CWE - Differences between Version 2.0 and Version 2.1

Home > CWE List > Reports > Differences between Version 2.0 and Version 2.1

Differences between Version 2.0 and Version 2.1

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total (Version 2.1)	886
Total (Version 2.0)	870
Total new	16
Total deprecated	0
Total shared	870
Total important changes	118
Total major changes	133
Total minor changes	1
Total minor changes (no major)
Total unchanged	737

Summary of Entry Types

Type	Version 2.0	Version 2.1
Category	141	156
Chain	3	3
Composite	6	6
Deprecated	12	12
View	26	27
Weakness	682	682

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	0	0
Description	0	0
Applicable_Platforms	0	0
Time_of_Introduction	0	0
Demonstrative_Examples	0	1
Detection_Factors	1	0
Likelihood_of_Exploit	0	0
Common_Consequences	0	0
Relationships	118	0
References	31	0
Potential_Mitigations	35	0
Observed_Examples	0	0
Terminology_Notes	0	0
Alternate_Terms	0	0
Related_Attack_Patterns	0	0
Relationship_Notes	0	0
Taxonomy_Mappings	97	0
Maintenance_Notes	0	0
Modes_of_Introduction	0	0
Affected_Resources	0	0
Functional_Areas	0	0
Research_Gaps	0	0
Background_Details	0	0
Theoretical_Notes	0	0
Weakness_Ordinalities	0	0
White_Box_Definitions	0	0
Enabling_Factors_for_Exploitation	0	0
Other_Notes	1	0
Relevant_Properties	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Common_Methods_of_Exploitation	0	0
Type	0	0
Causal_Nature	0	0
Source_Taxonomy	0	0
Context_Notes	0	0
Black_Box_Definitions	0	0

Form and Abstraction Changes

From	To	Total
Unchanged		870

Status Changes

From	To	Total
Unchanged		870

Relationship Changes

The "Version 2.1 Total" lists the total number of relationships in Version 2.1. The "Shared" value is the total number of relationships in entries that were in both Version 2.1 and Version 2.0. The "New" value is the total number of relationships involving entries that did not exist in Version 2.0. Thus, the total number of relationships in Version 2.1 would combine stats from Shared entries and New entries.

Relationship	Version 2.1 Total	Version 2.0 Total	Version 2.1 Shared	Unchanged	Added to Version 2.1	Removed from Version 2.0	Version 2.1 New
ALL	5797	5487	5519	5485	34	2	278
ChildOf	2507	2367	2383	2366	17	1	124
ParentOf	2507	2367	2383	2366	17	1	124
MemberOf	155	140	140	140			15
HasMember	155	140	140	140			15
CanPrecede	113	113	113	113
CanFollow	113	113	113	113
StartsWith	3	3	3	3
Requires	19	19	19	19
RequiredBy	19	19	19	19
CanAlsoBe	34	34	34	34
PeerOf	172	172	172	172

Nodes Removed from Version 2.0

CWE-ID	CWE Name
None.

Nodes Added to Version 2.1

CWE-ID	CWE Name
868	Weaknesses Addressed by the CERT C++ Secure Coding Standard
869	CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
870	CERT C++ Secure Coding Section 02 - Declarations and Initialization (DCL)
871	CERT C++ Secure Coding Section 03 - Expressions (EXP)
872	CERT C++ Secure Coding Section 04 - Integers (INT)
873	CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP)
874	CERT C++ Secure Coding Section 06 - Arrays and the STL (ARR)
875	CERT C++ Secure Coding Section 07 - Characters and Strings (STR)
876	CERT C++ Secure Coding Section 08 - Memory Management (MEM)
877	CERT C++ Secure Coding Section 09 - Input Output (FIO)
878	CERT C++ Secure Coding Section 10 - Environment (ENV)
879	CERT C++ Secure Coding Section 11 - Signals (SIG)
880	CERT C++ Secure Coding Section 12 - Exceptions and Error Handling (ERR)
881	CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
882	CERT C++ Secure Coding Section 14 - Concurrency (CON)
883	CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)

Nodes Deprecated in Version 2.1

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

R	14	Compiler Removal of Code to Clear Buffers
R	20	Improper Input Validation
R	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R	36	Absolute Path Traversal
R	37	Path Traversal: '/absolute/pathname/here'
R	38	Path Traversal: '\absolute\pathname\here'
R	39	Path Traversal: 'C:dirname'
R	41	Improper Resolution of Path Equivalence
R	59	Improper Link Resolution Before File Access ('Link Following')
R	62	UNIX Hard Link
R	64	Windows Shortcut Following (.LNK)
R	65	Windows Hard Link
R	67	Improper Handling of Windows Device Names
R	73	External Control of File Name or Path
R	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R	88	Argument Injection or Modification
R	116	Improper Encoding or Escaping of Output
R	119	Improper Restriction of Operations within the Bounds of a Memory Buffer
R	120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R	128	Wrap-around Error
R	129	Improper Validation of Array Index
R	131	Incorrect Calculation of Buffer Size
R	134	Uncontrolled Format String
R	170	Improper Null Termination
R	176	Improper Handling of Unicode Encoding
R	190	Integer Overflow or Wraparound
R	192	Integer Coercion Error
R	193	Off-by-one Error
R	197	Numeric Truncation Error
R	209	Information Exposure Through an Error Message
R	226	Sensitive Information Uncleared Before Release
R	241	Improper Handling of Unexpected Data Type
R	244	Improper Clearing of Heap Memory Before Release ('Heap Inspection')
R	250	Execution with Unnecessary Privileges
R	252	Unchecked Return Value
R	276	Incorrect Default Permissions
R	279	Incorrect Execution-Assigned Permissions
R	306	Missing Authentication for Critical Function
R	307	Improper Restriction of Excessive Authentication Attempts
R	311	Missing Encryption of Sensitive Data
R	327	Use of a Broken or Risky Cryptographic Algorithm
R	330	Use of Insufficiently Random Values
R	362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R	366	Race Condition within a Thread
R	367	Time-of-check Time-of-use (TOCTOU) Race Condition
R	369	Divide By Zero
R	379	Creation of Temporary File in Directory with Incorrect Permissions
R	390	Detection of Error Condition Without Action
R	391	Unchecked Error Condition
R	403	Exposure of File Descriptor to Unintended Control Sphere
R	404	Improper Resource Shutdown or Release
R	415	Double Free
R	416	Use After Free
R	426	Untrusted Search Path
R	434	Unrestricted Upload of File with Dangerous Type
R	460	Improper Cleanup on Thrown Exception
R	462	Duplicate Key in Associative List (Alist)
R	464	Addition of Data Structure Sentinel
R	466	Return of Pointer Value Outside of Expected Range
R	467	Use of sizeof() on a Pointer Type
R	469	Use of Pointer Subtraction to Determine Size
R	476	NULL Pointer Dereference
R	479	Signal Handler Use of a Non-reentrant Function
R	480	Use of Incorrect Operator
R	482	Comparing instead of Assigning
R	485	Insufficient Encapsulation
R	488	Exposure of Data Element to Wrong Session
R	497	Exposure of System Data to an Unauthorized Control Sphere
R	528	Exposure of Core Dump File to an Unauthorized Control Sphere
R	544	Missing Standardized Error Handling Mechanism
R	552	Files or Directories Accessible to External Parties
R	561	Dead Code
R	563	Unused Variable
R	570	Expression is Always False
R	571	Expression is Always True
R	587	Assignment of a Fixed Address to a Pointer
R	590	Free of Memory not on the Heap
R	591	Sensitive Data Storage in Improperly Locked Memory
R	606	Unchecked Input for Loop Condition
R	662	Improper Synchronization
R	665	Improper Initialization
R	675	Duplicate Operations on Resource
R	676	Use of Potentially Dangerous Function
R	681	Incorrect Conversion between Numeric Types
R	682	Incorrect Calculation
R	686	Function Call With Incorrect Argument Type
R	687	Function Call With Incorrectly Specified Argument Value
R	690	Unchecked Return Value to NULL Pointer Dereference
R	697	Insufficient Comparison
R	703	Improper Check or Handling of Exceptional Conditions
R	704	Incorrect Type Conversion or Cast
R	705	Incorrect Control Flow Scoping
R	732	Incorrect Permission Assignment for Critical Resource
R	740	CERT C Secure Coding Section 06 - Arrays (ARR)
R	742	CERT C Secure Coding Section 08 - Memory Management (MEM)
R	743	CERT C Secure Coding Section 09 - Input Output (FIO)
R	754	Improper Check for Unusual or Exceptional Conditions
R	755	Improper Handling of Exceptional Conditions
R	759	Use of a One-Way Hash without a Salt
R	762	Mismatched Memory Management Routines
R	768	Incorrect Short Circuit Evaluation
R	770	Allocation of Resources Without Limits or Throttling
R	772	Missing Release of Resource after Effective Lifetime
R	798	Use of Hard-coded Credentials
R	805	Buffer Access with Incorrect Length Value
R	807	Reliance on Untrusted Inputs in a Security Decision
R	812	OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
R	813	OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
R	815	OWASP Top Ten 2010 Category A6 - Security Misconfiguration
R	816	OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
R	817	OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
R	818	OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
R	822	Untrusted Pointer Dereference
R	829	Inclusion of Functionality from Untrusted Control Sphere
R	859	CERT Java Secure Coding Section 14 - Platform Security (SEC)
R	860	CERT Java Secure Coding Section 15 - Runtime Environment (ENV)
R	862	Missing Authorization
R	863	Incorrect Authorization

