Session Fixation
Major Description, Related_Attack_Patterns, Potential_Mitigations, Node_Relationship
Minor None
385 Covert Timing Channel
Major Node_Relationship
Minor None
386 Symbolic Name not Mapping to Correct Object
Major Node_Relationship
Minor None
387 Signal Errors
Major Type, Observed_Example
Minor None
388 Error Handling
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
389 Error Conditions, Return Values, Status Codes
Major Type
Minor None
390 Improper Error Handling
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
398 Code Quality
Major Type, Node_Relationship
Minor None
399 Resource Management Errors
Major Type
Minor None
400 Resource Exhaustion
Major Related_Attack_Patterns
Minor None
401 Memory Leak
Major References, White_Box_Definition, Node_Relationship
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Description, Potential_Mitigations
Minor None
406 Network Amplification
Major Description, Potential_Mitigations
Minor None
407 Algorithmic Complexity
Major Description, Observed_Example, CVEs_Mentioned
Minor Common_Consequences
411 Resource Locking Problems
Major Type
Minor None
412 Unrestricted Critical Resource Lock
Major Related_Attack_Patterns
Minor None
415 Double Free
Major Type
Minor None
416 Use After Free
Major Node_Relationship
Minor None
417 Channel and Path Errors
Major Type, Node_Relationship
Minor None
418 Channel Errors
Major Type
Minor None
420 Unprotected Alternate Channel
Major Node_Relationship
Minor None
421 Alternate Channel Race Condition
Major Type, Common_Methods_of_Exploitation
Minor None
422 Unprotected Windows Messaging Channel ('Shatter')
Major Type
Minor None
425 Direct Request ('Forced Browsing')
Major Description, Related_Attack_Patterns, Potential_Mitigations, Node_Relationship
Minor None
426 Untrusted Search Path
Major Description, Observed_Example, Alternate_Terms, Related_Attack_Patterns, CVEs_Mentioned, Node_Relationship
Minor Common_Consequences
427 Uncontrolled Search Path Element
Major Related_Attack_Patterns, Node_Relationship
Minor None
428 Unquoted Search Path or Element
Major Related_Attack_Patterns, Node_Relationship
Minor None
429 Handler Errors
Major Type
Minor None
430 Improper Handler Deployment
Major None
Minor Description
433 Unparsed Raw Web Content Delivery
Major Type, Observed_Example, CVEs_Mentioned, Node_Relationship
Minor None
434 Unrestricted File Upload
Major Node_Relationship
Minor None
435 Interaction Errors
Major Type, Description
Minor None
436 Multiple Interpretation Error (MIE)
Major Related_Attack_Patterns, Node_Relationship
Minor References
438 Behavioral Problems
Major Type
Minor None
441 Unintended Proxy/Intermediary
Major Node_Relationship
Minor None
442 Web Problems
Major Type
Minor None
443 DEPRECATED (Duplicate): HTTP response splitting
Major Type
Minor None
444 HTTP Request Smuggling
Major Description, Related_Attack_Patterns, Potential_Mitigations
Minor None
445 User Interface Quality Errors
Major Type
Minor None
452 Initialization and Cleanup Errors
Major Type
Minor None
456 Missing Initialization
Major Node_Relationship
Minor None
457 Uninitialized Variable
Major Type, White_Box_Definition
Minor References
460 Improper Cleanup on Thrown Exception
Major Type
Minor None
461 Data Structure Issues
Major Type
Minor None
465 Pointer Issues
Major Type
Minor None
466 Illegal Pointer Value
Major Node_Relationship
Minor None
467 Use of sizeof() on a Pointer Type
Major Type, Node_Relationship
Minor References
469 Improper Pointer Subtraction
Major Node_Relationship
Minor None
470 Unsafe Reflection
Major Node_Relationship
Minor None
471 Modification of Assumed-Immutable Data (MAID)
Major Type, Node_Relationship
Minor None
472 Web Parameter Tampering
Major Description, Observed_Example, Related_Attack_Patterns, Potential_Mitigations, Node_Relationship
Minor None
473 PHP External Variable Modification
Major Type, Related_Attack_Patterns, Node_Relationship
Minor None
476 NULL Pointer Dereference
Major White_Box_Definition, Node_Relationship
Minor None
477 Use of Obsolete Functions
Major Name
Minor None
478 Failure to Account for Default Case in Switch
Major Type
Minor None
479 Unsafe Function Call from a Signal Handler
Major Type
Minor None
480 Using the Wrong Operator
Major Potential_Mitigations, Node_Relationship
Minor None
481 Assigning instead of Comparing
Major Type, Node_Relationship
Minor None
482 Comparing instead of Assigning
Major Type, Node_Relationship
Minor None
483 Incorrect Block Delimitation
Major Type
Minor None
486 Comparing Classes by Name
Major Type, Common_Consequences
Minor None
487 Relying on Package-level Scope
Major Type
Minor None
488 Data Leaking Between Users
Major Type, Related_Attack_Patterns
Minor None
490 Mobile Code Issues
Major Type
Minor None
491 Mobile Code: Object Hijack
Major Type
Minor None
492 Mobile Code: Use of Inner Class
Major Type
Minor None
493 Mobile Code: Non-final Public Field
Major Type
Minor Name
494 Mobile Code: Invoking Untrusted Mobile Code
Major Type, Node_Relationship
Minor None
495 Private Array-Typed Field Returned From A Public Method
Major Type, Node_Relationship
Minor None
496 Public Data Assigned to Private Array-Typed Field
Major Type, Node_Relationship
Minor None
498 Information Leak through Class Cloning
Major Type
Minor None
499 Information Leak through Serialization
Major Type
Minor None
500 Overflow of Static Internal Buffer
Major Type
Minor None
502 Deserialization of Untrusted Data
Major Type, Description, Common_Consequences
Minor None
503 Byte/Object Code
Major Type
Minor None
504 Motivation/Intent
Major Type
Minor None
505 Intentionally Introduced Weakness
Major Name, Type
Minor None
506 Embedded Malicious Code
Major Name, Type
Minor None
507 Trojan Horse
Major Type
Minor None
508 Non-Replicating Malicious Code
Major Name
Minor None
509 Replicating Malicious Code (virus)
Major Name
Minor None
510 Trapdoor
Major Description, Related_Attack_Patterns
Minor None
511 Logic/Time Bomb
Major Description, Applicable_Platforms
Minor None
513 Intentionally Introduced Nonmalicious Weakness
Major Name, Type
Minor None
514 Covert Channel
Major Node_Relationship
Minor None
516 DEPRECATED (Duplicate): Covert Timing Channel
Major Type
Minor None
517 Other Intentional, Nonmalicious Weakness
Major Name, Type
Minor None
518 Inadvertently Introduced Weakness
Major Name, Type
Minor None
519 .NET Environment Issues
Major Type
Minor None
520 .NET Misconfiguration: Impersonation
Major Type
Minor None
521 Weak Password Requirements
Major Context_Notes, Related_Attack_Patterns
Minor None
522 Insufficiently Protected Credentials
Major Related_Attack_Patterns
Minor None
523 Unprotected Transport of Credentials
Major Type
Minor None
524 Information Leak Through Caching
Major Type
Minor None
525 Information Leak Through Browser Caching
Major Type, Related_Attack_Patterns
Minor None
526 Information Leak Through Environmental Variables
Major Type
Minor None
527 Information Leak Through CVS Repository
Major Type
Minor None
528 Information Leak Through Core Dump Files
Major Type
Minor None
529 Information Leak Through Access Control List Files
Major Type, Description
Minor None
530 Information Leak Through Backup (.~bk) Files
Major Type, Description, Common_Consequences
Minor None
531 Information Leak Through Test Code
Major Type
Minor None
532 Information Leak Through Log Files
Major Type
Minor None
533 Information Leak Through Server Log Files
Major Type
Minor None
534 Information Leak Through Debug Log Files
Major Type
Minor None
535 Information Leak Through Shell Error Message
Major Type
Minor None
536 Information Leak Through Servlet Runtime Error Message
Major Type, Description, Context_Notes, Common_Consequences
Minor None
537 Information Leak Through Java Runtime Error Message
Major Type, Applicable_Platforms
Minor None
538 File and Directory Information Leaks
Major Type, Related_Attack_Patterns, Applicable_Platforms, Node_Relationship
Minor None
539 Information Leak Through Persistent Cookies
Major Type, Related_Attack_Patterns
Minor None
540 Information Leak Through Source Code
Major Type
Minor None
541 Information Leak Through Include Source Code
Major Type
Minor None
542 Information Leak Through Cleanup Log Files
Major Type
Minor None
543 Use of Singleton Pattern in a Non-thread-safe Manner
Major Type
Minor None
545 Dynamic Class Loading
Major Type
Minor None
546 Suspicious Comment
Major Type
Minor None
547 Security-relevant Constants
Major Type
Minor None
548 Information Leak Through Directory Listing
Major Type
Minor None
549 Missing Password Field Masking
Major Type
Minor None
550 Information Leak Through Server Error Message
Major Type
Minor None
551 Authentication Before Parsing and Canonicalization
Major Type
Minor None
552 Errant Files or Directories Accessible
Major Type
Minor None
553 Possible Command Shell (csh)
Major Type
Minor None
554 ASP.NET Misconfiguration: Input Validation
Major Type
Minor None
555 J2EE Misconfiguration: Password in Configuration File
Major Type
Minor None
556 ASP.NET Misconfiguration: Identity Impersonation
Major Type
Minor None
557 Concurrency Issues
Major Type
Minor None
558 Misused Authentication: getlogin()
Major Type
Minor None
559 Often Misused: Arguments and Parameters
Major Type
Minor None
560 Often Misused: umask()
Major Type
Minor None
561 Dead Code
Major Type
Minor None
563 Unused Variable
Major Type, Demonstrative_Example
Minor None
564 SQL Injection: Hibernate
Major Type, Description, Potential_Mitigations
Minor None
565 Use of Cookies
Major Related_Attack_Patterns
Minor None
566 Access Control Bypass Through User-Controlled SQL Primary Key
Major Type, Node_Relationship
Minor None
567 Unsynchronized Access to Shared Data
Major Related_Attack_Patterns
Minor None
568 Erroneous Finalize Method
Major Type
Minor None
569 Expression Issues
Major Type
Minor None
570 Expression is Always False
Major Type
Minor None
571 Expression is Always True
Major Type
Minor None
572 Call to Thread.run()
Major Type
Minor None
573 Failure to Follow Specification
Major Node_Relationship
Minor None
574 EJB Bad Practices: Use of Synchronization Primitives
Major Type
Minor None
575 EJB Bad Practices: Use of AWT Swing
Major Type
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Type
Minor None
577 EJB Bad Practices: Use of Sockets
Major Type
Minor None
578 EJB Bad Practices: Use of Class Loader
Major Type
Minor None
579 J2EE Bad Practices: Non-serializable Object Stored in Session
Major Type
Minor None
580 Erroneous Clone Method
Major Type
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Name
Minor Common_Consequences
582 Mobile Code: Unsafe Array Declaration
Major Type, Description, Context_Notes
Minor None
583 Mobile Code: Public Finalize Method
Major Type, Context_Notes
Minor None
585 Empty Synchronized Block
Major Type
Minor None
586 Explicit Call to Finalize
Major Type
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Demonstrative_Example
Minor None
588 Attempt to Access Child of a Non-structure Pointer
Major Type
Minor None
589 Call to Limited API
Major Type, Related_Attack_Patterns
Minor None
590 Improperly Freeing Heap Memory
Major Type
Minor None
591 Memory Locking
Major Type
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Type, Context_Notes, Related_Attack_Patterns
Minor Common_Consequences
594 Persistence in J2EE Frameworks
Major Type
Minor None
597 Erroneous String Compare
Major Type
Minor None
598 Information Leak Through GET Request
Major Type
Minor None
599 No OpenSSL Certificate Check Performed before Use
Major Type, Demonstrative_Example, Common_Consequences
Minor Potential_Mitigations
600 Missing Catch Block
Major Node_Relationship
Minor None
601 Unsafe URL Redirection
Major Type, Alternate_Terms
Minor None
602 Client-Side Enforcement of Server-Side Security
Major Type, Node_Relationship
Minor None
603 Client-Side Authentication
Major Observed_Example
Minor None
604 Deprecated
Major Type
Minor None
606 Unchecked Input for Loop Condition
Major Type
Minor None
607 Public Static Final Field References Mutable Object
Major Type
Minor None
608 Struts: Non-private Field in ActionForm Class
Major Type
Minor None
611 Information Leak Through XML External Entity File Disclosure
Major Type
Minor None
612 Information Leak Through Insecure Indexing
Major Type
Minor None
613 Insufficient Session Expiration
Major Node_Relationship
Minor None
614 Unset Secure Attribute for Sensitive Cookies in HTTPS Session
Major Type, Observed_Example
Minor None
615 Information Leak Through Comments
Major Type
Minor None
616 Incomplete Identification of Uploaded File Variables (PHP)
Major Type
Minor None
617 Reachable Assertion
Major Type, Observed_Example, Node_Relationship
Minor None
618 Exposed Unsafe ActiveX Method
Major Type
Minor None
620 Unverified Password Change
Major Type
Minor None
622 Unvalidated Function Hook Arguments
Major Type
Minor None
623 Unsafe ActiveX Control Marked Safe For Scripting
Major Type
Minor None
626 Null Byte Interaction Error (Poison Null Byte)
Major Type
Minor None
628 Incorrectly Specified Arguments
Major Context_Notes
Minor None
629 Weaknesses in OWASP Top Ten
Major Type
Minor None
630 Weaknesses Examined by SAMATE
Major Type, References, Node_Relationship
Minor None
631 Resource-specific Weaknesses
Major Type
Minor None
632 Weaknesses that Affect Files or Directories
Major Type
Minor None
633 Weaknesses that Affect Memory
Major Type
Minor None
634 Weaknesses that Affect System Processes
Major Type
Minor None
635 Weaknesses Used by NVD
Major Type
Minor None
Back to top
Page Last Updated: January 05, 2017
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.