Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE CATEGORY: DEPRECATED: ASP.NET Environment Issues
Category ID: 10
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It added unnecessary depth and complexity to its associated views.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-08-15
Veracode
Suggested OWASP Top Ten 2004 mapping
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because it covered redundant concepts already described in CWE-287.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-12-15
(CWE Draft 5, 2006-12-15)
CWE Content Team
MITRE
Modifications
Modification Date
Modifier
Organization
2008-07-01
Eric Dalci
Cigital
updated Time_of_Introduction
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2009-05-27
CWE Content Team
MITRE
updated Related_Attack_Patterns
2011-06-01
CWE Content Team
MITRE
updated Common_Consequences
2012-05-11
CWE Content Team
MITRE
updated References, Relationships
2014-07-30
CWE Content Team
MITRE
updated Relationships
2017-05-03
CWE Content Team
MITRE
updated Common_Consequences, Description, Name, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated because it redundant with the grouping provided by CWE-417.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2008-11-24
CWE Content Team
MITRE
updated Relationships
2013-02-21
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: Cleansing, Canonicalization, and Comparison Errors
Category ID: 171
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. Weaknesses in this category were related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data. These weaknesses can be found in other similar categories.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships
2015-12-07
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2019-06-20
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated, as it was not effective as a weakness and was structured more like a category. In addition, the name is inappropriate, since the "container" term is widely understood by developers in different ways than originally intended by PLOVER, the original source for this entry.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE-217: DEPRECATED: Failure to Protect Stored Data from Modification
Weakness ID: 217
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766 and CWE-767.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-218: DEPRECATED: Failure to provide confidentiality for stored data
Weakness ID: 218
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Alternate_Terms, Applicable_Platforms, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type
2009-10-29
CWE Content Team
MITRE
updated Relationships
2021-07-20
CWE Content Team
MITRE
updated Name
2023-06-29
CWE Content Team
MITRE
updated Mapping_Notes
Previous Entry Names
Change Date
Previous Entry Name
2008-09-09
Failure to Provide Confidentiality for Stored Data
2021-07-20
DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
CWE-225: DEPRECATED: General Information Management Problems
Weakness ID: 225
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
CWE CATEGORY: DEPRECATED: General Special Element Problems
Category ID: 139
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It is a leftover from PLOVER, but CWE-138 is a more appropriate mapping.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Applicable_Platforms, Description, Functional_Areas, Name, Relationships, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
CWE-92: DEPRECATED: Improper Sanitization of Custom Special Characters
Weakness ID: 92
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated. It originally came from PLOVER, which sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2008-10-14
CWE Content Team
MITRE
updated Description
2009-07-27
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-542: DEPRECATED: Information Exposure Through Cleanup Log Files
Weakness ID: 542
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-534: DEPRECATED: Information Exposure Through Debug Log Files
Weakness ID: 534
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
CWE-533: DEPRECATED: Information Exposure Through Server Log Files
Weakness ID: 533
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because its abstraction was too low-level. See CWE-532.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2009-07-27
CWE Content Team
MITRE
updated Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Relationships
2020-02-24
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: J2EE Time and State Issues
Category ID: 381
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
CWE CATEGORY: DEPRECATED: Mac Virtual File Problems
Category ID: 70
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
PLOVER
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Affected_Resources, Applicable_Platforms, Description, Name, Relationships, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-170. All content has been transferred to CWE-170.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Applicable_Platforms, Causal_Nature, Common_Consequences, Description, Likelihood_of_Exploit, Name, Relationships, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
CWE CATEGORY: DEPRECATED: Often Misused: Arguments and Parameters
Category ID: 559
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CWE Community
Submitted by members of the CWE community to extend early CWE versions
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Other_Notes
2010-04-05
CWE Content Team
MITRE
updated Related_Attack_Patterns
2010-09-27
CWE Content Team
MITRE
updated Other_Notes, Relationship_Notes
2017-11-08
CWE Content Team
MITRE
updated Related_Attack_Patterns, Relationships
2020-02-24
CWE Content Team
MITRE
updated Description, Name, Relationship_Notes, Relationships, Type
CWE-249: DEPRECATED: Often Misused: Path Manipulation
Weakness ID: 249
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because of name
confusion and an accidental combination of multiple
weaknesses. Most of its content has been transferred to
CWE-785.
Extended Description
This entry was deprecated for several reasons. The primary
reason is over-loading of the "path manipulation" term and the
description. The original description for this entry was the
same as that for the "Often Misused: File System" item in the
original Seven Pernicious Kingdoms paper. However, Seven
Pernicious Kingdoms also has a "Path Manipulation" phrase that
is for external control of pathnames (CWE-73), which is a
factor in symbolic link following and path traversal, neither
of which is explicitly mentioned in 7PK. Fortify uses the
phrase "Often Misused: Path Manipulation" for a broader range
of problems, generally for issues related to buffer
management. Given the multiple conflicting uses of this term,
there is a chance that CWE users may have incorrectly mapped
to this entry.
The second reason for deprecation is an implied combination of
multiple weaknesses within buffer-handling functions. The
focus of this entry was generally on the path-conversion
functions and their association with buffer
overflows. However, some of Fortify's Vulncat entries have the
term "path manipulation" but describe a non-overflow weakness
in which the buffer is not guaranteed to contain the entire
pathname, i.e., there is information truncation (see CWE-222
for a similar concept). A new entry for this non-overflow
weakness may be created in a future version of CWE.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description for suggestions for other CWE IDs to use.
CWE CATEGORY: DEPRECATED: Other Intentional, Nonmalicious Weakness
Category ID: 517
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2017-11-08
CWE Content Team
MITRE
updated Description, Name, Relationships, Taxonomy_Mappings, Type
CWE CATEGORY: DEPRECATED: Pathname Traversal and Equivalence Errors
Category ID: 21
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706).
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated. There are no documented cases in which a switch's control expression is evaluated more than once.
Extended Description
It is likely that this entry was initially created based on a misinterpretation of the original source material. The original source intended to explain how switches could be unpredictable when using threads, if the control expressions used data or variables that could change between execution of different threads. That weakness is already covered by CWE-367. Despite the ambiguity in the documentation for some languages and compilers, in practice, they all evaluate the switch control expression only once. If future languages state that the code explicitly evaluates the control expression more than once, then this would not be a weakness, but the language performing as designed.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
CLASP
Contributions
Contribution Date
Contributor
Organization
2022-03-31
Yongchool Ryu, MathWorks; Roberto Bagnara, BUGSENG; Guido Persch, Imagix; John Blattner, Imagix; Paul Anderson, GrammaTech; Fulvio Baccaglini; John Viega; Robert Seacord; Members of the CWE-Research mailing list, including Jonathan Hood and Steve Grubb; Commenters on Twitter, including Patricia Aas, Myria, Richard Barrell, and others
Many members of the CWE community contributed important feedback supporting deprecation of this entry. The contribution date reflects the first public request for comment; much feedback was received both before and after that date.
CWE-247: DEPRECATED: Reliance on DNS Lookups in a Security Decision
Weakness ID: 247
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description for suggestions for other CWE IDs to use.
This view has been deprecated because it is not actively maintained and does not provide utility to stakeholders. It was originally created before CWE 1.0 as a simple example of how views could be structured within CWE.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
CWE-1324: DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface
Weakness ID: 1324
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry has been deprecated because it was at a lower level of abstraction than supported by CWE. All relevant content has been integrated into CWE-319.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2020-10-01
(CWE 4.3, 2020-12-10)
Accellera IP Security Assurance (IPSA) Working Group
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.
Content
History
Submissions
Submission Date
Submitter
Organization
2006-07-19
(CWE Draft 3, 2006-07-19)
Landwehr
Modifications
Modification Date
Modifier
Organization
2008-09-08
CWE Content Team
MITRE
updated Relationships, Taxonomy_Mappings
2015-12-07
CWE Content Team
MITRE
updated Relationships
2017-01-19
CWE Content Team
MITRE
updated Maintenance_Notes, Relationships
2017-11-08
CWE Content Team
MITRE
updated Relationships
2019-06-20
CWE Content Team
MITRE
updated Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Type
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities Abstraction:
BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.
View customized information:
For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.For users who wish to see all available information for the CWE/CAPEC entry.For users who want to customize what details are displayed.
×
Edit Custom Filter
Description
This entry was deprecated because it overlapped the same concepts as race condition (CWE-362) and Improper Synchronization (CWE-662).
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reason:
Deprecated
Rationale:
This CWE has been deprecated.
Comments:
See description and name for possible suggestions of other CWEs to consider.
Vulnerability Mapping:PROHIBITEDThis CWE ID must not be used to map to real-world vulnerabilities
Summary
This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.
Vulnerability Mapping Notes
Usage:
PROHIBITED
(this CWE ID must not be used to map to real-world vulnerabilities)
Reasons:
Category,
Deprecated
Rationale:
This CWE has been deprecated. It is also a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments:
See the summary, which might have suggestions for other CWEs to consider.