CWE - Differences between 1.7 and 1.8

Home > CWE List > Reports > Differences between 1.7 and 1.8

Differences between 1.7 and 1.8

Differences between 1.7 and 1.8

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total (1.8)	810
Total (1.7)	799
Total new	11
Total deprecated	0
Total shared	799
Total important changes	82
Total major changes	162
Total minor changes	7
Total minor changes (no major)	1
Total unchanged	636

Summary of Entry Types

Type	1.7	1.8
Category	105	109
Chain	3	3
Composite	9	6
Deprecated	11	11
View	22	23
Weakness	649	658

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	13	0
Description	11	0
Applicable_Platforms	13	1
Time_of_Introduction	3	0
Demonstrative_Examples	33	2
Detection_Factors	33	0
Likelihood_of_Exploit	4	0
Common_Consequences	12	1
Relationships	77	0
References	54	0
Potential_Mitigations	43	2
Observed_Examples	6	0
Terminology_Notes	3	0
Alternate_Terms	6	0
Related_Attack_Patterns	14	0
Relationship_Notes	7	0
Taxonomy_Mappings	51	0
Maintenance_Notes	2	0
Modes_of_Introduction	0	0
Affected_Resources	0	0
Functional_Areas	1	0
Research_Gaps	1	0
Background_Details	1	0
Theoretical_Notes	0	0
Weakness_Ordinalities	2	0
White_Box_Definitions	0	0
Enabling_Factors_for_Exploitation	0	0
Other_Notes	8	1
Relevant_Properties	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Common_Methods_of_Exploitation	0	0
Type	3	0
Causal_Nature	0	0
Source_Taxonomy	0	0
Context_Notes	0	0
Black_Box_Definitions	0	0

Form and Abstraction Changes

From	To	Total
Unchanged		796
Composite	Weakness/Base	3

Status Changes

From	To	Total
Unchanged		799

Relationship Changes

The "1.8 Total" lists the total number of relationships in 1.8. The "Shared" value is the total number of relationships in entries that were in both 1.8 and 1.7. The "New" value is the total number of relationships involving entries that did not exist in 1.7. Thus, the total number of relationships in 1.8 would combine stats from Shared entries and New entries.

Relationship	1.8 Total	1.7 Total	1.8 Shared	Unchanged	Added to 1.8	Removed from 1.7	1.8 New
ALL	4819	4676	4667	4630	37	46	152
ChildOf	2078	2008	2008	1997	11	11	70
ParentOf	2078	2008	2008	1997	11	11	70
MemberOf	109	106	105	105		1	4
HasMember	109	106	105	105		1	4
CanPrecede	90	84	89	84	5		1
CanFollow	91	84	90	84	6		1
StartsWith	3	3	3	3
Requires	19	27	19	19		8
RequiredBy	19	27	19	19		8
CanAlsoBe	37	37	37	37
PeerOf	186	186	184	180	4	6	2

Nodes Removed from 1.7

CWE-ID	CWE Name
None.

Nodes Added to 1.8

CWE-ID	CWE Name
798	Use of Hard-coded Credentials
799	Improper Control of Interaction Frequency
800	Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
801	2010 Top 25 - Insecure Interaction Between Components
802	2010 Top 25 - Risky Resource Management
803	2010 Top 25 - Porous Defenses
804	Guessable CAPTCHA
805	Buffer Access with Incorrect Length Value
806	Buffer Access Using Size of Source Buffer
807	Reliance on Untrusted Inputs in a Security Decision
808	2010 Top 25 - Weaknesses On the Cusp

Nodes Deprecated in 1.8

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D	N	R	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
		R	59	Improper Link Resolution Before File Access ('Link Following')
		R	74	Failure to Sanitize Data into a Different Plane ('Injection')
		R	77	Improper Sanitization of Special Elements used in a Command ('Command Injection')
		R	78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
		R	79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
		R	88	Argument Injection or Modification
		R	89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
		R	90	Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
		R	98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
		R	118	Improper Access of Indexable Resource ('Range Error')
		R	119	Failure to Constrain Operations within the Bounds of a Memory Buffer
		R	120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
		R	129	Improper Validation of Array Index
D		R	130	Improper Handling of Length Parameter Inconsistency
		R	131	Incorrect Calculation of Buffer Size
		R	134	Uncontrolled Format String
		R	183	Permissive Whitelist
		R	184	Incomplete Blacklist
		R	190	Integer Overflow or Wraparound
		R	209	Information Exposure Through an Error Message
D	N	R	212	Improper Cross-boundary Removal of Sensitive Data
		R	216	Containment Errors (Container Errors)
		R	227	Failure to Fulfill API Contract ('API Abuse')
		R	242	Use of Inherently Dangerous Function
		R	247	Reliance on DNS Lookups in a Security Decision
		R	254	Security Features
		R	255	Credentials Management
		R	257	Storing Passwords in a Recoverable Format
D	N	R	259	Use of Hard-coded Password
		R	285	Improper Access Control (Authorization)
		R	287	Improper Authentication
D			291	Trusting Self-reported IP Address
		R	302	Authentication Bypass by Assumed-Immutable Data
	N	R	306	Missing Authentication for Critical Function
	N	R	307	Improper Restriction of Excessive Authentication Attempts
D			308	Use of Single-factor Authentication
D	N	R	311	Missing Encryption of Sensitive Data
		R	321	Use of Hard-coded Cryptographic Key
		R	327	Use of a Broken or Risky Cryptographic Algorithm
		R	330	Use of Insufficiently Random Values
		R	344	Use of Invariant Value in Dynamically Changing Context
		R	351	Insufficient Type Distinction
		R	352	Cross-Site Request Forgery (CSRF)
D			360	Trust of System Event Data
		R	362	Race Condition
		R	388	Error Handling
		R	401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
		R	404	Improper Resource Shutdown or Release
		R	416	Use After Free
		R	425	Direct Request ('Forced Browsing')
		R	426	Untrusted Search Path
	N	R	434	Unrestricted Upload of File with Dangerous Type
		R	436	Interpretation Conflict
		R	438	Behavioral Problems
D	N	R	454	External Initialization of Trusted Variables or Data Stores
		R	456	Missing Initialization
		R	467	Use of sizeof() on a Pointer Type
		R	473	PHP External Variable Modification
		R	476	NULL Pointer Dereference
		R	494	Download of Code Without Integrity Check
		R	601	URL Redirection to Untrusted Site ('Open Redirect')
		R	664	Improper Control of a Resource Through its Lifetime
		R	669	Incorrect Resource Transfer Between Spheres
		R	671	Lack of Administrator Control over Security
D	N	R	672	Operation on a Resource after Expiration or Release
		R	681	Incorrect Conversion between Numeric Types
		R	691	Insufficient Control Flow Management
		R	693	Protection Mechanism Failure
		R	703	Failure to Handle Exceptional Conditions
		R	706	Use of Incorrectly-Resolved Name or Reference
		R	724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
		R	732	Incorrect Permission Assignment for Critical Resource
		R	749	Exposed Dangerous Method or Function
	N		751	2009 Top 25 - Insecure Interaction Between Components
	N		752	2009 Top 25 - Risky Resource Management
	N	R	753	2009 Top 25 - Porous Defenses
D	N	R	754	Improper Check for Unusual or Exceptional Conditions
		R	770	Allocation of Resources Without Limits or Throttling
		R	772	Missing Release of Resource after Effective Lifetime
		R	784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
		R	1000	Research Concepts

