CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 3.1 and Version 3.2  
ID

Differences between Version 3.1 and Version 3.2

Summary
Summary
Total weaknesses/chains/composites (Version 3.2) 806
Total weaknesses/chains/composites (Version 3.1) 716
Total new 137
Total deprecated 1
Total with major changes 304
Total with only minor changes 2
Total unchanged 733

Summary of Entry Types

Type Version 3.1 Version 3.2
Weakness 716 806
Category 247 289
View 32 36
Deprecated 45 46
Total 1040 1177

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 39 0
Description 49 3
Applicable_Platforms 2 0
Time_of_Introduction 1 0
Demonstrative_Examples 5 0
Detection_Factors 0 0
Likelihood_of_Exploit 1 0
Common_Consequences 8 2
Relationships 187 0
References 64 0
Potential_Mitigations 2 0
Observed_Examples 0 0
Terminology_Notes 0 0
Alternate_Terms 3 0
Related_Attack_Patterns 44 0
Relationship_Notes 1 0
Taxonomy_Mappings 139 0
Maintenance_Notes 2 0
Modes_of_Introduction 0 0
Research_Gaps 0 0
Background_Details 0 0
Theoretical_Notes 5 0
Weakness_Ordinalities 23 0
Other_Notes 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 3 0
View_Audience 1 0
Type 3 0
Source_Taxonomy 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1037
Weakness/Base Deprecated 1 769
Weakness/Base Weakness/Class 1 404
Weakness/Base Weakness/Variant 1 401

Status Changes

From To Total
Unchanged 952
Draft Obsolete 1
Incomplete Deprecated 1
Incomplete Obsolete 86

Relationship Changes

The "Version 3.2 Total" lists the total number of relationships in Version 3.2. The "Shared" value is the total number of relationships in entries that were in both Version 3.2 and Version 3.1. The "New" value is the total number of relationships involving entries that did not exist in Version 3.1. Thus, the total number of relationships in Version 3.2 would combine stats from Shared entries and New entries.

Relationship Version 3.2 Total Version 3.1 Total Version 3.2 Shared Unchanged Added to Version 3.2 Removed from Version 3.1 Version 3.2 New
ALL 9267 8227 8143 8117 26 110 1124
ChildOf 4009 3528 3490 3478 12 50 519
ParentOf 4009 3528 3490 3478 12 50 519
MemberOf 401 359 359 359 42
HasMember 401 359 359 359 42
CanPrecede 127 130 127 126 1 4
CanFollow 127 130 127 126 1 4
StartsWith 3 3 3 3
Requires 14 14 14 14
RequiredBy 14 14 14 14
CanAlsoBe 30 32 30 30 2
PeerOf 132 130 130 130 2

Nodes Removed from Version 3.1

CWE-ID CWE Name
None.

Nodes Added to Version 3.2

CWE-ID CWE Name
1040 Quality Weaknesses with Indirect Security Impacts
1041 Use of Redundant Code
1042 Static Member Data Element outside of a Singleton Class Element
1043 Data Element Aggregating an Excessively Large Number of Non-Primitive Elements
1044 Architecture with Number of Horizontal Layers Outside of Expected Range
1045 Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
1046 Creation of Immutable Text Using String Concatenation
1047 Modules with Circular Dependencies
1048 Invokable Control Element with Large Number of Outward Calls
1049 Excessive Data Query Operations in a Large Data Table
1050 Excessive Platform Resource Consumption within a Loop
1051 Initialization with Hard-Coded Network Resource Configuration Data
1052 Excessive Use of Hard-Coded Literals in Initialization
1053 Missing Documentation for Design
1054 Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer
1055 Multiple Inheritance from Concrete Classes
1056 Invokable Control Element with Variadic Parameters
1057 Data Access Operations Outside of Expected Data Manager Component
1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element
1059 Incomplete Documentation
1060 Excessive Number of Inefficient Server-Side Data Accesses
1061 Insufficient Encapsulation
1062 Parent Class with References to Child Class
1063 Creation of Class Instance within a Static Code Block
1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters
1065 Runtime Resource Management Control Element in a Component Built to Run on Application Servers
1066 Missing Serialization Control Element
1067 Excessive Execution of Sequential Searches of Data Resource
1068 Inconsistency Between Implementation and Documented Design
1069 Empty Exception Block
1070 Serializable Data Element Containing non-Serializable Item Elements
1071 Empty Code Block
1072 Data Resource Access without Use of Connection Pooling
1073 Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses
1074 Class with Excessively Deep Inheritance
1075 Unconditional Control Flow Transfer outside of Switch Block
1076 Insufficient Adherence to Expected Conventions
1077 Floating Point Comparison with Incorrect Operator
1078 Inappropriate Source Code Style or Formatting
1079 Parent Class without Virtual Destructor Method
1080 Source Code File with Excessive Number of Lines of Code
1082 Class Instance Self Destruction Control Element
1083 Data Access from Outside Expected Data Manager Component
1084 Invokable Control Element with Excessive File or Data Access Operations
1085 Invokable Control Element with Excessive Volume of Commented-out Code
1086 Class with Excessive Number of Child Classes
1087 Class with Virtual Method without a Virtual Destructor
1088 Synchronous Access of Remote Resource without Timeout
1089 Large Data Table with Excessive Number of Indices
1090 Method Containing Access of a Member Element from Another Class
1091 Use of Object without Invoking Destructor Method
1092 Use of Same Invokable Control Element in Multiple Architectural Layers
1093 Excessively Complex Data Representation
1094 Excessive Index Range Scan for a Data Resource
1095 Loop Condition Value Update within the Loop
1096 Singleton Class Instance Creation without Proper Locking or Synchronization
1097 Persistent Storable Data Element without Associated Comparison Control Element
1098 Data Element containing Pointer Item without Proper Copy Control Element
1099 Inconsistent Naming Conventions for Identifiers
1100 Insufficient Isolation of System-Dependent Functions
1101 Reliance on Runtime Component in Generated Code
1102 Reliance on Machine-Dependent Data Representation
1103 Use of Platform-Dependent Third Party Components
1104 Use of Unmaintained Third Party Components
1105 Insufficient Encapsulation of Machine-Dependent Functionality
1106 Insufficient Use of Symbolic Constants
1107 Insufficient Isolation of Symbolic Constant Definitions
1108 Excessive Reliance on Global Variables
1109 Use of Same Variable for Multiple Purposes
1110 Incomplete Design Documentation
1111 Incomplete I/O Documentation
1112 Incomplete Documentation of Program Execution
1113 Inappropriate Comment Style
1114 Inappropriate Whitespace Style
1115 Source Code Element without Standard Prologue
1116 Inaccurate Comments
1117 Callable with Insufficient Behavioral Summary
1118 Insufficient Documentation of Error Handling Techniques
1119 Excessive Use of Unconditional Branching
1120 Excessive Code Complexity
1121 Excessive McCabe Cyclomatic Complexity
1122 Excessive Halstead Complexity
1123 Excessive Use of Self-Modifying Code
1124 Excessively Deep Nesting
1125 Excessive Attack Surface
1126 Declaration of Variable with Unnecessarily Wide Scope
1127 Compilation with Insufficient Warnings or Errors
1128 CISQ Quality Measures (2016)
1129 CISQ Quality Measures - Reliability
1130 CISQ Quality Measures - Maintainability
1131 CISQ Quality Measures - Security
1132 CISQ Quality Measures - Performance
1133 Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java
1134 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 00. Input Validation and Data Sanitization (IDS)
1135 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 01. Declarations and Initialization (DCL)
1136 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 02. Expressions (EXP)
1137 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
1138 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 04. Characters and Strings (STR)
1139 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 05. Object Orientation (OBJ)
1140 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
1141 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
1142 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 08. Visibility and Atomicity (VNA)
1143 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 09. Locking (LCK)
1144 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 10. Thread APIs (THI)
1145 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 11. Thread Pools (TPS)
1146 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 12. Thread-Safety Miscellaneous (TSM)
1147 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
1148 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 14. Serialization (SER)
1149 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
1150 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)
1151 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 17. Java Native Interface (JNI)
1152 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 49. Miscellaneous (MSC)
1153 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 50. Android (DRD)
1154 Weaknesses Addressed by the SEI CERT C Coding Standard
1155 SEI CERT C Coding Standard - Guidelines 01. Preprocessor (PRE)
1156 SEI CERT C Coding Standard - Guidelines 02. Declarations and Initialization (DCL)
1157 SEI CERT C Coding Standard - Guidelines 03. Expressions (EXP)
1158 SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
1159 SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP)
1160 SEI CERT C Coding Standard - Guidelines 06. Arrays (ARR)
1161 SEI CERT C Coding Standard - Guidelines 07. Characters and Strings (STR)
1162 SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
1163 SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
1164 Irrelevant Code
1165 SEI CERT C Coding Standard - Guidelines 10. Environment (ENV)
1166 SEI CERT C Coding Standard - Guidelines 11. Signals (SIG)
1167 SEI CERT C Coding Standard - Guidelines 12. Error Handling (ERR)
1168 SEI CERT C Coding Standard - Guidelines 13. Application Programming Interfaces (API)
1169 SEI CERT C Coding Standard - Guidelines 14. Concurrency (CON)
1170 SEI CERT C Coding Standard - Guidelines 48. Miscellaneous (MSC)
1171 SEI CERT C Coding Standard - Guidelines 50. POSIX (POS)
1172 SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)
1173 Improper Use of Validation Framework
1174 ASP.NET Misconfiguration: Improper Model Validation
1175 SEI CERT Oracle Secure Coding Standard for Java - Guidelines 18. Concurrency (CON)
1176 Inefficient CPU Computation
1177 Use of Prohibited Code

Nodes Deprecated in Version 3.2

CWE-ID CWE Name
769 DEPRECATED: Uncontrolled File Descriptor Consumption
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 20 Improper Input Validation
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 67 Improper Handling of Windows Device Names
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 88 Argument Injection or Modification
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 99 Improper Control of Resource Identifiers ('Resource Injection')
R 102 Struts: Duplicate Validation Forms
R 105 Struts: Form Field Without Validator
R 106 Struts: Plug-in Framework not in Use
R 108 Struts: Unvalidated Action Form
R 109 Struts: Validator Turned Off
R 111 Direct Use of Unsafe JNI
R 112 Missing XML Validation
R 116 Improper Encoding or Escaping of Output
R 117 Improper Output Neutralization for Logs
R 119 Improper Restriction of Operations within the Bounds of a Memory Buffer
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R 121 Stack-based Buffer Overflow
R 122 Heap-based Buffer Overflow
R 123 Write-what-where Condition
R 125 Out-of-bounds Read
R 129 Improper Validation of Array Index
R 131 Incorrect Calculation of Buffer Size
R 134 Use of Externally-Controlled Format String
R 144 Improper Neutralization of Line Delimiters
R 150 Improper Neutralization of Escape, Meta, or Control Sequences
R 170 Improper Null Termination
R 171 Cleansing, Canonicalization, and Comparison Errors
R 180 Incorrect Behavior Order: Validate Before Canonicalize
R 182 Collapse of Data into Unsafe Value
D 186 Overly Restrictive Regular Expression
R 187 Partial String Comparison
D R 188 Reliance on Data/Memory Layout
R 189 Numeric Errors
R 190 Integer Overflow or Wraparound
R 191 Integer Underflow (Wrap or Wraparound)
R 192 Integer Coercion Error
R 194 Unexpected Sign Extension
R 195 Signed to Unsigned Conversion Error
R 197 Numeric Truncation Error
R 198 Use of Incorrect Byte Ordering
R 227 7PK - API Abuse
R 241 Improper Handling of Unexpected Data Type
R 242 Use of Inherently Dangerous Function
R 248 Uncaught Exception
R 252 Unchecked Return Value
R 253 Incorrect Check of Function Return Value
R 259 Use of Hard-coded Password
R 266 Incorrect Privilege Assignment
R 272 Least Privilege Violation
R 273 Improper Check for Dropped Privileges
R 276 Incorrect Default Permissions
R 279 Incorrect Execution-Assigned Permissions
R 283 Unverified Ownership
R 289 Authentication Bypass by Alternate Name
R 311 Missing Encryption of Sensitive Data
R 319 Cleartext Transmission of Sensitive Information
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 330 Use of Insufficiently Random Values
R 331 Insufficient Entropy
R 332 Insufficient Entropy in PRNG
R 336 Same Seed in Pseudo-Random Number Generator (PRNG)
R 337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
R 338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
R 349 Acceptance of Extraneous Untrusted Data With Trusted Data
R 359 Exposure of Private Information ('Privacy Violation')
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 363 Race Condition Enabling Link Following
R 365 Race Condition in Switch
R 366 Race Condition within a Thread
R 369 Divide By Zero
R 374 Passing Mutable Objects to an Untrusted Method
R 375 Returning a Mutable Object to an Untrusted Caller
R 377 Insecure Temporary File
R 382 J2EE Bad Practices: Use of System.exit()
R 391 Unchecked Error Condition
R 392 Missing Report of Error Condition
R 396 Declaration of Catch for Generic Exception
R 397 Declaration of Throws for Generic Exception
R 399 Resource Management Errors
DNR 400 Uncontrolled Resource Consumption
NR 401 Improper Release of Memory Before Removing Last Reference
R 404 Improper Resource Shutdown or Release
R 405 Asymmetric Resource Consumption (Amplification)
R 409 Improper Handling of Highly Compressed Data (Data Amplification)
R 410 Insufficient Resource Pool
R 412 Unrestricted Externally Accessible Lock
R 413 Improper Resource Locking
R 415 Double Free
R 416 Use After Free
R 434 Unrestricted Upload of File with Dangerous Type
R 452 Initialization and Cleanup Errors
R 456 Missing Initialization of a Variable
R 459 Incomplete Cleanup
R 460 Improper Cleanup on Thrown Exception
R 467 Use of sizeof() on a Pointer Type
R 468 Incorrect Pointer Scaling
R 469 Use of Pointer Subtraction to Determine Size
R 474 Use of Function with Inconsistent Implementations
R 476 NULL Pointer Dereference
R 478 Missing Default Case in Switch Statement
R 479 Signal Handler Use of a Non-reentrant Function
R 480 Use of Incorrect Operator
R 481 Assigning instead of Comparing
R 486 Comparison of Classes by Name
R 491 Public cloneable() Method Without Final ('Object Hijack')
R 492 Use of Inner Class Containing Sensitive Data
DN 495 Private Data Structure Returned From A Public Method
R 498 Cloneable Class Containing Sensitive Information
R 499 Serializable Class Containing Sensitive Data
R 500 Public Static Field Not Marked Final
R 502 Deserialization of Untrusted Data
R 532 Information Exposure Through Log Files
R 546 Suspicious Comment
R 547 Use of Hard-coded, Security-relevant Constants
R 554 ASP.NET Misconfiguration: Not Using Input Validation Framework
R 561 Dead Code
R 562 Return of Stack Variable Address
R 563 Assignment to Variable without Use
R 567 Unsynchronized Access to Shared Data in a Multithreaded Context
R 568 finalize() Method Without super.finalize()
R 572 Call to Thread run() instead of start()
R 573 Improper Following of Specification by Caller
R 581 Object Model Violation: Just One of Equals and Hashcode Defined
R 583 finalize() Method Declared Public
R 584 Return Inside Finally Block
R 585 Empty Synchronized Block
R 586 Explicit Call to Finalize()
R 587 Assignment of a Fixed Address to a Pointer
R 589 Call to Non-ubiquitous API
R 590 Free of Memory not on the Heap
R 595 Comparison of Object References Instead of Object Contents
R 597 Use of Wrong Operator in String Comparison
R 606 Unchecked Input for Loop Condition
R 609 Double-Checked Locking
R 617 Reachable Assertion
R 628 Function Call with Incorrectly Specified Arguments
D 629 Weaknesses in OWASP Top Ten (2007)
R 647 Use of Non-Canonical URL Paths for Authorization Decisions
R 662 Improper Synchronization
R 664 Improper Control of a Resource Through its Lifetime
R 665 Improper Initialization
R 666 Operation on Resource in Wrong Phase of Lifetime
R 667 Improper Locking
R 668 Exposure of Resource to Wrong Sphere
R 672 Operation on a Resource after Expiration or Release
R 674 Uncontrolled Recursion
R 676 Use of Potentially Dangerous Function
R 680 Integer Overflow to Buffer Overflow
R 681 Incorrect Conversion between Numeric Types
R 682 Incorrect Calculation
R 685 Function Call With Incorrect Number of Arguments
R 686 Function Call With Incorrect Argument Type
R 690 Unchecked Return Value to NULL Pointer Dereference
R 696 Incorrect Behavior Order
R 697 Incorrect Comparison
R 703 Improper Check or Handling of Exceptional Conditions
R 704 Incorrect Type Conversion or Cast
R 705 Incorrect Control Flow Scoping
R 710 Improper Adherence to Coding Standards
D 711 Weaknesses in OWASP Top Ten (2004)
R 732 Incorrect Permission Assignment for Critical Resource
DN 734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
DN 735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
DN 736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
DN 737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
DN 738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
DN 739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
DN 740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
DN 741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
DN 742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
DN 743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
DN 744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
DN 745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
DN 746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
DN 747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
DNR 748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
D 750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
R 754 Improper Check for Unusual or Exceptional Conditions
R 758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
R 762 Mismatched Memory Management Routines
DNR 766 Critical Data Element Declared Public
DNR 769 DEPRECATED: Uncontrolled File Descriptor Consumption
D R 770 Allocation of Resources Without Limits or Throttling
R 771 Missing Reference to Active Allocated Resource
R 772 Missing Release of Resource after Effective Lifetime
R 773 Missing Reference to Active File Descriptor or Handle
R 774 Allocation of File Descriptors or Handles Without Limits or Throttling
R 775 Missing Release of File Descriptor or Handle after Effective Lifetime
R 786 Access of Memory Location Before Start of Buffer
R 788 Access of Memory Location After End of Buffer
R 789 Uncontrolled Memory Allocation
R 798 Use of Hard-coded Credentials
D 800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
R 805 Buffer Access with Incorrect Length Value
D 809 Weaknesses in OWASP Top Ten (2010)
R 820 Missing Synchronization
R 821 Incorrect Synchronization
R 835 Loop with Unreachable Exit Condition ('Infinite Loop')
R 838 Inappropriate Encoding for Output Context
R 839 Numeric Range Comparison Without Minimum Check
R 843 Access of Resource Using Incompatible Type ('Type Confusion')
DN 844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
DN 845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
DN 846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
DN 847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
DN 848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
DN 849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
DN 850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
DN 851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
DN 852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
DN 853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
DN 854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
DN 855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
DN 856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
DN 857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
DN 858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
DN 859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
DN 860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
DN 861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
DN 868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
R 908 Use of Uninitialized Resource
R 910 Use of Expired File Descriptor
D 916 Use of Password Hash With Insufficient Computational Effort
D 928 Weaknesses in OWASP Top Ten (2013)
R 1006 Bad Coding Practices
D 1007 Insufficient Visual Distinction of Homoglyphs Presented to User
R 1023 Incomplete Comparison with Missing Factors
Detailed Difference Report
Detailed Difference Report
15 External Control of System or Configuration Setting
Major Related_Attack_Patterns
Minor None
20 Improper Input Validation
Major Related_Attack_Patterns, Relationships
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Taxonomy_Mappings
Minor None
64 Windows Shortcut Following (.LNK)
Major Related_Attack_Patterns
Minor None
67 Improper Handling of Windows Device Names
Major Relationships, Taxonomy_Mappings
Minor None
69 Improper Handling of Windows ::DATA Alternate Data Stream
Major Related_Attack_Patterns
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Related_Attack_Patterns
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Taxonomy_Mappings
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major References, Relationships, Taxonomy_Mappings
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major References, Relationships, Taxonomy_Mappings
Minor None
88 Argument Injection or Modification
Major Relationships
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major References, Relationships, Taxonomy_Mappings
Minor None
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Taxonomy_Mappings
Minor None
99 Improper Control of Resource Identifiers ('Resource Injection')
Major References, Relationships, Taxonomy_Mappings
Minor None
102 Struts: Duplicate Validation Forms
Major Relationships
Minor None
105 Struts: Form Field Without Validator
Major Relationships
Minor None
106 Struts: Plug-in Framework not in Use
Major Relationships
Minor None
108 Struts: Unvalidated Action Form
Major Relationships
Minor None
109 Struts: Validator Turned Off
Major Relationships
Minor None
111 Direct Use of Unsafe JNI
Major Relationships, Taxonomy_Mappings
Minor None
112 Missing XML Validation
Major Relationships
Minor None
116 Improper Encoding or Escaping of Output
Major Relationships, Taxonomy_Mappings
Minor None
117 Improper Output Neutralization for Logs
Major Relationships, Taxonomy_Mappings
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major Relationships
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major References, Relationships, Taxonomy_Mappings
Minor None
121 Stack-based Buffer Overflow
Major Relationships
Minor None
122 Heap-based Buffer Overflow
Major Relationships
Minor None
123 Write-what-where Condition
Major Relationships
Minor None
125 Out-of-bounds Read
Major Relationships
Minor None
129 Improper Validation of Array Index
Major References, Relationships, Taxonomy_Mappings
Minor None
131 Incorrect Calculation of Buffer Size
Major Relationships
Minor None
134 Use of Externally-Controlled Format String
Major References, Relationships, Taxonomy_Mappings
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major Taxonomy_Mappings
Minor None
144 Improper Neutralization of Line Delimiters
Major Relationships, Taxonomy_Mappings
Minor None
150 Improper Neutralization of Escape, Meta, or Control Sequences
Major Relationships, Taxonomy_Mappings
Minor None
162 Improper Neutralization of Trailing Special Elements
Major Related_Attack_Patterns
Minor None
170 Improper Null Termination
Major Relationships
Minor Common_Consequences
171 Cleansing, Canonicalization, and Comparison Errors
Major Relationships, Taxonomy_Mappings
Minor None
172 Encoding Error
Major Related_Attack_Patterns
Minor None
173 Improper Handling of Alternate Encoding
Major Related_Attack_Patterns
Minor None
177 Improper Handling of URL Encoding (Hex Encoding)
Major Related_Attack_Patterns
Minor None
180 Incorrect Behavior Order: Validate Before Canonicalize
Major Relationships, Taxonomy_Mappings
Minor None
181 Incorrect Behavior Order: Validate Before Filter
Major Related_Attack_Patterns
Minor None
182 Collapse of Data into Unsafe Value
Major Relationships, Taxonomy_Mappings
Minor None
183 Permissive Whitelist
Major Related_Attack_Patterns
Minor None
184 Incomplete Blacklist
Major Related_Attack_Patterns
Minor None
186 Overly Restrictive Regular Expression
Major Description
Minor None
187 Partial String Comparison
Major Relationships
Minor None
188 Reliance on Data/Memory Layout
Major Description, Relationships
Minor None
189 Numeric Errors
Major Relationships, Taxonomy_Mappings
Minor None
190 Integer Overflow or Wraparound
Major Relationships
Minor None
191 Integer Underflow (Wrap or Wraparound)
Major Relationships
Minor None
192 Integer Coercion Error
Major Relationships
Minor None
194 Unexpected Sign Extension
Major Relationships
Minor None
195 Signed to Unsigned Conversion Error
Major Relationships
Minor None
197 Numeric Truncation Error
Major Relationships, Taxonomy_Mappings
Minor None
198 Use of Incorrect Byte Ordering
Major Relationships, Taxonomy_Mappings
Minor None
200 Information Exposure
Major Related_Attack_Patterns
Minor Description
209 Information Exposure Through an Error Message
Major Taxonomy_Mappings
Minor None
227 7PK - API Abuse
Major Relationships
Minor None
230 Improper Handling of Missing Values
Major Taxonomy_Mappings
Minor None
232 Improper Handling of Undefined Values
Major Taxonomy_Mappings
Minor None
241 Improper Handling of Unexpected Data Type
Major Relationships
Minor None
242 Use of Inherently Dangerous Function
Major Relationships
Minor None
248 Uncaught Exception
Major Relationships, Taxonomy_Mappings
Minor None
250 Execution with Unnecessary Privileges
Major Taxonomy_Mappings
Minor None
252 Unchecked Return Value
Major References, Relationships, Taxonomy_Mappings
Minor None
253 Incorrect Check of Function Return Value
Major Relationships
Minor None
259 Use of Hard-coded Password
Major Relationships, Taxonomy_Mappings
Minor None
266 Incorrect Privilege Assignment
Major Relationships, Taxonomy_Mappings
Minor None
267 Privilege Defined With Unsafe Actions
Major Related_Attack_Patterns
Minor None
272 Least Privilege Violation
Major Relationships, Taxonomy_Mappings
Minor None
273 Improper Check for Dropped Privileges
Major Relationships
Minor None
276 Incorrect Default Permissions
Major Relationships, Taxonomy_Mappings
Minor None
279 Incorrect Execution-Assigned Permissions
Major Relationships, Taxonomy_Mappings
Minor None
283 Unverified Ownership
Major Relationships
Minor Common_Consequences
284 Improper Access Control
Major Related_Attack_Patterns
Minor None
285 Improper Authorization
Major Related_Attack_Patterns
Minor None
287 Improper Authentication
Major Related_Attack_Patterns
Minor None
289 Authentication Bypass by Alternate Name
Major Relationships, Taxonomy_Mappings
Minor None
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Major Taxonomy_Mappings
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Taxonomy_Mappings
Minor None
306 Missing Authentication for Critical Function
Major Related_Attack_Patterns
Minor None
311 Missing Encryption of Sensitive Data
Major Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
319 Cleartext Transmission of Sensitive Information
Major Relationships, Taxonomy_Mappings
Minor None
326 Inadequate Encryption Strength
Major Related_Attack_Patterns
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major References, Relationships, Taxonomy_Mappings
Minor None
330 Use of Insufficiently Random Values
Major Relationships, Taxonomy_Mappings
Minor None
331 Insufficient Entropy
Major Relationships
Minor None
332 Insufficient Entropy in PRNG
Major Relationships, Taxonomy_Mappings
Minor None
333 Improper Handling of Insufficient Entropy in TRNG
Major Taxonomy_Mappings
Minor None
336 Same Seed in Pseudo-Random Number Generator (PRNG)
Major Relationships, Taxonomy_Mappings
Minor None
337 Predictable Seed in Pseudo-Random Number Generator (PRNG)
Major Relationships, Taxonomy_Mappings
Minor None
338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Major Relationships
Minor None
347 Improper Verification of Cryptographic Signature
Major Taxonomy_Mappings
Minor None
349 Acceptance of Extraneous Untrusted Data With Trusted Data
Major Relationships, Taxonomy_Mappings
Minor None
359 Exposure of Private Information ('Privacy Violation')
Major Relationships, Taxonomy_Mappings
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Relationships, Taxonomy_Mappings
Minor None
363 Race Condition Enabling Link Following
Major Relationships
Minor None
365 Race Condition in Switch
Major Relationships, Taxonomy_Mappings
Minor None
366 Race Condition within a Thread
Major Relationships, Taxonomy_Mappings
Minor None
369 Divide By Zero
Major Relationships, Taxonomy_Mappings
Minor None
374 Passing Mutable Objects to an Untrusted Method
Major Relationships, Taxonomy_Mappings
Minor None
375 Returning a Mutable Object to an Untrusted Caller
Major Relationships, Taxonomy_Mappings
Minor None
377 Insecure Temporary File
Major Relationships, Taxonomy_Mappings
Minor None
382 J2EE Bad Practices: Use of System.exit()
Major Relationships, Taxonomy_Mappings
Minor None
390 Detection of Error Condition Without Action
Major Related_Attack_Patterns, Taxonomy_Mappings
Minor None
391 Unchecked Error Condition
Major Relationships, Taxonomy_Mappings
Minor None
392 Missing Report of Error Condition
Major Relationships, Taxonomy_Mappings
Minor None
394 Unexpected Status Code or Return Value
Major Taxonomy_Mappings
Minor None
395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
Major Taxonomy_Mappings
Minor None
396 Declaration of Catch for Generic Exception
Major References, Relationships, Taxonomy_Mappings
Minor None
397 Declaration of Throws for Generic Exception
Major Applicable_Platforms, Demonstrative_Examples, References, Relationships, Taxonomy_Mappings
Minor None
399 Resource Management Errors
Major Relationships
Minor None
400 Uncontrolled Resource Consumption
Major Alternate_Terms, Description, Name, Relationships, Taxonomy_Mappings, Theoretical_Notes
Minor None
401 Improper Release of Memory Before Removing Last Reference
Major Common_Consequences, Demonstrative_Examples, Name, References, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities
Minor None
404 Improper Resource Shutdown or Release
Major Relationships, Taxonomy_Mappings, Type
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Relationships, Taxonomy_Mappings
Minor None
409 Improper Handling of Highly Compressed Data (Data Amplification)
Major Relationships, Taxonomy_Mappings
Minor None
410 Insufficient Resource Pool
Major Relationships, Taxonomy_Mappings
Minor None
412 Unrestricted Externally Accessible Lock
Major Relationships, Taxonomy_Mappings
Minor None
413 Improper Resource Locking
Major Relationships, Taxonomy_Mappings
Minor None
415 Double Free
Major Relationships
Minor None
416 Use After Free
Major Relationships
Minor None
426 Untrusted Search Path
Major Related_Attack_Patterns
Minor None
427 Uncontrolled Search Path Element
Major Related_Attack_Patterns
Minor None
428 Unquoted Search Path or Element
Major Applicable_Platforms, Related_Attack_Patterns
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major References, Relationships, Taxonomy_Mappings
Minor None
452 Initialization and Cleanup Errors
Major Relationships
Minor None
456 Missing Initialization of a Variable
Major References, Relationships, Taxonomy_Mappings
Minor None
457 Use of Uninitialized Variable
Major Taxonomy_Mappings
Minor None
459 Incomplete Cleanup
Major Relationships, Taxonomy_Mappings
Minor None
460 Improper Cleanup on Thrown Exception
Major Relationships, Taxonomy_Mappings
Minor None
467 Use of sizeof() on a Pointer Type
Major Relationships
Minor None
468 Incorrect Pointer Scaling
Major Relationships
Minor None
469 Use of Pointer Subtraction to Determine Size
Major Relationships
Minor None
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Major Taxonomy_Mappings
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Related_Attack_Patterns
Minor None
474 Use of Function with Inconsistent Implementations
Major Relationships, Weakness_Ordinalities
Minor None
475 Undefined Behavior for Input to API
Major Weakness_Ordinalities
Minor None
476 NULL Pointer Dereference
Major Relationships
Minor None
477 Use of Obsolete Function
Major Taxonomy_Mappings, Weakness_Ordinalities
Minor None
478 Missing Default Case in Switch Statement
Major Relationships
Minor None
479 Signal Handler Use of a Non-reentrant Function
Major Relationships, Taxonomy_Mappings
Minor None
480 Use of Incorrect Operator
Major Relationships
Minor None
481 Assigning instead of Comparing
Major Relationships
Minor None
483 Incorrect Block Delimitation
Major Weakness_Ordinalities
Minor None
484 Omitted Break Statement in Switch
Major Weakness_Ordinalities
Minor None
486 Comparison of Classes by Name
Major Relationships, Taxonomy_Mappings
Minor None
487 Reliance on Package-level Scope
Major Taxonomy_Mappings
Minor None
489 Leftover Debug Code
Major Weakness_Ordinalities
Minor None
491 Public cloneable() Method Without Final ('Object Hijack')
Major Relationships, Taxonomy_Mappings
Minor None
492 Use of Inner Class Containing Sensitive Data
Major Relationships, Taxonomy_Mappings
Minor None
493 Critical Public Variable Without Final Modifier
Major Taxonomy_Mappings
Minor None
494 Download of Code Without Integrity Check
Major Taxonomy_Mappings
Minor None
495 Private Data Structure Returned From A Public Method
Major Common_Consequences, Demonstrative_Examples, Description, Name, Potential_Mitigations
Minor None
497 Exposure of System Data to an Unauthorized Control Sphere
Major Taxonomy_Mappings
Minor None
498 Cloneable Class Containing Sensitive Information
Major Relationships, Taxonomy_Mappings
Minor None
499 Serializable Class Containing Sensitive Data
Major Relationships, Taxonomy_Mappings
Minor None
500 Public Static Field Not Marked Final
Major Relationships, Taxonomy_Mappings
Minor None
502 Deserialization of Untrusted Data
Major Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
522 Insufficiently Protected Credentials
Major Related_Attack_Patterns
Minor None
532 Information Exposure Through Log Files
Major Relationships, Taxonomy_Mappings
Minor None
543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Major Taxonomy_Mappings
Minor None
546 Suspicious Comment
Major Relationships, Weakness_Ordinalities
Minor None
547 Use of Hard-coded, Security-relevant Constants
Major Relationships, Weakness_Ordinalities
Minor None
552 Files or Directories Accessible to External Parties
Major Related_Attack_Patterns
Minor None
553 Command Shell in Externally Accessible Directory
Major Related_Attack_Patterns
Minor None
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
Major Relationships, Weakness_Ordinalities
Minor None
561 Dead Code
Major Common_Consequences, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
562 Return of Stack Variable Address
Major Relationships, Weakness_Ordinalities
Minor None
563 Assignment to Variable without Use
Major Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
567 Unsynchronized Access to Shared Data in a Multithreaded Context
Major Relationships, Taxonomy_Mappings
Minor None
568 finalize() Method Without super.finalize()
Major Relationships, Taxonomy_Mappings
Minor None
572 Call to Thread run() instead of start()
Major Relationships, Taxonomy_Mappings
Minor None
573 Improper Following of Specification by Caller
Major Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Relationships, Taxonomy_Mappings
Minor None
582 Array Declared Public, Final, and Static
Major Taxonomy_Mappings
Minor None
583 finalize() Method Declared Public
Major Relationships, Taxonomy_Mappings
Minor None
584 Return Inside Finally Block
Major Relationships, Taxonomy_Mappings
Minor None
585 Empty Synchronized Block
Major Relationships, Weakness_Ordinalities
Minor None
586 Explicit Call to Finalize()
Major Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
587 Assignment of a Fixed Address to a Pointer
Major Relationships
Minor None
589 Call to Non-ubiquitous API
Major Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
590 Free of Memory not on the Heap
Major Relationships
Minor None
594 J2EE Framework: Saving Unserializable Objects to Disk
Major Weakness_Ordinalities
Minor None
595 Comparison of Object References Instead of Object Contents
Major Relationships, Taxonomy_Mappings
Minor None
597 Use of Wrong Operator in String Comparison
Major Relationships, Taxonomy_Mappings
Minor None
600 Uncaught Exception in Servlet
Major Taxonomy_Mappings
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Related_Attack_Patterns
Minor None
605 Multiple Binds to the Same Port
Major Weakness_Ordinalities
Minor None
606 Unchecked Input for Loop Condition
Major References, Relationships, Taxonomy_Mappings
Minor None
609 Double-Checked Locking
Major Relationships, Taxonomy_Mappings
Minor None
611 Improper Restriction of XML External Entity Reference ('XXE')
Major Related_Attack_Patterns
Minor None
617 Reachable Assertion
Major Relationships, Taxonomy_Mappings
Minor None
625 Permissive Regular Expression
Major Taxonomy_Mappings
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Relationships, Taxonomy_Mappings
Minor None
629 Weaknesses in OWASP Top Ten (2007)
Major Description
Minor None
647 Use of Non-Canonical URL Paths for Authorization Decisions
Major Relationships, Taxonomy_Mappings
Minor None
662 Improper Synchronization
Major Relationships, Taxonomy_Mappings
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Relationships
Minor None
665 Improper Initialization
Major Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
666 Operation on Resource in Wrong Phase of Lifetime
Major Relationships
Minor None
667 Improper Locking
Major References, Relationships, Taxonomy_Mappings
Minor None
668 Exposure of Resource to Wrong Sphere
Major Relationships
Minor None
672 Operation on a Resource after Expiration or Release
Major References, Relationships, Taxonomy_Mappings
Minor None
674 Uncontrolled Recursion
Major References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
676 Use of Potentially Dangerous Function
Major Relationships, Weakness_Ordinalities
Minor None
677 Weakness Base Elements
Major View_Filter
Minor None
678 Composites
Major View_Filter
Minor None
680 Integer Overflow to Buffer Overflow
Major Relationships
Minor None
681 Incorrect Conversion between Numeric Types
Major References, Relationships, Taxonomy_Mappings
Minor None
682 Incorrect Calculation
Major Relationships
Minor None
684 Incorrect Provision of Specified Functionality
Major Weakness_Ordinalities
Minor None
685 Function Call With Incorrect Number of Arguments
Major Relationships
Minor None
686 Function Call With Incorrect Argument Type
Major Relationships
Minor None
690 Unchecked Return Value to NULL Pointer Dereference
Major Relationships, Taxonomy_Mappings
Minor None
692 Incomplete Blacklist to Cross-Site Scripting
Major Related_Attack_Patterns
Minor None
693 Protection Mechanism Failure
Major Related_Attack_Patterns
Minor None
696 Incorrect Behavior Order
Major Relationships
Minor None
697 Incorrect Comparison
Major Related_Attack_Patterns, Relationships
Minor None
703 Improper Check or Handling of Exceptional Conditions
Major Relationships, Taxonomy_Mappings
Minor None
704 Incorrect Type Conversion or Cast
Major References, Relationships, Taxonomy_Mappings
Minor None
705 Incorrect Control Flow Scoping
Major Relationships, Taxonomy_Mappings
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Related_Attack_Patterns
Minor None
707 Improper Enforcement of Message or Data Structure
Major Related_Attack_Patterns
Minor None
710 Improper Adherence to Coding Standards
Major Relationships
Minor None
711 Weaknesses in OWASP Top Ten (2004)
Major Description
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
734 Weaknesses Addressed by the CERT C Secure Coding Standard (2008)
Major Description, Name, References
Minor None
735 CERT C Secure Coding Standard (2008) Chapter 2 - Preprocessor (PRE)
Major Description, Name, References
Minor None
736 CERT C Secure Coding Standard (2008) Chapter 3 - Declarations and Initialization (DCL)
Major Description, Name, References
Minor None
737 CERT C Secure Coding Standard (2008) Chapter 4 - Expressions (EXP)
Major Description, Name, References
Minor None
738 CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT)
Major Description, Name, References
Minor None
739 CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP)
Major Description, Name, References
Minor None
740 CERT C Secure Coding Standard (2008) Chapter 7 - Arrays (ARR)
Major Description, Name, References
Minor None
741 CERT C Secure Coding Standard (2008) Chapter 8 - Characters and Strings (STR)
Major Description, Name, References
Minor None
742 CERT C Secure Coding Standard (2008) Chapter 9 - Memory Management (MEM)
Major Description, Name, References
Minor None
743 CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
Major Description, Name, References
Minor None
744 CERT C Secure Coding Standard (2008) Chapter 11 - Environment (ENV)
Major Description, Name, References
Minor None
745 CERT C Secure Coding Standard (2008) Chapter 12 - Signals (SIG)
Major Description, Name, References
Minor None
746 CERT C Secure Coding Standard (2008) Chapter 13 - Error Handling (ERR)
Major Description, Name, References
Minor None
747 CERT C Secure Coding Standard (2008) Chapter 14 - Miscellaneous (MSC)
Major Description, Name, References
Minor None
748 CERT C Secure Coding Standard (2008) Appendix - POSIX (POS)
Major Description, Name, References, Relationship_Notes, Relationships
Minor None
750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
Major Description
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Relationships, Taxonomy_Mappings
Minor None
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Major Relationships, Weakness_Ordinalities
Minor None
762 Mismatched Memory Management Routines
Major Relationships
Minor None
766 Critical Data Element Declared Public
Major Common_Consequences, Description, Name, References, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
Minor None
767 Access to Critical Private Variable via Public Method
Major Taxonomy_Mappings
Minor None
769 DEPRECATED: Uncontrolled File Descriptor Consumption
Major Alternate_Terms, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, References, Relationships, Time_of_Introduction, Type
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
Minor None
771 Missing Reference to Active Allocated Resource
Major Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Common_Consequences, References, Relationships, Taxonomy_Mappings
Minor None
773 Missing Reference to Active File Descriptor or Handle
Major Common_Consequences, Relationships, Theoretical_Notes
Minor None
774 Allocation of File Descriptors or Handles Without Limits or Throttling
Major Alternate_Terms, Relationships, Theoretical_Notes
Minor None
775 Missing Release of File Descriptor or Handle after Effective Lifetime
Major Common_Consequences, Relationships, Theoretical_Notes
Minor None
783 Operator Precedence Logic Error
Major Taxonomy_Mappings
Minor None
786 Access of Memory Location Before Start of Buffer
Major Relationships
Minor None
788 Access of Memory Location After End of Buffer
Major References, Relationships, Taxonomy_Mappings
Minor None
789 Uncontrolled Memory Allocation
Major References, Relationships, Taxonomy_Mappings
Minor None
792 Incomplete Filtering of One or More Instances of Special Elements
Major None
Minor Description
794 Incomplete Filtering of Multiple Instances of Special Elements
Major None
Minor Description
798 Use of Hard-coded Credentials
Major References, Relationships, Taxonomy_Mappings
Minor None
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
Major Description
Minor None
805 Buffer Access with Incorrect Length Value
Major Relationships
Minor None
807 Reliance on Untrusted Inputs in a Security Decision
Major Taxonomy_Mappings
Minor None
809 Weaknesses in OWASP Top Ten (2010)
Major Description
Minor None
820 Missing Synchronization
Major Relationships, Taxonomy_Mappings
Minor None
821 Incorrect Synchronization
Major Relationships
Minor None
829 Inclusion of Functionality from Untrusted Control Sphere
Major Related_Attack_Patterns
Minor None
833 Deadlock
Major Taxonomy_Mappings
Minor None
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major References, Relationships, Taxonomy_Mappings
Minor None
838 Inappropriate Encoding for Output Context
Major Relationships, Taxonomy_Mappings
Minor None
839 Numeric Range Comparison Without Minimum Check
Major Relationships
Minor None
843 Access of Resource Using Incompatible Type ('Type Confusion')
Major Relationships
Minor None
844 Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
Major Description, Name, References, View_Audience
Minor None
845 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
Major Description, Name, References
Minor None
846 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
Major Description, Name, References
Minor None
847 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
Major Description, Name, References
Minor None
848 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
Major Description, Name, References
Minor None
849 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
Major Description, Name, References
Minor None
850 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
Major Description, Name, References
Minor None
851 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
Major Description, Name, References
Minor None
852 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
Major Description, Name, References
Minor None
853 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
Major Description, Name, References
Minor None
854 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
Major Description, Name, References
Minor None
855 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
Major Description, Name, References
Minor None
856 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
Major Description, Name, References
Minor None
857 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
Major Description, Name, References
Minor None
858 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
Major Description, Name, References
Minor None
859 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
Major Description, Name, References
Minor None
860 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
Major Description, Name, References
Minor None
861 The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
Major Description, Name, References
Minor None
868 Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)
Major Description, Maintenance_Notes, Name, References
Minor None
869 CERT C++ Secure Coding Section 01 - Preprocessor (PRE)
Major References
Minor None
908 Use of Uninitialized Resource
Major Relationships
Minor None
910 Use of Expired File Descriptor
Major Relationships
Minor None
916 Use of Password Hash With Insufficient Computational Effort
Major Description
Minor None
923 Improper Restriction of Communication Channel to Intended Endpoints
Major Related_Attack_Patterns
Minor None
925 Improper Verification of Intent by Broadcast Receiver
Major Related_Attack_Patterns
Minor None
928 Weaknesses in OWASP Top Ten (2013)
Major Description
Minor None
999 Weaknesses without Software Fault Patterns
Major View_Filter
Minor None
1006 Bad Coding Practices
Major Relationships
Minor None
1007 Insufficient Visual Distinction of Homoglyphs Presented to User
Major Demonstrative_Examples, Description, Related_Attack_Patterns
Minor None
1023 Incomplete Comparison with Missing Factors
Major Relationships
Minor None
Page Last Updated: January 03, 2019