Detailed Difference Report

14	Compiler Removal of Code to Clear Buffers
	Major	Relationships, Taxonomy_Mappings
	Minor	None
20	Improper Input Validation
	Major	Relationships, Taxonomy_Mappings
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
36	Absolute Path Traversal
	Major	Relationships, Taxonomy_Mappings
	Minor	None
37	Path Traversal: '/absolute/pathname/here'
	Major	Relationships, Taxonomy_Mappings
	Minor	None
38	Path Traversal: '\absolute\pathname\here'
	Major	Relationships, Taxonomy_Mappings
	Minor	None
39	Path Traversal: 'C:dirname'
	Major	Relationships, Taxonomy_Mappings
	Minor	None
41	Improper Resolution of Path Equivalence
	Major	Relationships, Taxonomy_Mappings
	Minor	None
59	Improper Link Resolution Before File Access ('Link Following')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
62	UNIX Hard Link
	Major	Relationships, Taxonomy_Mappings
	Minor	None
64	Windows Shortcut Following (.LNK)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
65	Windows Hard Link
	Major	Relationships, Taxonomy_Mappings
	Minor	None
67	Improper Handling of Windows Device Names
	Major	Relationships, Taxonomy_Mappings
	Minor	None
73	External Control of File Name or Path
	Major	Relationships, Taxonomy_Mappings
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
88	Argument Injection or Modification
	Major	Relationships, Taxonomy_Mappings
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Potential_Mitigations, References
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Relationships, Taxonomy_Mappings
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Relationships, Taxonomy_Mappings
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
128	Wrap-around Error
	Major	Relationships, Taxonomy_Mappings
	Minor	None
129	Improper Validation of Array Index
	Major	Relationships, Taxonomy_Mappings
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
134	Uncontrolled Format String
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
170	Improper Null Termination
	Major	Relationships, Taxonomy_Mappings
	Minor	None
176	Improper Handling of Unicode Encoding
	Major	Relationships, Taxonomy_Mappings
	Minor	None
190	Integer Overflow or Wraparound
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
192	Integer Coercion Error
	Major	Relationships, Taxonomy_Mappings
	Minor	None
193	Off-by-one Error
	Major	Relationships, Taxonomy_Mappings
	Minor	None
197	Numeric Truncation Error
	Major	Relationships, Taxonomy_Mappings
	Minor	None
209	Information Exposure Through an Error Message
	Major	Relationships, Taxonomy_Mappings
	Minor	None
226	Sensitive Information Uncleared Before Release
	Major	Relationships, Taxonomy_Mappings
	Minor	None
241	Improper Handling of Unexpected Data Type
	Major	Relationships, Taxonomy_Mappings
	Minor	None
244	Improper Clearing of Heap Memory Before Release ('Heap Inspection')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Potential_Mitigations, References, Relationships
	Minor	None
252	Unchecked Return Value
	Major	Relationships, Taxonomy_Mappings
	Minor	None
276	Incorrect Default Permissions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
279	Incorrect Execution-Assigned Permissions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
306	Missing Authentication for Critical Function
	Major	Potential_Mitigations, References, Relationships
	Minor	None
307	Improper Restriction of Excessive Authentication Attempts
	Major	Potential_Mitigations, References, Relationships
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Potential_Mitigations, Relationships
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
330	Use of Insufficiently Random Values
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
332	Insufficient Entropy in PRNG
	Major	Potential_Mitigations, References
	Minor	None
334	Small Space of Random Values
	Major	Potential_Mitigations, References
	Minor	None
336	Same Seed in PRNG
	Major	Potential_Mitigations, References
	Minor	None
337	Predictable Seed in PRNG
	Major	Potential_Mitigations, References
	Minor	None
339	Small Seed Space in PRNG
	Major	Potential_Mitigations, References
	Minor	None
341	Predictable from Observable State
	Major	Potential_Mitigations, References
	Minor	None
342	Predictable Exact Value from Previous Values
	Major	Potential_Mitigations, References
	Minor	None
343	Predictable Value Range from Previous Values
	Major	Potential_Mitigations, References
	Minor	None
344	Use of Invariant Value in Dynamically Changing Context
	Major	Potential_Mitigations, References
	Minor	None
352	Cross-Site Request Forgery (CSRF)
	Major	Potential_Mitigations, References
	Minor	None
359	Privacy Violation
	Major	Other_Notes, References
	Minor	None
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
366	Race Condition within a Thread
	Major	Relationships, Taxonomy_Mappings
	Minor	None
367	Time-of-check Time-of-use (TOCTOU) Race Condition
	Major	Relationships, Taxonomy_Mappings
	Minor	None
369	Divide By Zero
	Major	Relationships, Taxonomy_Mappings
	Minor	None
379	Creation of Temporary File in Directory with Incorrect Permissions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
390	Detection of Error Condition Without Action
	Major	Relationships, Taxonomy_Mappings
	Minor	None
391	Unchecked Error Condition
	Major	Relationships, Taxonomy_Mappings
	Minor	None
403	Exposure of File Descriptor to Unintended Control Sphere
	Major	Relationships, Taxonomy_Mappings
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Relationships, Taxonomy_Mappings
	Minor	None
415	Double Free
	Major	Relationships, Taxonomy_Mappings
	Minor	None
416	Use After Free
	Major	Relationships, Taxonomy_Mappings
	Minor	None
426	Untrusted Search Path
	Major	Relationships, Taxonomy_Mappings
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Potential_Mitigations, References, Relationships
	Minor	None
460	Improper Cleanup on Thrown Exception
	Major	Relationships, Taxonomy_Mappings
	Minor	None
462	Duplicate Key in Associative List (Alist)
	Major	Relationships, Taxonomy_Mappings
	Minor	None
464	Addition of Data Structure Sentinel
	Major	Relationships, Taxonomy_Mappings
	Minor	None
466	Return of Pointer Value Outside of Expected Range
	Major	Relationships, Taxonomy_Mappings
	Minor	None
467	Use of sizeof() on a Pointer Type
	Major	Relationships, Taxonomy_Mappings
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Relationships, Taxonomy_Mappings
	Minor	None
476	NULL Pointer Dereference
	Major	Relationships, Taxonomy_Mappings
	Minor	None
479	Signal Handler Use of a Non-reentrant Function
	Major	Relationships, Taxonomy_Mappings
	Minor	None
480	Use of Incorrect Operator
	Major	Relationships, Taxonomy_Mappings
	Minor	None
482	Comparing instead of Assigning
	Major	Relationships, Taxonomy_Mappings
	Minor	None
485	Insufficient Encapsulation
	Major	Relationships, Taxonomy_Mappings
	Minor	None
488	Exposure of Data Element to Wrong Session
	Major	Relationships, Taxonomy_Mappings
	Minor	None
494	Download of Code Without Integrity Check
	Major	Potential_Mitigations, References
	Minor	None
497	Exposure of System Data to an Unauthorized Control Sphere
	Major	Relationships, Taxonomy_Mappings
	Minor	None
528	Exposure of Core Dump File to an Unauthorized Control Sphere
	Major	Relationships, Taxonomy_Mappings
	Minor	None
544	Missing Standardized Error Handling Mechanism
	Major	Relationships, Taxonomy_Mappings
	Minor	None
552	Files or Directories Accessible to External Parties
	Major	Relationships, Taxonomy_Mappings
	Minor	None
561	Dead Code
	Major	Relationships, Taxonomy_Mappings
	Minor	None
563	Unused Variable
	Major	Relationships, Taxonomy_Mappings
	Minor	None
570	Expression is Always False
	Major	Relationships, Taxonomy_Mappings
	Minor	None
571	Expression is Always True
	Major	Relationships, Taxonomy_Mappings
	Minor	None
587	Assignment of a Fixed Address to a Pointer
	Major	Relationships, Taxonomy_Mappings
	Minor	None
590	Free of Memory not on the Heap
	Major	Relationships, Taxonomy_Mappings
	Minor	None