Detailed Difference Report

14	Compiler Removal of Code to Clear Buffers
	Major	References
	Minor	None
16	Configuration
	Major	Taxonomy_Mappings
	Minor	None
20	Improper Input Validation
	Major	Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
23	Relative Path Traversal
	Major	Demonstrative_Examples
	Minor	None
36	Absolute Path Traversal
	Major	Demonstrative_Examples
	Minor	None
59	Improper Link Resolution Before File Access ('Link Following')
	Major	Potential_Mitigations, Relationships
	Minor	None
73	External Control of File Name or Path
	Major	Potential_Mitigations
	Minor	None
74	Failure to Sanitize Data into a Different Plane ('Injection')
	Major	Relationships
	Minor	None
77	Improper Sanitization of Special Elements used in a Command ('Command Injection')
	Major	Potential_Mitigations, Relationships
	Minor	None
78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
79	Failure to Preserve Web Page Structure ('Cross-site Scripting')
	Major	Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
88	Argument Injection or Modification
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
90	Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Taxonomy_Mappings
	Minor	None
93	Failure to Sanitize CRLF Sequences ('CRLF Injection')
	Major	Related_Attack_Patterns, Taxonomy_Mappings
	Minor	None
94	Failure to Control Generation of Code ('Code Injection')
	Major	Potential_Mitigations
	Minor	None
95	Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Potential_Mitigations
	Minor	None
97	Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
	Major	Taxonomy_Mappings
	Minor	None
98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
	Major	Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type
	Minor	Demonstrative_Examples
113	Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
	Major	Taxonomy_Mappings
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
	Minor	None
118	Improper Access of Indexable Resource ('Range Error')
	Major	Relationships
	Minor	None
119	Failure to Constrain Operations within the Bounds of a Memory Buffer
	Major	Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	None
121	Stack-based Buffer Overflow
	Major	References
	Minor	None
122	Heap-based Buffer Overflow
	Major	References
	Minor	None
129	Improper Validation of Array Index
	Major	Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
	Minor	Common_Consequences
130	Improper Handling of Length Parameter Inconsistency
	Major	Description, Potential_Mitigations, Relationships
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships
	Minor	None
134	Uncontrolled Format String
	Major	Detection_Factors, References, Relationships, Taxonomy_Mappings
	Minor	Other_Notes
135	Incorrect Calculation of Multi-Byte String Length
	Major	Demonstrative_Examples, References
	Minor	None
158	Failure to Sanitize Null Byte or NUL Character
	Major	Taxonomy_Mappings
	Minor	None
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Demonstrative_Examples
	Minor	None
183	Permissive Whitelist
	Major	Relationships
	Minor	None
184	Incomplete Blacklist
	Major	Relationships
	Minor	None
185	Incorrect Regular Expression
	Major	References
	Minor	None
190	Integer Overflow or Wraparound
	Major	Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes
	Minor	Demonstrative_Examples
193	Off-by-one Error
	Major	Demonstrative_Examples
	Minor	None
195	Signed to Unsigned Conversion Error
	Major	Demonstrative_Examples
	Minor	None
200	Information Exposure
	Major	Taxonomy_Mappings
	Minor	None
205	Information Exposure Through Behavioral Discrepancy
	Major	Taxonomy_Mappings
	Minor	None
209	Information Exposure Through an Error Message
	Major	Detection_Factors, References, Relationships
	Minor	None
212	Improper Cross-boundary Removal of Sensitive Data
	Major	Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes
	Minor	None
216	Containment Errors (Container Errors)
	Major	Relationships
	Minor	None
226	Sensitive Information Uncleared Before Release
	Major	Applicable_Platforms, Maintenance_Notes, Relationship_Notes
	Minor	None
227	Failure to Fulfill API Contract ('API Abuse')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
242	Use of Inherently Dangerous Function
	Major	Demonstrative_Examples, References, Relationships
	Minor	None
247	Reliance on DNS Lookups in a Security Decision
	Major	Relationships
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Detection_Factors, Potential_Mitigations, References
	Minor	None
252	Unchecked Return Value
	Major	Demonstrative_Examples, Potential_Mitigations, References
	Minor	None
254	Security Features
	Major	Relationships
	Minor	None
255	Credentials Management
	Major	Relationships
	Minor	None
257	Storing Passwords in a Recoverable Format
	Major	Relationships
	Minor	None
259	Use of Hard-coded Password
	Major	Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships
	Minor	None
264	Permissions, Privileges, and Access Controls
	Major	References
	Minor	None
270	Privilege Context Switching Error
	Major	References
	Minor	None
280	Improper Handling of Insufficient Permissions or Privileges
	Major	Taxonomy_Mappings
	Minor	None
284	Access Control (Authorization) Issues
	Major	References, Taxonomy_Mappings
	Minor	None
285	Improper Access Control (Authorization)
	Major	Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships
	Minor	None
287	Improper Authentication
	Major	Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
	Minor	None
291	Trusting Self-reported IP Address
	Major	Description, Other_Notes
	Minor	None
300	Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
	Major	Taxonomy_Mappings
	Minor	None
302	Authentication Bypass by Assumed-Immutable Data
	Major	Potential_Mitigations, Relationships
	Minor	None
306	Missing Authentication for Critical Function
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
	Minor	None
307	Improper Restriction of Excessive Authentication Attempts
	Major	Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
308	Use of Single-factor Authentication
	Major	Description, Other_Notes
	Minor	None
310	Cryptographic Issues
	Major	References
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
312	Cleartext Storage of Sensitive Information
	Major	References
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	References
	Minor	None
321	Use of Hard-coded Cryptographic Key
	Major	Relationships
	Minor	None
326	Inadequate Encryption Strength
	Major	References
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Detection_Factors, References, Relationships
	Minor	None
330	Use of Insufficiently Random Values
	Major	References, Relationships, Taxonomy_Mappings
	Minor	None
331	Insufficient Entropy
	Major	Taxonomy_Mappings
	Minor	None
340	Predictability Problems
	Major	Taxonomy_Mappings
	Minor	None
344	Use of Invariant Value in Dynamically Changing Context
	Major	Relationships
	Minor	None
345	Insufficient Verification of Data Authenticity
	Major	Taxonomy_Mappings
	Minor	None
351	Insufficient Type Distinction
	Major	Relationships
	Minor	None
352	Cross-Site Request Forgery (CSRF)
	Major	Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings
	Minor	None
359	Privacy Violation
	Major	Other_Notes, References
	Minor	None
360	Trust of System Event Data
	Major	Description, Other_Notes
	Minor	None
362	Race Condition
	Major	Detection_Factors, References, Relationships
	Minor	None
377	Insecure Temporary File
	Major	References
	Minor	None
384	Session Fixation
	Major	Taxonomy_Mappings
	Minor	None
388	Error Handling
	Major	Relationships
	Minor	None
393	Return of Wrong Status Code
	Major	Other_Notes, Relationship_Notes
	Minor	None
400	Uncontrolled Resource Consumption ('Resource Exhaustion')
	Major	Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
	Minor	None
401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
	Major	Relationships
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Potential_Mitigations, Relationships
	Minor	None
405	Asymmetric Resource Consumption (Amplification)
	Major	Taxonomy_Mappings
	Minor	None
410	Insufficient Resource Pool
	Major	References
	Minor	None
416	Use After Free
	Major	Relationships
	Minor	None
425	Direct Request ('Forced Browsing')
	Major	Relationships, Taxonomy_Mappings
	Minor	None
426	Untrusted Search Path
	Major	References, Relationships
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities
	Minor	None
436	Interpretation Conflict
	Major	Relationships, Taxonomy_Mappings
	Minor	None
438	Behavioral Problems
	Major	Relationships
	Minor	None
441	Unintended Proxy/Intermediary
	Major	Taxonomy_Mappings
	Minor	None
444	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
	Major	Taxonomy_Mappings
	Minor	None
454	External Initialization of Trusted Variables or Data Stores
	Major	Description, Name, Relationships
	Minor	None
456	Missing Initialization
	Major	Relationships
	Minor	None
467	Use of sizeof() on a Pointer Type
	Major	Relationships
	Minor	Potential_Mitigations
471	Modification of Assumed-Immutable Data (MAID)
	Major	Potential_Mitigations
	Minor	None
473	PHP External Variable Modification
	Major	Relationships
	Minor	None
476	NULL Pointer Dereference
	Major	Potential_Mitigations, Relationships
	Minor	None
494	Download of Code Without Integrity Check
	Major	Detection_Factors, References, Relationships
	Minor	None
507	Trojan Horse
	Major	References
	Minor	None
537	Information Leak Through Java Runtime Error Message
	Major	Demonstrative_Examples, Potential_Mitigations
	Minor	None
548	Information Leak Through Directory Listing
	Major	Taxonomy_Mappings
	Minor	None
594	J2EE Framework: Saving Unserializable Objects to Disk
	Major	Demonstrative_Examples
	Minor	None
596	Incorrect Semantic Object Comparison
	Major	Detection_Factors
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
	Minor	None
602	Client-Side Enforcement of Server-Side Security
	Major	References
	Minor	None
611	Information Leak Through XML External Entity File Disclosure
	Major	Taxonomy_Mappings
	Minor	None
612	Information Leak Through Indexing of Private Data
	Major	Taxonomy_Mappings
	Minor	None
613	Insufficient Session Expiration
	Major	Taxonomy_Mappings
	Minor	None
623	Unsafe ActiveX Control Marked Safe For Scripting
	Major	References
	Minor	None
628	Function Call with Incorrectly Specified Arguments
	Major	Detection_Factors
	Minor	None
639	Access Control Bypass Through User-Controlled Key
	Major	None
	Minor	Potential_Mitigations
640	Weak Password Recovery Mechanism for Forgotten Password
	Major	Taxonomy_Mappings
	Minor	None
642	External Control of Critical State Data
	Major	Potential_Mitigations
	Minor	None
643	Failure to Sanitize Data within XPath Expressions ('XPath injection')
	Major	Taxonomy_Mappings
	Minor	None
652	Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')
	Major	Taxonomy_Mappings
	Minor	None
664	Improper Control of a Resource Through its Lifetime
	Major	Relationships
	Minor	None
665	Improper Initialization
	Major	Potential_Mitigations
	Minor	None
669	Incorrect Resource Transfer Between Spheres
	Major	Relationships
	Minor	None
671	Lack of Administrator Control over Security
	Major	Relationships
	Minor	None
672	Operation on a Resource after Expiration or Release
	Major	Demonstrative_Examples, Description, Name, Relationships
	Minor	None
676	Use of Potentially Dangerous Function
	Major	Demonstrative_Examples, Other_Notes, References, Relationship_Notes
	Minor	None
681	Incorrect Conversion between Numeric Types
	Major	Relationships
	Minor	None
682	Incorrect Calculation
	Major	Potential_Mitigations
	Minor	None
685	Function Call With Incorrect Number of Arguments
	Major	Detection_Factors
	Minor	None
687	Function Call With Incorrectly Specified Argument Value
	Major	Detection_Factors
	Minor	None
688	Function Call With Incorrect Variable or Reference as Argument
	Major	Detection_Factors
	Minor	None
691	Insufficient Control Flow Management
	Major	Relationships, Taxonomy_Mappings
	Minor	None
693	Protection Mechanism Failure
	Major	Relationships
	Minor	None
703	Failure to Handle Exceptional Conditions
	Major	Relationships
	Minor	None
706	Use of Incorrectly-Resolved Name or Reference
	Major	Relationships
	Minor	None
724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
	Major	Relationships
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Relationships
	Minor	None
733	Compiler Optimization Removal or Modification of Security-critical Code
	Major	References
	Minor	None
749	Exposed Dangerous Method or Function
	Major	Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
	Minor	None
751	2009 Top 25 - Insecure Interaction Between Components
	Major	Name
	Minor	None
752	2009 Top 25 - Risky Resource Management
	Major	Name
	Minor	None
753	2009 Top 25 - Porous Defenses
	Major	Name, Relationships
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships
	Minor	Applicable_Platforms
759	Use of a One-Way Hash without a Salt
	Major	References
	Minor	None
760	Use of a One-Way Hash with a Predictable Salt
	Major	References
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships
	Minor	None
776	Unrestricted Recursive Entity References in DTDs ('XML Bomb')
	Major	Taxonomy_Mappings
	Minor	None
784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
	Major	Demonstrative_Examples, References, Relationships
	Minor	None
787	Out-of-bounds Write
	Major	Demonstrative_Examples
	Minor	None
789	Uncontrolled Memory Allocation
	Major	Taxonomy_Mappings
	Minor	None
790	Improper Filtering of Special Elements
	Major	Demonstrative_Examples
	Minor	None
791	Incomplete Filtering of Special Elements
	Major	Demonstrative_Examples
	Minor	None
792	Incomplete Filtering of One or More Instances of Special Elements
	Major	Demonstrative_Examples
	Minor	None
793	Only Filtering One Instance of a Special Element
	Major	Demonstrative_Examples
	Minor	None
794	Incomplete Filtering of Multiple Instances of Special Elements
	Major	Demonstrative_Examples
	Minor	None
1000	Research Concepts
	Major	Relationships
	Minor	None

Page Last Updated: January 05, 2017


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration

Differences between 1.7 and 1.8 Differences between 1.7 and 1.8