CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities
New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between Version 3.0 and Version 3.1  
ID

Differences between Version 3.0 and Version 3.1

Summary
Summary
Total entries (Version 3.1) 1040
Total weaknesses/chains/composites (Version 3.1) 716
Total entries (Version 3.0) 1023
Total weaknesses/chains/composites (Version 3.0) 714
Total new 17
Total deprecated 4
Total shared 1023
Total important changes 94
Total major changes 145
Total minor changes 96
Total minor changes (no major) 78
Total unchanged 800

Summary of Entry Types

Type Version 3.0 Version 3.1
Category 237 247
Chain 3 3
Composite 5 4
Deprecated 41 45
View 31 32
Weakness 706 709

Back to top
Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 9 0
Description 18 3
Applicable_Platforms 1 1
Time_of_Introduction 8 0
Demonstrative_Examples 10 0
Detection_Factors 2 0
Likelihood_of_Exploit 0 0
Common_Consequences 8 0
Relationships 85 0
References 63 89
Potential_Mitigations 11 3
Observed_Examples 6 0
Terminology_Notes 0 0
Alternate_Terms 3 0
Related_Attack_Patterns 0 0
Relationship_Notes 3 0
Taxonomy_Mappings 3 0
Maintenance_Notes 2 0
Modes_of_Introduction 6 0
Affected_Resources 1 0
Functional_Areas 0 0
Research_Gaps 1 0
Background_Details 1 0
Theoretical_Notes 0 0
Weakness_Ordinalities 0 0
White_Box_Definitions 0 0
Enabling_Factors_for_Exploitation 0 0
Other_Notes 3 0
Relevant_Properties 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 3 0
Common_Methods_of_Exploitation 0 0
Type 11 0
Causal_Nature 0 0
Source_Taxonomy 0 0
Context_Notes 0 0
Black_Box_Definitions 0 0

Form and Abstraction Changes

From To Total CWE IDs
Unchanged 1012
Composite Weakness/Base 1 426
Weakness/Base Deprecated 1 596
Weakness/Base Weakness/Class 1 400
Weakness/Base Weakness/Variant 5 14, 187, 312, 319, 595
Weakness/Variant Deprecated 3 533, 534, 542

Status Changes

From To Total
Unchanged 1018
Draft Deprecated 1
Draft Incomplete 1
Incomplete Deprecated 3

Relationship Changes

The "Version 3.1 Total" lists the total number of relationships in Version 3.1. The "Shared" value is the total number of relationships in entries that were in both Version 3.1 and Version 3.0. The "New" value is the total number of relationships involving entries that did not exist in Version 3.0. Thus, the total number of relationships in Version 3.1 would combine stats from Shared entries and New entries.

Relationship Version 3.1 Total Version 3.0 Total Version 3.1 Shared Unchanged Added to Version 3.1 Removed from Version 3.0 Version 3.1 New
ALL 8227 8132 8079 8062 17 70 148
ChildOf 3528 3490 3464 3458 6 32 64
ParentOf 3528 3490 3464 3458 6 32 64
MemberOf 359 349 349 349 10
HasMember 359 349 349 349 10
CanPrecede 130 130 130 130
CanFollow 130 130 130 130
StartsWith 3 3 3 3
Requires 14 17 14 14 3
RequiredBy 14 17 14 14 3
CanAlsoBe 32 29 32 29 3
PeerOf 130 128 130 128 2

Nodes Removed from Version 3.0

CWE-ID CWE Name
None.

Nodes Added to Version 3.1

CWE-ID CWE Name
1023 Incomplete Comparison with Missing Factors
1024 Comparison of Incompatible Types
1025 Comparison Using Wrong Factors
1026 Weaknesses in OWASP Top Ten (2017)
1027 OWASP Top Ten 2017 Category A1 - Injection
1028 OWASP Top Ten 2017 Category A2 - Broken Authentication
1029 OWASP Top Ten 2017 Category A3 - Sensitive Data Exposure
1030 OWASP Top Ten 2017 Category A4 - XML External Entities (XXE)
1031 OWASP Top Ten 2017 Category A5 - Broken Access Control
1032 OWASP Top Ten 2017 Category A6 - Security Misconfiguration
1033 OWASP Top Ten 2017 Category A7 - Cross-Site Scripting (XSS)
1034 OWASP Top Ten 2017 Category A8 - Insecure Deserialization
1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
1036 OWASP Top Ten 2017 Category A10 - Insufficient Logging & Monitoring
1037 Processor Optimization Removal or Modification of Security-critical Code
1038 Insecure Automated Optimizations
1039 Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations

Nodes Deprecated in Version 3.1

CWE-ID CWE Name
533 DEPRECATED: Information Exposure Through Server Log Files
534 DEPRECATED: Information Exposure Through Debug Log Files
542 DEPRECATED: Information Exposure Through Cleanup Log Files
596 DEPRECATED: Incorrect Semantic Object Comparison
Back to top
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

R 16 Configuration
R 19 Data Processing Errors
R 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
R 77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
R 78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
D R 79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
R 88 Argument Injection or Modification
R 89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
R 90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
R 91 XML Injection (aka Blind XPath Injection)
D 125 Out-of-bounds Read
R 171 Cleansing, Canonicalization, and Comparison Errors
R 184 Incomplete Blacklist
NR 187 Partial String Comparison
R 209 Information Exposure Through an Error Message
R 216 Containment Errors (Container Errors)
R 220 Sensitive Data Under FTP Root
R 223 Omission of Security-relevant Information
NR 256 Unprotected Storage of Credentials
R 275 Permission Issues
R 284 Improper Access Control
R 285 Improper Authorization
R 287 Improper Authentication
R 295 Improper Certificate Validation
D 297 Improper Validation of Certificate with Host Mismatch
R 308 Use of Single-factor Authentication
R 310 Cryptographic Issues
R 311 Missing Encryption of Sensitive Data
R 312 Cleartext Storage of Sensitive Information
R 319 Cleartext Transmission of Sensitive Information
R 320 Key Management Errors
R 325 Missing Required Cryptographic Step
R 326 Inadequate Encryption Strength
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 328 Reversible One-Way Hash
R 359 Exposure of Private Information ('Privacy Violation')
R 372 Incomplete Internal State Distinction
R 384 Session Fixation
R 425 Direct Request ('Forced Browsing')
R 426 Untrusted Search Path
R 428 Unquoted Search Path or Element
DNR 435 Improper Interaction Between Multiple Correctly-Behaving Entities
R 438 Behavioral Problems
R 471 Modification of Assumed-Immutable Data (MAID)
R 478 Missing Default Case in Switch Statement
R 486 Comparison of Classes by Name
R 502 Deserialization of Untrusted Data
R 522 Insufficiently Protected Credentials
R 523 Unprotected Transport of Credentials
D R 532 Information Exposure Through Log Files
DNR 533 DEPRECATED: Information Exposure Through Server Log Files
DNR 534 DEPRECATED: Information Exposure Through Debug Log Files
DNR 542 DEPRECATED: Information Exposure Through Cleanup Log Files
R 548 Information Exposure Through Directory Listing
R 564 SQL Injection: Hibernate
R 569 Expression Issues
R 581 Object Model Violation: Just One of Equals and Hashcode Defined
D R 595 Comparison of Object References Instead of Object Contents
DNR 596 DEPRECATED: Incorrect Semantic Object Comparison
R 611 Improper Restriction of XML External Entity Reference ('XXE')
R 613 Insufficient Session Expiration
R 620 Unverified Password Change
R 639 Authorization Bypass Through User-Controlled Key
R 640 Weak Password Recovery Mechanism for Forgotten Password
R 643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
R 652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
R 664 Improper Control of a Resource Through its Lifetime
R 693 Protection Mechanism Failure
DNR 697 Incorrect Comparison
D 699 Development Concepts
R 706 Use of Incorrectly-Resolved Name or Reference
R 731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
R 733 Compiler Optimization Removal or Modification of Security-critical Code
R 758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
R 776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
R 778 Insufficient Logging
D 787 Out-of-bounds Write
D 839 Numeric Range Comparison Without Minimum Check
R 840 Business Logic Errors
R 857 CERT Java Secure Coding Section 12 - Input Output (FIO)
R 917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
R 929 OWASP Top Ten 2013 Category A1 - Injection
R 930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
R 932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
R 934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
R 935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
R 943 Improper Neutralization of Special Elements in Data Query Logic
R 963 SFP Secondary Cluster: Exposed Data
R 977 SFP Secondary Cluster: Design
D 1000 Research Concepts
D 1007 Insufficient Visual Distinction of Homoglyphs Presented to User
D 1008 Architectural Concepts
DN 1022 Use of Web Link to Untrusted Target with window.opener Access
Back to top
Detailed Difference Report
Detailed Difference Report
13 ASP.NET Misconfiguration: Password in Configuration File
Major Demonstrative_Examples
Minor None
14 Compiler Removal of Code to Clear Buffers
Major References, Type
Minor None
16 Configuration
Major Relationships
Minor None
19 Data Processing Errors
Major Relationships
Minor None
20 Improper Input Validation
Major References
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major References, Relationships
Minor None
23 Relative Path Traversal
Major None
Minor References
36 Absolute Path Traversal
Major None
Minor References
40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Major None
Minor References
58 Path Equivalence: Windows 8.3 Filename
Major References
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major None
Minor References
61 UNIX Symbolic Link (Symlink) Following
Major None
Minor References
62 UNIX Hard Link
Major None
Minor References
65 Windows Hard Link
Major None
Minor References
67 Improper Handling of Windows Device Names
Major References
Minor None
69 Improper Handling of Windows ::DATA Alternate Data Stream
Major References
Minor None
74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Major Relationships
Minor None
77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
Major Relationships
Minor None
78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Major Relationships
Minor References
79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Major Alternate_Terms, Demonstrative_Examples, Description, Observed_Examples, References, Relationship_Notes, Relationships
Minor Applicable_Platforms
88 Argument Injection or Modification
Major Relationships
Minor References
89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Major References, Relationships
Minor None
90 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Major Relationships
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Relationships
Minor References
95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major None
Minor References
116 Improper Encoding or Escaping of Output
Major References
Minor None
119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Major References
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major References
Minor None
121 Stack-based Buffer Overflow
Major References
Minor None
122 Heap-based Buffer Overflow
Major References
Minor None
125 Out-of-bounds Read
Major Description
Minor None
126 Buffer Over-read
Major Demonstrative_Examples
Minor None
128 Wrap-around Error
Major None
Minor References
129 Improper Validation of Array Index
Major References
Minor None
131 Incorrect Calculation of Buffer Size
Major References
Minor Potential_Mitigations
134 Use of Externally-Controlled Format String
Major References
Minor None
135 Incorrect Calculation of Multi-Byte String Length
Major References
Minor None
141 Improper Neutralization of Parameter/Argument Delimiters
Major None
Minor References
142 Improper Neutralization of Value Delimiters
Major None
Minor References
143 Improper Neutralization of Record Delimiters
Major None
Minor References
144 Improper Neutralization of Line Delimiters
Major None
Minor References
145 Improper Neutralization of Section Delimiters
Major None
Minor References
146 Improper Neutralization of Expression/Command Delimiters
Major None
Minor References
158 Improper Neutralization of Null Byte or NUL Character
Major None
Minor References
170 Improper Null Termination
Major Demonstrative_Examples
Minor None
171 Cleansing, Canonicalization, and Comparison Errors
Major References, Relationships
Minor None
176 Improper Handling of Unicode Encoding
Major None
Minor References
179 Incorrect Behavior Order: Early Validation
Major None
Minor References
182 Collapse of Data into Unsafe Value
Major None
Minor References
183 Permissive Whitelist
Major None
Minor References
184 Incomplete Blacklist
Major Observed_Examples, Relationships
Minor References
185 Incorrect Regular Expression
Major References
Minor None
187 Partial String Comparison
Major Name, Observed_Examples, Relationships, Type
Minor None
188 Reliance on Data/Memory Layout
Major None
Minor References
190 Integer Overflow or Wraparound
Major References
Minor Potential_Mitigations
192 Integer Coercion Error
Major None
Minor References
193 Off-by-one Error
Major Demonstrative_Examples
Minor References
195 Signed to Unsigned Conversion Error
Major None
Minor References
196 Unsigned to Signed Conversion Error
Major None
Minor References
197 Numeric Truncation Error
Major None
Minor References
209 Information Exposure Through an Error Message
Major References, Relationships
Minor None
210 Information Exposure Through Self-generated Error Message
Major None
Minor References
216 Containment Errors (Container Errors)
Major Relationships
Minor None
220 Sensitive Data Under FTP Root
Major Relationships
Minor None
223 Omission of Security-relevant Information
Major Relationships
Minor References
224 Obscured Security-relevant Information by Alternate Name
Major References
Minor None
242 Use of Inherently Dangerous Function
Major References
Minor None
250 Execution with Unnecessary Privileges
Major References
Minor None
252 Unchecked Return Value
Major References
Minor None
253 Incorrect Check of Function Return Value
Major None
Minor References
256 Unprotected Storage of Credentials
Major Name, Relationships
Minor None
264 Permissions, Privileges, and Access Controls
Major References
Minor None
269 Improper Privilege Management
Major None
Minor References
270 Privilege Context Switching Error
Major References
Minor None
271 Privilege Dropping / Lowering Errors
Major None
Minor References
275 Permission Issues
Major Relationships
Minor None
276 Incorrect Default Permissions
Major None
Minor References
284 Improper Access Control
Major References, Relationships
Minor Description
285 Improper Authorization
Major References, Relationships
Minor None
287 Improper Authentication
Major References, Relationships
Minor None
290 Authentication Bypass by Spoofing
Major None
Minor References
293 Using Referer Field for Authentication
Major None
Minor References
295 Improper Certificate Validation
Major Background_Details, Modes_of_Introduction, Potential_Mitigations, Relationships
Minor None
296 Improper Following of a Certificate's Chain of Trust
Major Modes_of_Introduction, Observed_Examples, Potential_Mitigations, Time_of_Introduction
Minor None
297 Improper Validation of Certificate with Host Mismatch
Major Common_Consequences, Description, Detection_Factors, Modes_of_Introduction, Potential_Mitigations, References, Time_of_Introduction
Minor None
298 Improper Validation of Certificate Expiration
Major Common_Consequences, Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction
Minor None
299 Improper Check for Certificate Revocation
Major Modes_of_Introduction, Potential_Mitigations, Time_of_Introduction
Minor None
301 Reflection Attack in an Authentication Protocol
Major None
Minor References
308 Use of Single-factor Authentication
Major Relationships
Minor None
310 Cryptographic Issues
Major References, Relationships
Minor None
311 Missing Encryption of Sensitive Data
Major References, Relationships
Minor None
312 Cleartext Storage of Sensitive Information
Major References, Relationships, Type
Minor None
319 Cleartext Transmission of Sensitive Information
Major References, Relationships, Type
Minor None
320 Key Management Errors
Major Relationships
Minor None
322 Key Exchange without Entity Authentication
Major None
Minor References
325 Missing Required Cryptographic Step
Major Relationships
Minor None
326 Inadequate Encryption Strength
Major References, Relationships
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major References, Relationships
Minor None
328 Reversible One-Way Hash
Major Relationships
Minor References
329 Not Using a Random IV with CBC Mode
Major None
Minor References
330 Use of Insufficiently Random Values
Major References
Minor None
350 Reliance on Reverse DNS Resolution for a Security-Critical Action
Major None
Minor References
352 Cross-Site Request Forgery (CSRF)
Major References, Relationship_Notes, Research_Gaps
Minor None
359 Exposure of Private Information ('Privacy Violation')
Major Relationships
Minor None
363 Race Condition Enabling Link Following
Major None
Minor References
364 Signal Handler Race Condition
Major None
Minor References
366 Race Condition within a Thread
Major None
Minor References
367 Time-of-check Time-of-use (TOCTOU) Race Condition
Major None
Minor References
372 Incomplete Internal State Distinction
Major Maintenance_Notes, Relationships
Minor None
377 Insecure Temporary File
Major References
Minor None
379 Creation of Temporary File in Directory with Incorrect Permissions
Major None
Minor References
384 Session Fixation
Major Relationships
Minor None
400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Major References, Type
Minor None
410 Insufficient Resource Pool
Major References
Minor None
415 Double Free
Major None
Minor References
422 Unprotected Windows Messaging Channel ('Shatter')
Major None
Minor References
425 Direct Request ('Forced Browsing')
Major Relationships
Minor None
426 Untrusted Search Path
Major Demonstrative_Examples, References, Relationships, Type
Minor None
428 Unquoted Search Path or Element
Major Relationships
Minor References
430 Deployment of Wrong Handler
Major None
Minor References
431 Missing Handler
Major None
Minor References
433 Unparsed Raw Web Content Delivery
Major None
Minor References
434 Unrestricted Upload of File with Dangerous Type
Major None
Minor References
435 Improper Interaction Between Multiple Correctly-Behaving Entities
Major Alternate_Terms, Description, Name, References, Relationships
Minor None
436 Interpretation Conflict
Major References
Minor None
438 Behavioral Problems
Major Relationships
Minor None
456 Missing Initialization of a Variable
Major None
Minor References
457 Use of Uninitialized Variable
Major None
Minor References
463 Deletion of Data Structure Sentinel
Major None
Minor References
468 Incorrect Pointer Scaling
Major None
Minor References
471 Modification of Assumed-Immutable Data (MAID)
Major Relationships
Minor None
472 External Control of Assumed-Immutable Web Parameter
Major None
Minor References
478 Missing Default Case in Switch Statement
Major Relationships
Minor References
479 Signal Handler Use of a Non-reentrant Function
Major None
Minor References
480 Use of Incorrect Operator
Major None
Minor References
481 Assigning instead of Comparing
Major None
Minor References
482 Comparing instead of Assigning
Major None
Minor References
484 Omitted Break Statement in Switch
Major None
Minor References
486 Comparison of Classes by Name
Major Relationships
Minor None
502 Deserialization of Untrusted Data
Major Relationships
Minor None
507 Trojan Horse
Major References
Minor None
522 Insufficiently Protected Credentials
Major Relationships
Minor None
523 Unprotected Transport of Credentials
Major Relationships
Minor None
532 Information Exposure Through Log Files
Major Description, Potential_Mitigations, Relationships
Minor None
533 DEPRECATED: Information Exposure Through Server Log Files
Major Affected_Resources, Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Minor None
534 DEPRECATED: Information Exposure Through Debug Log Files
Major Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Minor None
542 DEPRECATED: Information Exposure Through Cleanup Log Files
Major Common_Consequences, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Minor None
548 Information Exposure Through Directory Listing
Major Relationships
Minor None
564 SQL Injection: Hibernate
Major Relationships
Minor None
569 Expression Issues
Major Relationships
Minor None
581 Object Model Violation: Just One of Equals and Hashcode Defined
Major Relationships
Minor None
595 Comparison of Object References Instead of Object Contents
Major Applicable_Platforms, Common_Consequences, Description, Other_Notes, Potential_Mitigations, References, Relationships, Type
Minor None
596 DEPRECATED: Incorrect Semantic Object Comparison
Major Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Relationships, Time_of_Introduction, Type
Minor None
597 Use of Wrong Operator in String Comparison
Major None
Minor References
602 Client-Side Enforcement of Server-Side Security
Major References
Minor None
603 Use of Client-Side Authentication
Major None
Minor References
606 Unchecked Input for Loop Condition
Major None
Minor References
609 Double-Checked Locking
Major None
Minor References
611 Improper Restriction of XML External Entity Reference ('XXE')
Major Relationships
Minor None
613 Insufficient Session Expiration
Major Relationships
Minor None
618 Exposed Unsafe ActiveX Method
Major None
Minor References
620 Unverified Password Change
Major Relationships
Minor None
623 Unsafe ActiveX Control Marked Safe For Scripting
Major References
Minor None
625 Permissive Regular Expression
Major None
Minor References
639 Authorization Bypass Through User-Controlled Key
Major Relationships
Minor None
640 Weak Password Recovery Mechanism for Forgotten Password
Major Relationships
Minor None
643 Improper Neutralization of Data within XPath Expressions ('XPath Injection')
Major Relationships
Minor References
648 Incorrect Use of Privileged APIs
Major Observed_Examples
Minor None
652 Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
Major Relationships
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Relationships
Minor None
665 Improper Initialization
Major None
Minor References
676 Use of Potentially Dangerous Function
Major References
Minor None
681 Incorrect Conversion between Numeric Types
Major None
Minor References
682 Incorrect Calculation
Major None
Minor References
689 Permission Race Condition During Resource Copy
Major None
Minor References
693 Protection Mechanism Failure
Major Relationships
Minor None
697 Incorrect Comparison
Major Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Relationships
Minor None
699 Development Concepts
Major Description, View_Audience
Minor None
704 Incorrect Type Conversion or Cast
Major None
Minor Description
706 Use of Incorrectly-Resolved Name or Reference
Major Relationships
Minor None
731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
Major Relationships
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major None
Minor References
733 Compiler Optimization Removal or Modification of Security-critical Code
Major References, Relationships
Minor Description
758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Major Relationships
Minor None
759 Use of a One-Way Hash without a Salt
Major References
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major References
Minor None
770 Allocation of Resources Without Limits or Throttling
Major References
Minor None
774 Allocation of File Descriptors or Handles Without Limits or Throttling
Major None
Minor References
775 Missing Release of File Descriptor or Handle after Effective Lifetime
Major None
Minor References
776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Major Relationships
Minor None
778 Insufficient Logging
Major Relationships
Minor References
783 Operator Precedence Logic Error
Major None
Minor References
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Major References
Minor None
787 Out-of-bounds Write
Major Description
Minor None
789 Uncontrolled Memory Allocation
Major None
Minor References
798 Use of Hard-coded Credentials
Major References
Minor Potential_Mitigations
805 Buffer Access with Incorrect Length Value
Major References
Minor None
823 Use of Out-of-range Pointer Offset
Major None
Minor References
824 Access of Uninitialized Pointer
Major None
Minor References
833 Deadlock
Major References
Minor None
834 Excessive Iteration
Major None
Minor References
835 Loop with Unreachable Exit Condition ('Infinite Loop')
Major None
Minor References
839 Numeric Range Comparison Without Minimum Check
Major Description
Minor References
840 Business Logic Errors
Major Relationships
Minor None
843 Access of Resource Using Incompatible Type ('Type Confusion')
Major None
Minor References
857 CERT Java Secure Coding Section 12 - Input Output (FIO)
Major Relationships
Minor None
862 Missing Authorization
Major References
Minor None
863 Incorrect Authorization
Major References
Minor None
917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Major Relationships
Minor None
918 Server-Side Request Forgery (SSRF)
Major References
Minor None
928 Weaknesses in OWASP Top Ten (2013)
Major Relationship_Notes
Minor None
929 OWASP Top Ten 2013 Category A1 - Injection
Major Relationships
Minor None
930 OWASP Top Ten 2013 Category A2 - Broken Authentication and Session Management
Major Relationships
Minor None
932 OWASP Top Ten 2013 Category A4 - Insecure Direct Object References
Major Relationships
Minor None
934 OWASP Top Ten 2013 Category A6 - Sensitive Data Exposure
Major Relationships
Minor None
935 OWASP Top Ten 2013 Category A7 - Missing Function Level Access Control
Major Relationships
Minor None
943 Improper Neutralization of Special Elements in Data Query Logic
Major Relationships
Minor None
963 SFP Secondary Cluster: Exposed Data
Major Relationships
Minor None
977 SFP Secondary Cluster: Design
Major Relationships
Minor None
1000 Research Concepts
Major Description, Other_Notes, View_Audience
Minor None
1007 Insufficient Visual Distinction of Homoglyphs Presented to User
Major Demonstrative_Examples, Description, References
Minor None
1008 Architectural Concepts
Major Description, Other_Notes, View_Audience
Minor None
1022 Use of Web Link to Untrusted Target with window.opener Access
Major Alternate_Terms, Demonstrative_Examples, Description, Modes_of_Introduction, Name, Potential_Mitigations, References
Minor None
Back to top
Page Last Updated: March 28, 2018
 

Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.