591	Sensitive Data Storage in Improperly Locked Memory
	Major	Relationships, Taxonomy_Mappings
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Potential_Mitigations, References
	Minor	None
606	Unchecked Input for Loop Condition
	Major	Relationships, Taxonomy_Mappings
	Minor	None
662	Improper Synchronization
	Major	Relationships, Taxonomy_Mappings
	Minor	None
665	Improper Initialization
	Major	Relationships, Taxonomy_Mappings
	Minor	None
675	Duplicate Operations on Resource
	Major	Relationships, Taxonomy_Mappings
	Minor	None
676	Use of Potentially Dangerous Function
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Demonstrative_Examples
681	Incorrect Conversion between Numeric Types
	Major	Relationships, Taxonomy_Mappings
	Minor	None
682	Incorrect Calculation
	Major	Relationships, Taxonomy_Mappings
	Minor	None
686	Function Call With Incorrect Argument Type
	Major	Relationships, Taxonomy_Mappings
	Minor	None
687	Function Call With Incorrectly Specified Argument Value
	Major	Relationships, Taxonomy_Mappings
	Minor	None
690	Unchecked Return Value to NULL Pointer Dereference
	Major	Relationships, Taxonomy_Mappings
	Minor	None
697	Insufficient Comparison
	Major	Relationships, Taxonomy_Mappings
	Minor	None
703	Improper Check or Handling of Exceptional Conditions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
704	Incorrect Type Conversion or Cast
	Major	Relationships, Taxonomy_Mappings
	Minor	None
705	Incorrect Control Flow Scoping
	Major	Relationships, Taxonomy_Mappings
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
740	CERT C Secure Coding Section 06 - Arrays (ARR)
	Major	Relationships
	Minor	None
742	CERT C Secure Coding Section 08 - Memory Management (MEM)
	Major	Relationships
	Minor	None
743	CERT C Secure Coding Section 09 - Input Output (FIO)
	Major	Relationships
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
755	Improper Handling of Exceptional Conditions
	Major	Relationships, Taxonomy_Mappings
	Minor	None
759	Use of a One-Way Hash without a Salt
	Major	Potential_Mitigations, References, Relationships
	Minor	None
762	Mismatched Memory Management Routines
	Major	Relationships, Taxonomy_Mappings
	Minor	None
768	Incorrect Short Circuit Evaluation
	Major	Relationships, Taxonomy_Mappings
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Relationships, Taxonomy_Mappings
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Relationships, Taxonomy_Mappings
	Minor	None
798	Use of Hard-coded Credentials
	Major	Potential_Mitigations, Relationships
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Relationships, Taxonomy_Mappings
	Minor	None
807	Reliance on Untrusted Inputs in a Security Decision
	Major	Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
812	OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
	Major	Relationships
	Minor	None
813	OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
	Major	Relationships
	Minor	None
815	OWASP Top Ten 2010 Category A6 - Security Misconfiguration
	Major	Relationships
	Minor	None
816	OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
	Major	Relationships
	Minor	None
817	OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
	Major	Relationships
	Minor	None
818	OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
	Major	Relationships
	Minor	None
822	Untrusted Pointer Dereference
	Major	Relationships, Taxonomy_Mappings
	Minor	None
829	Inclusion of Functionality from Untrusted Control Sphere
	Major	Potential_Mitigations, References, Relationships
	Minor	None
859	CERT Java Secure Coding Section 14 - Platform Security (SEC)
	Major	Relationships
	Minor	None
860	CERT Java Secure Coding Section 15 - Runtime Environment (ENV)
	Major	Relationships
	Minor	None
862	Missing Authorization
	Major	Potential_Mitigations, References, Relationships
	Minor	None
863	Incorrect Authorization
	Major	Potential_Mitigations, References, Relationships
	Minor	None

Page Last Updated: January 05, 2017


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration