CWE - Differences between Version 1.8.1 and Version 1.9

Home > CWE List > Reports > Differences between Version 1.8.1 and Version 1.9

Differences between Version 1.8.1 and Version 1.9

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total (Version 1.9)	821
Total (Version 1.8.1)	810
Total new	11
Total deprecated	0
Total shared	810
Total important changes	70
Total major changes	155
Total minor changes	6
Total minor changes (no major)
Total unchanged	655

Summary of Entry Types

Type	Version 1.8.1	Version 1.9
Category	109	119
Chain	3	3
Composite	6	6
Deprecated	11	11
View	23	24
Weakness	658	658

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	22	2
Description	55	0
Applicable_Platforms	1	0
Time_of_Introduction	0	0
Demonstrative_Examples	23	3
Detection_Factors	19	0
Likelihood_of_Exploit	0	0
Common_Consequences	25	0
Relationships	18	0
References	26	0
Potential_Mitigations	89	1
Observed_Examples	6	0
Terminology_Notes	1	0
Alternate_Terms	0	0
Related_Attack_Patterns	0	0
Relationship_Notes	5	0
Taxonomy_Mappings	1	0
Maintenance_Notes	3	0
Modes_of_Introduction	0	0
Affected_Resources	0	0
Functional_Areas	0	0
Research_Gaps	2	0
Background_Details	0	0
Theoretical_Notes	0	0
Weakness_Ordinalities	0	0
White_Box_Definitions	0	0
Enabling_Factors_for_Exploitation	1	0
Other_Notes	9	0
Relevant_Properties	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Common_Methods_of_Exploitation	0	0
Type	2	0
Causal_Nature	0	0
Source_Taxonomy	0	0
Context_Notes	0	0
Black_Box_Definitions	0	0

Form and Abstraction Changes

From	To	Total
Unchanged		808
Weakness/Base	Weakness/Variant	1
Weakness/Variant	Weakness/Base	1

Status Changes

From	To	Total
Unchanged		810

Relationship Changes

The "Version 1.9 Total" lists the total number of relationships in Version 1.9. The "Shared" value is the total number of relationships in entries that were in both Version 1.9 and Version 1.8.1. The "New" value is the total number of relationships involving entries that did not exist in Version 1.8.1. Thus, the total number of relationships in Version 1.9 would combine stats from Shared entries and New entries.

Relationship	Version 1.9 Total	Version 1.8.1 Total	Version 1.9 Shared	Unchanged	Version 1.9 New
ALL	4874	4818	4818	4818	56
ChildOf	2096	2078	2078	2078	18
ParentOf	2096	2078	2078	2078	18
MemberOf	119	109	109	109	10
HasMember	119	109	109	109	10
CanPrecede	90	90	90	90
CanFollow	90	90	90	90
StartsWith	3	3	3	3
Requires	19	19	19	19
RequiredBy	19	19	19	19
CanAlsoBe	37	37	37	37
PeerOf	186	186	186	186

Nodes Removed from Version 1.8.1

CWE-ID	CWE Name
None.

Nodes Added to Version 1.9

CWE-ID	CWE Name
809	Weaknesses in OWASP Top Ten (2010)
810	OWASP Top Ten 2010 Category A1 - Injection
811	OWASP Top Ten 2010 Category A2 - Cross-Site Scripting (XSS)
812	OWASP Top Ten 2010 Category A3 - Broken Authentication and Session Management
813	OWASP Top Ten 2010 Category A4 - Insecure Direct Object References
814	OWASP Top Ten 2010 Category A5 - Cross-Site Request Forgery(CSRF)
815	OWASP Top Ten 2010 Category A6 - Security Misconfiguration
816	OWASP Top Ten 2010 Category A7 - Insecure Cryptographic Storage
817	OWASP Top Ten 2010 Category A8 - Failure to Restrict URL Access
818	OWASP Top Ten 2010 Category A9 - Insufficient Transport Layer Protection
819	OWASP Top Ten 2010 Category A10 - Unvalidated Redirects and Forwards

Nodes Deprecated in Version 1.9

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

D		R	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
D			23	Relative Path Traversal
D			24	Path Traversal: '../filedir'
D			25	Path Traversal: '/../filedir'
D			26	Path Traversal: '/dir/../filename'
D			27	Path Traversal: 'dir/../../filename'
D			28	Path Traversal: '..\filedir'
D			29	Path Traversal: '\..\filename'
D			30	Path Traversal: '\dir\..\filename'
D			31	Path Traversal: 'dir\..\..\filename'
D			32	Path Traversal: '...' (Triple Dot)
D			33	Path Traversal: '....' (Multiple Dot)
D			34	Path Traversal: '....//'
D			35	Path Traversal: '.../...//'
D			36	Absolute Path Traversal
D	N		74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
D	N		76	Improper Neutralization of Equivalent Special Elements
D	N		77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
D	N	R	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
D	N	R	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
D	N		80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
D	N		81	Improper Neutralization of Script in an Error Message Web Page
D	N		82	Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
D	N		84	Improper Neutralization of Encoded URI Schemes in a Web Page
D	N		87	Improper Neutralization of Alternate XSS Syntax
		R	88	Argument Injection or Modification
D	N	R	89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
D	N	R	90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
D		R	91	XML Injection (aka Blind XPath Injection)
D			92	DEPRECATED: Improper Sanitization of Custom Special Characters
D	N		93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
D			94	Failure to Control Generation of Code ('Code Injection')
D	N		95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
D	N		97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
D	N		113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
D	N		117	Improper Output Neutralization for Logs
D			139	DEPRECATED: General Special Element Problems
D	N		140	Improper Neutralization of Delimiters
D			145	Improper Neutralization of Section Delimiters
D			146	Improper Neutralization of Expression/Command Delimiters
	N		148	Improper Neutralization of Input Leaders
	N		149	Improper Neutralization of Quoting Syntax
D			181	Incorrect Behavior Order: Validate Before Filter
D			182	Collapse of Data into Unsafe Value
		R	219	Sensitive Data Under Web Root
		R	285	Improper Access Control (Authorization)
		R	287	Improper Authentication
		R	312	Cleartext Storage of Sensitive Information
		R	319	Cleartext Transmission of Sensitive Information
		R	326	Inadequate Encryption Strength
		R	327	Use of a Broken or Risky Cryptographic Algorithm
		R	352	Cross-Site Request Forgery (CSRF)
	N		374	Passing Mutable Objects to an Untrusted Method
D			400	Uncontrolled Resource Consumption ('Resource Exhaustion')
D			476	NULL Pointer Dereference
D			483	Incorrect Block Delimitation
D			566	Access Control Bypass Through User-Controlled SQL Primary Key
		R	601	URL Redirection to Untrusted Site ('Open Redirect')
D			628	Function Call with Incorrectly Specified Arguments
		R	639	Access Control Bypass Through User-Controlled Key
D	N		641	Improper Restriction of Names for Files and Other Resources
D			644	Improper Neutralization of HTTP Headers for Scripting Syntax
		R	732	Incorrect Permission Assignment for Critical Resource
D			762	Mismatched Memory Management Routines
D			763	Release of Invalid Pointer or Reference
D			769	File Descriptor Exhaustion
D			777	Regular Expression without Anchors
D			792	Incomplete Filtering of One or More Instances of Special Elements
D			794	Incomplete Filtering of Multiple Instances of Special Elements
D			795	Only Filtering Special Elements at a Specified Location

Detailed Difference Report

6	J2EE Misconfiguration: Insufficient Session-ID Length
	Major	Demonstrative_Examples
	Minor	None
20	Improper Input Validation
	Major	Potential_Mitigations, Research_Gaps, Terminology_Notes
	Minor	None
22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
	Major	Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations, References, Relationships
	Minor	None
23	Relative Path Traversal
	Major	Description, Potential_Mitigations
	Minor	None
24	Path Traversal: '../filedir'
	Major	Description, Potential_Mitigations
	Minor	None
25	Path Traversal: '/../filedir'
	Major	Description, Potential_Mitigations
	Minor	None
26	Path Traversal: '/dir/../filename'
	Major	Description, Potential_Mitigations
	Minor	None
27	Path Traversal: 'dir/../../filename'
	Major	Description, Potential_Mitigations
	Minor	None
28	Path Traversal: '..\filedir'
	Major	Description, Potential_Mitigations
	Minor	None
29	Path Traversal: '\..\filename'
	Major	Description, Potential_Mitigations
	Minor	None
30	Path Traversal: '\dir\..\filename'
	Major	Description, Potential_Mitigations
	Minor	None
31	Path Traversal: 'dir\..\..\filename'
	Major	Description, Potential_Mitigations
	Minor	None
32	Path Traversal: '...' (Triple Dot)
	Major	Description, Maintenance_Notes, Potential_Mitigations
	Minor	None
33	Path Traversal: '....' (Multiple Dot)
	Major	Description, Potential_Mitigations
	Minor	None
34	Path Traversal: '....//'
	Major	Description, Potential_Mitigations
	Minor	None
35	Path Traversal: '.../...//'
	Major	Description, Potential_Mitigations
	Minor	None
36	Absolute Path Traversal
	Major	Demonstrative_Examples, Description
	Minor	None
38	Path Traversal: '\absolute\pathname\here'
	Major	Potential_Mitigations
	Minor	None
39	Path Traversal: 'C:dirname'
	Major	Potential_Mitigations
	Minor	None
40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
	Major	Potential_Mitigations
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Description, Name
	Minor	None
76	Improper Neutralization of Equivalent Special Elements
	Major	Description, Name
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Description, Name
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Common_Consequences, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Relationships
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Common_Consequences, Description, Name, Potential_Mitigations, References, Relationships
	Minor	None
80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
	Major	Demonstrative_Examples, Description, Name, Potential_Mitigations
	Minor	None
81	Improper Neutralization of Script in an Error Message Web Page
	Major	Description, Name, Potential_Mitigations
	Minor	None
82	Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
	Major	Description, Name, Potential_Mitigations
	Minor	None
83	Improper Neutralization of Script in Attributes in a Web Page
	Major	Potential_Mitigations
	Minor	None
84	Improper Neutralization of Encoded URI Schemes in a Web Page
	Major	Description, Name, Potential_Mitigations
	Minor	None
85	Doubled Character XSS Manipulations
	Major	Potential_Mitigations
	Minor	None
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
	Major	Potential_Mitigations
	Minor	None
87	Improper Neutralization of Alternate XSS Syntax
	Major	Demonstrative_Examples, Description, Name, Potential_Mitigations
	Minor	None
88	Argument Injection or Modification
	Major	Observed_Examples, Relationships
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, References, Relationships
	Minor	None
90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
	Major	Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Description, Relationships
	Minor	None
92	DEPRECATED: Improper Sanitization of Custom Special Characters
	Major	Description, Maintenance_Notes
	Minor	None
93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
	Major	Description, Name
	Minor	None
94	Failure to Control Generation of Code ('Code Injection')
	Major	Description, Potential_Mitigations
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Description, Name
	Minor	None
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
	Major	Potential_Mitigations
	Minor	None
97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
	Major	Description, Name, Type
	Minor	None
98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
	Major	Potential_Mitigations, References
	Minor	None
103	Struts: Incomplete validate() Method Definition
	Major	Demonstrative_Examples
	Minor	None
104	Struts: Form Bean Does Not Extend Validation Class
	Major	Demonstrative_Examples
	Minor	None
105	Struts: Form Field Without Validator
	Major	Demonstrative_Examples
	Minor	None
106	Struts: Plug-in Framework not in Use
	Major	Demonstrative_Examples
	Minor	None
107	Struts: Unused Validation Form
	Major	Demonstrative_Examples
	Minor	None
109	Struts: Validator Turned Off
	Major	Other_Notes
	Minor	None
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
	Major	Description, Name
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Potential_Mitigations
	Minor	None
117	Improper Output Neutralization for Logs
	Major	Description, Name
	Minor	None
119	Failure to Constrain Operations within the Bounds of a Memory Buffer
	Major	Potential_Mitigations
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	Demonstrative_Examples
129	Improper Validation of Array Index
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References
	Minor	None
139	DEPRECATED: General Special Element Problems
	Major	Description
	Minor	None
140	Improper Neutralization of Delimiters
	Major	Description, Name
	Minor	None
145	Improper Neutralization of Section Delimiters
	Major	Description
	Minor	None
146	Improper Neutralization of Expression/Command Delimiters
	Major	Applicable_Platforms, Description, Relationship_Notes
	Minor	None
148	Improper Neutralization of Input Leaders
	Major	Name
	Minor	None
149	Improper Neutralization of Quoting Syntax
	Major	Name
	Minor	None
178	Failure to Resolve Case Sensitivity
	Major	Demonstrative_Examples
	Minor	None
179	Incorrect Behavior Order: Early Validation
	Major	Research_Gaps
	Minor	None
181	Incorrect Behavior Order: Validate Before Filter
	Major	Description, Observed_Examples
	Minor	Potential_Mitigations
182	Collapse of Data into Unsafe Value
	Major	Description, Observed_Examples
	Minor	Name
184	Incomplete Blacklist
	Major	Demonstrative_Examples
	Minor	None
190	Integer Overflow or Wraparound
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
209	Information Exposure Through an Error Message
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References
	Minor	None
210	Product-Generated Error Message Information Leak
	Major	Potential_Mitigations
	Minor	None
211	Product-External Error Message Information Leak
	Major	Potential_Mitigations
	Minor	None
212	Improper Cross-boundary Removal of Sensitive Data
	Major	Potential_Mitigations
	Minor	None
219	Sensitive Data Under Web Root
	Major	Relationships
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
252	Unchecked Return Value
	Major	Demonstrative_Examples, References
	Minor	None
259	Use of Hard-coded Password
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
265	Privilege / Sandbox Issues
	Major	Potential_Mitigations
	Minor	None
266	Incorrect Privilege Assignment
	Major	Potential_Mitigations
	Minor	None
267	Privilege Defined With Unsafe Actions
	Major	Potential_Mitigations
	Minor	None
268	Privilege Chaining
	Major	Potential_Mitigations
	Minor	None
269	Improper Privilege Management
	Major	Potential_Mitigations
	Minor	None
270	Privilege Context Switching Error
	Major	Potential_Mitigations
	Minor	None
271	Privilege Dropping / Lowering Errors
	Major	Potential_Mitigations
	Minor	None
272	Least Privilege Violation
	Major	Potential_Mitigations
	Minor	Demonstrative_Examples
282	Improper Ownership Management
	Major	Potential_Mitigations
	Minor	None
283	Unverified Ownership
	Major	Potential_Mitigations
	Minor	None
284	Access Control (Authorization) Issues
	Major	Potential_Mitigations
	Minor	None
285	Improper Access Control (Authorization)
	Major	Common_Consequences, References, Relationships
	Minor	None
287	Improper Authentication
	Major	Relationships
	Minor	None
306	Missing Authentication for Critical Function
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
312	Cleartext Storage of Sensitive Information
	Major	Relationships
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	Detection_Factors, Relationships
	Minor	None
326	Inadequate Encryption Strength
	Major	Relationships
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships
	Minor	None
330	Use of Insufficiently Random Values
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
332	Insufficient Entropy in PRNG
	Major	Potential_Mitigations
	Minor	None
334	Small Space of Random Values
	Major	Potential_Mitigations
	Minor	None
336	Same Seed in PRNG
	Major	Potential_Mitigations
	Minor	None
337	Predictable Seed in PRNG
	Major	Potential_Mitigations
	Minor	None
339	Small Seed Space in PRNG
	Major	Observed_Examples, Potential_Mitigations
	Minor	None
341	Predictable from Observable State
	Major	Potential_Mitigations
	Minor	None
342	Predictable Exact Value from Previous Values
	Major	Potential_Mitigations
	Minor	None
343	Predictable Value Range from Previous Values
	Major	Potential_Mitigations
	Minor	None
344	Use of Invariant Value in Dynamically Changing Context
	Major	Potential_Mitigations
	Minor	None
352	Cross-Site Request Forgery (CSRF)
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships
	Minor	None
362	Race Condition
	Major	Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References
	Minor	None
374	Passing Mutable Objects to an Untrusted Method
	Major	Name, Taxonomy_Mappings
	Minor	Demonstrative_Examples
400	Uncontrolled Resource Consumption ('Resource Exhaustion')
	Major	Description
	Minor	None
401	Failure to Release Memory Before Removing Last Reference ('Memory Leak')
	Major	Other_Notes, Potential_Mitigations
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
406	Insufficient Control of Network Message Volume (Network Amplification)
	Major	Other_Notes, Relationship_Notes
	Minor	None
408	Incorrect Behavior Order: Early Amplification
	Major	Other_Notes, Relationship_Notes
	Minor	None
413	Insufficient Resource Locking
	Major	Demonstrative_Examples
	Minor	None
416	Use After Free
	Major	Potential_Mitigations
	Minor	None
426	Untrusted Search Path
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
428	Unquoted Search Path or Element
	Major	Other_Notes
	Minor	None
434	Unrestricted Upload of File with Dangerous Type
	Major	References, Relationship_Notes
	Minor	None
441	Unintended Proxy/Intermediary
	Major	Other_Notes
	Minor	None
453	Insecure Default Variable Initialization
	Major	Maintenance_Notes, Other_Notes
	Minor	None
456	Missing Initialization
	Major	Other_Notes, Relationship_Notes
	Minor	None
476	NULL Pointer Dereference
	Major	Demonstrative_Examples, Description, Detection_Factors, Potential_Mitigations
	Minor	None
478	Missing Default Case in Switch Statement
	Major	Demonstrative_Examples
	Minor	None
483	Incorrect Block Delimitation
	Major	Demonstrative_Examples, Description, Other_Notes
	Minor	None
494	Download of Code Without Integrity Check
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References
	Minor	None
546	Suspicious Comment
	Major	Demonstrative_Examples
	Minor	None
564	SQL Injection: Hibernate
	Major	Potential_Mitigations
	Minor	None
566	Access Control Bypass Through User-Controlled SQL Primary Key
	Major	Description
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Common_Consequences, Potential_Mitigations, References, Relationships
	Minor	None
608	Struts: Non-private Field in ActionForm Class
	Major	Demonstrative_Examples
	Minor	None
628	Function Call with Incorrectly Specified Arguments
	Major	Description
	Minor	None
639	Access Control Bypass Through User-Controlled Key
	Major	Relationships
	Minor	None
641	Improper Restriction of Names for Files and Other Resources
	Major	Description, Name, Type
	Minor	None
642	External Control of Critical State Data
	Major	Potential_Mitigations
	Minor	None
643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')
	Major	Enabling_Factors_for_Exploitation
	Minor	Name
644	Improper Neutralization of HTTP Headers for Scripting Syntax
	Major	Demonstrative_Examples, Description, Observed_Examples
	Minor	None
665	Improper Initialization
	Major	Detection_Factors, Potential_Mitigations
	Minor	None
682	Incorrect Calculation
	Major	Potential_Mitigations
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References, Relationships
	Minor	None
749	Exposed Dangerous Method or Function
	Major	Common_Consequences
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Common_Consequences, Detection_Factors, Potential_Mitigations, References
	Minor	None
762	Mismatched Memory Management Routines
	Major	Description, Potential_Mitigations
	Minor	None
763	Release of Invalid Pointer or Reference
	Major	Description
	Minor	None
769	File Descriptor Exhaustion
	Major	Description
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Potential_Mitigations
	Minor	None
777	Regular Expression without Anchors
	Major	Description
	Minor	None
792	Incomplete Filtering of One or More Instances of Special Elements
	Major	Description
	Minor	None
794	Incomplete Filtering of Multiple Instances of Special Elements
	Major	Description
	Minor	None
795	Only Filtering Special Elements at a Specified Location
	Major	Description
	Minor	None
798	Use of Hard-coded Credentials
	Major	Common_Consequences, References
	Minor	None
804	Guessable CAPTCHA
	Major	Common_Consequences
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None
807	Reliance on Untrusted Inputs in a Security Decision
	Major	Common_Consequences, Potential_Mitigations, References
	Minor	None

Page Last Updated: January 05, 2017


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration