CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 1.13 and Version 2.0  
ID

Differences between Version 1.13 and Version 2.0

Summary
Summary
Total (Version 2.0) 870
Total (Version 1.13) 865
Total new 5
Total deprecated 0
Total shared 865
Total important changes 42
Total major changes 221
Total minor changes 1
Total minor changes (no major) 1
Total unchanged 643

Summary of Entry Types

Type Version 1.13 Version 2.0
Category 137 141
Chain 3 3
Composite 6 6
Deprecated 12 12
View 25 26
Weakness 682 682

Back to top
Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 0 0
Description 0 0
Applicable_Platforms 0 0
Time_of_Introduction 0 0
Demonstrative_Examples 11 0
Detection_Factors 0 0
Likelihood_of_Exploit 0 0
Common_Consequences 186 0
Relationships 42 0
References 1 0
Potential_Mitigations 4 0
Observed_Examples 7 1
Terminology_Notes 0 0
Alternate_Terms 0 0
Related_Attack_Patterns 11 0
Relationship_Notes 0 0
Taxonomy_Mappings 0 0
Maintenance_Notes 0 0
Modes_of_Introduction 1 0
Affected_Resources 0 0
Functional_Areas 0 0
Research_Gaps 0 0
Background_Details 0 0
Theoretical_Notes 0 0
Weakness_Ordinalities 0 0
White_Box_Definitions 0 0
Enabling_Factors_for_Exploitation 0 0
Other_Notes 0 0
Relevant_Properties 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Common_Methods_of_Exploitation 0 0
Type 0 0
Causal_Nature 0 0
Source_Taxonomy 0 0
Context_Notes 0 0
Black_Box_Definitions 0 0

Form and Abstraction Changes

From To Total
Unchanged 865

Status Changes

From To Total
Unchanged 865

Relationship Changes

The "Version 2.0 Total" lists the total number of relationships in Version 2.0. The "Shared" value is the total number of relationships in entries that were in both Version 2.0 and Version 1.13. The "New" value is the total number of relationships involving entries that did not exist in Version 1.13. Thus, the total number of relationships in Version 2.0 would combine stats from Shared entries and New entries.

Relationship Version 2.0 Total Version 1.13 Total Version 2.0 Shared Unchanged Added to Version 2.0 Removed from Version 1.13 Version 2.0 New
ALL 5487 5395 5397 5395 2 90
ChildOf 2367 2325 2326 2325 1 41
ParentOf 2367 2325 2326 2325 1 41
MemberOf 140 136 136 136 4
HasMember 140 136 136 136 4
CanPrecede 113 113 113 113
CanFollow 113 113 113 113
StartsWith 3 3 3 3
Requires 19 19 19 19
RequiredBy 19 19 19 19
CanAlsoBe 34 34 34 34
PeerOf 172 172 172 172

Nodes Removed from Version 1.13

CWE-ID CWE Name
None.

Nodes Added to Version 2.0

CWE-ID CWE Name
864 2011 Top 25 - Insecure Interaction Between Components
865 2011 Top 25 - Risky Resource Management
866 2011 Top 25 - Porous Defenses
867 2011 Top 25 - Weaknesses On the Cusp
900 Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors

Nodes Deprecated in Version 2.0

CWE-ID CWE Name
None.
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
R 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R 129 Improper Validation of Array Index
R 131 Incorrect Calculation of Buffer Size
R 134 Uncontrolled Format String
R 190 Integer Overflow or Wraparound
R 209 Information Exposure Through an Error Message
R 212 Improper Cross-boundary Removal of Sensitive Data
R 250 Execution with Unnecessary Privileges
R 306 Missing Authentication for Critical Function
R 307 Improper Restriction of Excessive Authentication Attempts
R 311 Missing Encryption of Sensitive Data
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 330 Use of Insufficiently Random Values
R 352 Cross-Site Request Forgery (CSRF)
R 362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
R 434 Unrestricted Upload of File with Dangerous Type
R 456 Missing Initialization
R 476 NULL Pointer Dereference
R 494 Download of Code Without Integrity Check
R 601 URL Redirection to Untrusted Site ('Open Redirect')
R 676 Use of Potentially Dangerous Function
R 681 Incorrect Conversion between Numeric Types
R 732 Incorrect Permission Assignment for Critical Resource
R 754 Improper Check for Unusual or Exceptional Conditions
R 759 Use of a One-Way Hash without a Salt
R 770 Allocation of Resources Without Limits or Throttling
R 772 Missing Release of Resource after Effective Lifetime
R 798 Use of Hard-coded Credentials
R 805 Buffer Access with Incorrect Length Value
R 807 Reliance on Untrusted Inputs in a Security Decision
R 822 Untrusted Pointer Dereference
R 825 Expired Pointer Dereference
R 829 Inclusion of Functionality from Untrusted Control Sphere
R 838 Inappropriate Encoding for Output Context
R 841 Improper Enforcement of Behavioral Workflow
R 862 Missing Authorization
R 863 Incorrect Authorization
Back to top
Detailed Difference Report
Detailed Difference Report
11 ASP.NET Misconfiguration: Creating Debug Binary
Major Common_Consequences
Minor None
12 ASP.NET Misconfiguration: Missing Custom Error Page
Major Common_Consequences
Minor None
15 External Control of System or Configuration Setting
Major Common_Consequences
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Relationships
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Relationships
Minor None
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Relationships
Minor None
84 Improper Neutralization of Encoded URI Schemes in a Web Page
Major Common_Consequences
Minor None
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major Relationships
Minor None
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
Major Relationships
Minor None
102 Struts: Duplicate Validation Forms
Major Common_Consequences
Minor None
105 Struts: Form Field Without Validator
Major Common_Consequences
Minor None
106 Struts: Plug-in Framework not in Use
Major Common_Consequences
Minor None
107 Struts: Unused Validation Form
Major Common_Consequences
Minor None
112 Missing XML Validation
Major Common_Consequences
Minor None
115 Misinterpretation of Input
Major Common_Consequences
Minor None
118 Improper Access of Indexable Resource ('Range Error')
Major Common_Consequences
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Relationships
Minor None
129 Improper Validation of Array Index
Major Relationships
Minor None
130 Improper Handling of Length Parameter Inconsistency
Major Common_Consequences
Minor None
131 Incorrect Calculation of Buffer Size
Major Relationships
Minor None
134 Uncontrolled Format String
Major Modes_of_Introduction, Relationships
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major Common_Consequences
Minor None
140 Improper Neutralization of Delimiters
Major Common_Consequences
Minor None
141 Improper Neutralization of Parameter/Argument Delimiters
Major Common_Consequences
Minor None
142 Improper Neutralization of Value Delimiters
Major Common_Consequences
Minor None
143 Improper Neutralization of Record Delimiters
Major Common_Consequences
Minor None
144 Improper Neutralization of Line Delimiters
Major Common_Consequences
Minor None
145 Improper Neutralization of Section Delimiters
Major Common_Consequences
Minor None
147 Improper Neutralization of Input Terminators
Major Common_Consequences
Minor None
148 Improper Neutralization of Input Leaders
Major Common_Consequences
Minor None
149 Improper Neutralization of Quoting Syntax
Major Common_Consequences
Minor None
150 Improper Neutralization of Escape, Meta, or Control Sequences
Major Common_Consequences
Minor None
151 Improper Neutralization of Comment Delimiters
Major Common_Consequences
Minor None
152 Improper Neutralization of Macro Symbols
Major Common_Consequences
Minor None
153 Improper Neutralization of Substitution Characters
Major Common_Consequences
Minor None
154 Improper Neutralization of Variable Name Delimiters
Major Common_Consequences
Minor None
155 Improper Neutralization of Wildcards or Matching Symbols
Major Common_Consequences
Minor None
156 Improper Neutralization of Whitespace
Major Common_Consequences
Minor None
157 Failure to Sanitize Paired Delimiters
Major Common_Consequences
Minor None
158 Improper Neutralization of Null Byte or NUL Character
Major Common_Consequences
Minor None
159 Failure to Sanitize Special Element
Major Common_Consequences
Minor None
160 Improper Neutralization of Leading Special Elements
Major Common_Consequences
Minor None
161 Improper Neutralization of Multiple Leading Special Elements
Major Common_Consequences
Minor None
162 Improper Neutralization of Trailing Special Elements
Major Common_Consequences
Minor None
163 Improper Neutralization of Multiple Trailing Special Elements
Major Common_Consequences
Minor None
164 Improper Neutralization of Internal Special Elements
Major Common_Consequences
Minor None
165 Improper Neutralization of Multiple Internal Special Elements
Major Common_Consequences
Minor None
167 Improper Handling of Additional Special Element
Major Common_Consequences
Minor None
172 Encoding Error
Major Common_Consequences
Minor None
175 Improper Handling of Mixed Encoding
Major Common_Consequences
Minor None
176 Improper Handling of Unicode Encoding
Major Common_Consequences
Minor None
177 Improper Handling of URL Encoding (Hex Encoding)
Major Common_Consequences
Minor None
187 Partial Comparison
Major Common_Consequences
Minor None
190 Integer Overflow or Wraparound
Major Relationships
Minor None
191 Integer Underflow (Wrap or Wraparound)
Major Common_Consequences
Minor None
193 Off-by-one Error
Major Common_Consequences
Minor None
195 Signed to Unsigned Conversion Error
Major Common_Consequences
Minor None
198 Use of Incorrect Byte Ordering
Major Common_Consequences
Minor None
209 Information Exposure Through an Error Message
Major Relationships
Minor None
212 Improper Cross-boundary Removal of Sensitive Data
Major Demonstrative_Examples, Relationships
Minor None
227 Improper Fulfillment of API Contract ('API Abuse')
Major Common_Consequences
Minor None
228 Improper Handling of Syntactically Invalid Structure
Major Common_Consequences
Minor None
229 Improper Handling of Values
Major Common_Consequences
Minor None
230 Improper Handling of Missing Values
Major Common_Consequences
Minor None
231 Improper Handling of Extra Values
Major Common_Consequences
Minor None
232 Improper Handling of Undefined Values
Major Common_Consequences
Minor None
233 Parameter Problems
Major Common_Consequences
Minor None
235 Improper Handling of Extra Parameters
Major Common_Consequences
Minor None
236 Improper Handling of Undefined Parameters
Major Common_Consequences
Minor None
237 Improper Handling of Structural Elements
Major Common_Consequences
Minor None
238 Improper Handling of Incomplete Structural Elements
Major Common_Consequences
Minor None
239 Failure to Handle Incomplete Element
Major Common_Consequences
Minor None
240 Improper Handling of Inconsistent Structural Elements
Major Common_Consequences
Minor None
241 Improper Handling of Unexpected Data Type
Major Common_Consequences
Minor None
242 Use of Inherently Dangerous Function
Major Common_Consequences
Minor None
245 J2EE Bad Practices: Direct Management of Connections
Major Common_Consequences
Minor None
246 J2EE Bad Practices: Direct Use of Sockets
Major Common_Consequences
Minor None
250 Execution with Unnecessary Privileges
Major Demonstrative_Examples, Relationships
Minor None
252 Unchecked Return Value
Major Common_Consequences
Minor None
262 Not Using Password Aging
Major Common_Consequences
Minor None
263 Password Aging with Long Expiration
Major Common_Consequences
Minor None
283 Unverified Ownership
Major Common_Consequences
Minor None
284 Improper Access Control
Major Common_Consequences
Minor None
286 Incorrect User Management
Major Common_Consequences
Minor None
306 Missing Authentication for Critical Function
Major Relationships
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Common_Consequences, Related_Attack_Patterns, Relationships
Minor None
311 Missing Encryption of Sensitive Data
Major Relationships
Minor None
322 Key Exchange without Entity Authentication
Major Common_Consequences
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Relationships
Minor None
330 Use of Insufficiently Random Values
Major Relationships
Minor None
337 Predictable Seed in PRNG
Major Common_Consequences
Minor None
339 Small Seed Space in PRNG
Major Common_Consequences
Minor None
340 Predictability Problems
Major Common_Consequences
Minor None
341 Predictable from Observable State
Major Common_Consequences
Minor None
342 Predictable Exact Value from Previous Values
Major Common_Consequences
Minor None
343 Predictable Value Range from Previous Values
Major Common_Consequences
Minor None
344 Use of Invariant Value in Dynamically Changing Context
Major Common_Consequences
Minor None
345 Insufficient Verification of Data Authenticity
Major Common_Consequences
Minor None
346 Origin Validation Error
Major Common_Consequences
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Relationships
Minor None
362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Major Relationships
Minor None
365 Race Condition in Switch
Major Common_Consequences
Minor None
366 Race Condition within a Thread
Major Common_Consequences
Minor None
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major Common_Consequences
Minor None
372 Incomplete Internal State Distinction
Major Common_Consequences
Minor None
383 J2EE Bad Practices: Direct Use of Threads
Major Common_Consequences
Minor None
390 Detection of Error Condition Without Action
Major Common_Consequences
Minor None
391 Unchecked Error Condition
Major Common_Consequences
Minor None
392 Missing Report of Error Condition
Major Common_Consequences
Minor None
393 Return of Wrong Status Code
Major Common_Consequences
Minor None
394 Unexpected Status Code or Return Value
Major Common_Consequences
Minor None
398 Indicator of Poor Code Quality
Major Common_Consequences
Minor None
403 Exposure of File Descriptor to Unintended Control Sphere
Major Common_Consequences
Minor None
404 Improper Resource Shutdown or Release
Major Common_Consequences
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Common_Consequences
Minor None
416 Use After Free
Major Demonstrative_Examples
Minor None
424 Improper Protection of Alternate Path
Major Common_Consequences
Minor None
430 Deployment of Wrong Handler
Major Common_Consequences
Minor None
431 Missing Handler
Major Common_Consequences
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Relationships
Minor None
435 Interaction Error
Major Common_Consequences
Minor None
436 Interpretation Conflict
Major Common_Consequences
Minor None
437 Incomplete Model of Endpoint Features
Major Common_Consequences
Minor None
439 Behavioral Change in New Version or Environment
Major Common_Consequences
Minor None
440 Expected Behavior Violation
Major Common_Consequences
Minor None
441 Unintended Proxy/Intermediary
Major Common_Consequences
Minor None
446 UI Discrepancy for Security Feature
Major Common_Consequences
Minor None
447 Unimplemented or Unsupported Feature in UI
Major Common_Consequences
Minor None
448 Obsolete Feature in UI
Major Common_Consequences
Minor None
449 The UI Performs the Wrong Action
Major Common_Consequences
Minor None
450 Multiple Interpretations of UI Input
Major Common_Consequences
Minor None
456 Missing Initialization
Major Common_Consequences, Relationships
Minor None
460 Improper Cleanup on Thrown Exception
Major Common_Consequences
Minor None
462 Duplicate Key in Associative List (Alist)
Major Common_Consequences
Minor None
464 Addition of Data Structure Sentinel
Major Common_Consequences
Minor None
467 Use of sizeof() on a Pointer Type
Major Common_Consequences
Minor None
468 Incorrect Pointer Scaling
Major Common_Consequences
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major Common_Consequences
Minor None
474 Use of Function with Inconsistent Implementations
Major Common_Consequences
Minor None
475 Undefined Behavior for Input to API
Major Common_Consequences
Minor None
476 NULL Pointer Dereference
Major Related_Attack_Patterns, Relationships
Minor None
477 Use of Obsolete Functions
Major Common_Consequences
Minor None
478 Missing Default Case in Switch Statement
Major Common_Consequences
Minor None
479 Signal Handler Use of a Non-reentrant Function
Major Common_Consequences
Minor None
482 Comparing instead of Assigning
Major Common_Consequences
Minor None
483 Incorrect Block Delimitation
Major Common_Consequences
Minor None
485 Insufficient Encapsulation
Major Common_Consequences
Minor None
489 Leftover Debug Code
Major Common_Consequences
Minor None
491 Public cloneable() Method Without Final ('Object Hijack')
Major Common_Consequences
Minor None
494 Download of Code Without Integrity Check
Major Relationships
Minor None
511 Logic/Time Bomb
Major Common_Consequences
Minor None
525 Information Exposure Through Browser Caching
Major Common_Consequences
Minor None
531 Information Exposure Through Test Code
Major Common_Consequences
Minor None
544 Missing Standardized Error Handling Mechanism
Major Common_Consequences
Minor None
546 Suspicious Comment
Major Common_Consequences
Minor None
547 Use of Hard-coded, Security-relevant Constants
Major Common_Consequences
Minor None
554 ASP.NET Misconfiguration: Not Using Input Validation Framework
Major Common_Consequences
Minor None
563 Unused Variable
Major Common_Consequences
Minor None
568 finalize() Method Without super.finalize()
Major Common_Consequences
Minor None
570 Expression is Always False
Major Common_Consequences
Minor None
571 Expression is Always True
Major Common_Consequences
Minor None
572 Call to Thread run() instead of start()
Major Common_Consequences
Minor None
573 Improper Following of Specification by Caller
Major Common_Consequences
Minor None
574 EJB Bad Practices: Use of Synchronization Primitives
Major Common_Consequences
Minor None
575 EJB Bad Practices: Use of AWT Swing
Major Common_Consequences
Minor None
576 EJB Bad Practices: Use of Java I/O
Major Common_Consequences
Minor None
577 EJB Bad Practices: Use of Sockets
Major Common_Consequences
Minor None
578 EJB Bad Practices: Use of Class Loader
Major Common_Consequences
Minor None
579 J2EE Bad Practices: Non-serializable Object Stored in Session
Major Common_Consequences
Minor None
580 clone() Method Without super.clone()
Major Common_Consequences
Minor None
583 finalize() Method Declared Public
Major Common_Consequences
Minor None
586 Explicit Call to Finalize()
Major Common_Consequences
Minor None
589 Call to Non-ubiquitous API
Major Common_Consequences
Minor None
593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Major Common_Consequences
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Relationships
Minor None
605 Multiple Binds to the Same Port
Major Common_Consequences
Minor None
622 Unvalidated Function Hook Arguments
Major Common_Consequences
Minor None
626 Null Byte Interaction Error (Poison Null Byte)
Major Common_Consequences
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Common_Consequences
Minor None
649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
Major Common_Consequences
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Common_Consequences
Minor None
671 Lack of Administrator Control over Security
Major Common_Consequences
Minor None
676 Use of Potentially Dangerous Function
Major Common_Consequences, Observed_Examples, Potential_Mitigations, References, Relationships
Minor None
681 Incorrect Conversion between Numeric Types
Major Common_Consequences, Observed_Examples, Relationships
Minor None
683 Function Call With Incorrect Order of Arguments
Major Common_Consequences
Minor None
684 Incorrect Provision of Specified Functionality
Major Common_Consequences
Minor None
685 Function Call With Incorrect Number of Arguments
Major Common_Consequences
Minor None
686 Function Call With Incorrect Argument Type
Major Common_Consequences
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Common_Consequences
Minor None
688 Function Call With Incorrect Variable or Reference as Argument
Major Common_Consequences
Minor None
694 Use of Multiple Resources with Duplicate Identifier
Major Common_Consequences
Minor None
696 Incorrect Behavior Order
Major Common_Consequences
Minor None
703 Improper Check or Handling of Exceptional Conditions
Major Common_Consequences
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Relationships
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Common_Consequences, Related_Attack_Patterns, Relationships
Minor None
759 Use of a One-Way Hash without a Salt
Major Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships
Minor None
764 Multiple Locks of a Critical Resource
Major Common_Consequences
Minor None
765 Multiple Unlocks of a Critical Resource
Major Common_Consequences
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Relationships
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Observed_Examples, Related_Attack_Patterns, Relationships
Minor None
783 Operator Precedence Logic Error
Major Common_Consequences
Minor None
790 Improper Filtering of Special Elements
Major Common_Consequences
Minor None
791 Incomplete Filtering of Special Elements
Major Common_Consequences
Minor None
792 Incomplete Filtering of One or More Instances of Special Elements
Major Common_Consequences
Minor None
793 Only Filtering One Instance of a Special Element
Major Common_Consequences
Minor None
794 Incomplete Filtering of Multiple Instances of Special Elements
Major Common_Consequences
Minor None
795 Only Filtering Special Elements at a Specified Location
Major Common_Consequences
Minor None
796 Only Filtering Special Elements Relative to a Marker
Major Common_Consequences
Minor None
797 Only Filtering Special Elements at an Absolute Position
Major Common_Consequences
Minor None
798 Use of Hard-coded Credentials
Major Observed_Examples, Relationships
Minor None
805 Buffer Access with Incorrect Length Value
Major Demonstrative_Examples, Observed_Examples, Relationships
Minor None
807 Reliance on Untrusted Inputs in a Security Decision
Major Common_Consequences, Relationships
Minor None
822 Untrusted Pointer Dereference
Major Related_Attack_Patterns, Relationships
Minor None
825 Expired Pointer Dereference
Major Demonstrative_Examples, Potential_Mitigations, Relationships
Minor None
827 Improper Control of Document Type Definition
Major None
Minor Observed_Examples
829 Inclusion of Functionality from Untrusted Control Sphere
Major Common_Consequences, Demonstrative_Examples, Observed_Examples, Potential_Mitigations, Related_Attack_Patterns, Relationships
Minor None
830 Inclusion of Web Functionality from an Untrusted Source
Major Demonstrative_Examples
Minor None
831 Signal Handler Function Associated with Multiple Signals
Major Common_Consequences
Minor None
838 Inappropriate Encoding for Output Context
Major Demonstrative_Examples, Related_Attack_Patterns, Relationships
Minor None
841 Improper Enforcement of Behavioral Workflow
Major Common_Consequences, Observed_Examples, Related_Attack_Patterns, Relationships
Minor None
862 Missing Authorization
Major Demonstrative_Examples, Related_Attack_Patterns, Relationships
Minor None
863 Incorrect Authorization
Major Demonstrative_Examples, Related_Attack_Patterns, Relationships
Minor None
Back to top
Page Last Updated: January 05, 2017
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.