View: Deprecated Entries
Draft
Type: Implicit
Objective
CWE nodes in this view (slice) have been deprecated. There should be a reference pointing to the replacement in each deprecated weakness.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1187 | DEPRECATED: Use of Uninitialized Resource | This entry has been consolidated into CWE-908: Use of Uninitialized Resource. All relevant information has been migrated to that primary weakness entry. |
| CWE-132 | DEPRECATED: Miscalculated Null Termination | This entry has been deprecated and merged into CWE-170 (Improper Null Termination). It was originally created as a duplicate, and all relevant information has been consolidated under CWE-170 for clearer vulnerability tracking. |
| CWE-1324 | DEPRECATED: Sensitive Information Accessible by Physical Probing of JTAG Interface | This entry has been deprecated. The issue of accessing sensitive data through physical probing of a device's JTAG debugging interface is now comprehensively covered under CWE-319: Cleartext Transmission of Sensitive Information. |
| CWE-216 | DEPRECATED: Containment Errors (Container Errors) | This entry has been retired because it functioned more as a broad category than a specific, actionable vulnerability. The term 'container' also caused confusion, as developers interpret it differently than originally intended, making the entry unclear for practical use. |
| CWE-217 | DEPRECATED: Failure to Protect Stored Data from Modification | This entry has been deprecated. The security issues it described—specifically around failing to protect stored data from unauthorized changes—are now more precisely covered by CWE-766 (Critical Data Element Declared Public) and CWE-767 (Access to Critical Private Field via Unsafe Reflection). |
| CWE-218 | DEPRECATED: Failure to provide confidentiality for stored data | This entry has been consolidated into CWE-493: Critical Public Variable Without Final Modifier. The original content describing failure to protect stored data confidentiality has been moved to that entry. |
| CWE-225 | DEPRECATED: General Information Management Problems | This entry has been deprecated and consolidated into CWE-199: Information Management Errors. Please refer to that entry for current information. |
| CWE-247 | DEPRECATED: Reliance on DNS Lookups in a Security Decision | This deprecated entry has been merged into CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action. All related content has been moved to that primary weakness entry. |
| CWE-249 | DEPRECATED: Often Misused: Path Manipulation | This entry has been deprecated. Its content was unclear and combined multiple security issues. Most relevant information has been moved to CWE-785. |
| CWE-292 | DEPRECATED: Trusting Self-reported DNS Name | This entry is a duplicate and has been consolidated into CWE-350: Reliance on Reverse DNS Resolution for a Security-Critical Action. The content from this deprecated entry has been fully migrated to CWE-350. |
| CWE-365 | DEPRECATED: Race Condition in Switch | This deprecated entry originally suggested a race condition could occur if a switch statement's controlling expression was evaluated multiple times. In practice, this doesn't happen—the expression is evaluated just once, making this specific scenario not a valid software weakness. |
| CWE-373 | DEPRECATED: State Synchronization Error | This entry has been retired because its core concept—errors that occur when different parts of a system fail to coordinate their shared state correctly—is fully covered by two more precise and actively maintained categories: Race Conditions (CWE-362) and Improper Synchronization (CWE-662). |
| CWE-423 | DEPRECATED: Proxied Trusted Channel | This entry is no longer active. It was merged into CWE-441 (The 'Proxied Trusted Channel' weakness) to eliminate duplication. Please refer to CWE-441 for all related information. |
| CWE-443 | DEPRECATED: HTTP response splitting | This entry has been deprecated and consolidated into CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'). |
| CWE-458 | DEPRECATED: Incorrect Initialization | This CWE entry has been retired. Its original description overlapped with another vulnerability (CWE-454), while its name pointed to a broader category of initialization issues. For guidance on improper initialization problems, please see CWE-665. |
| CWE-516 | DEPRECATED: Covert Timing Channel | This entry has been deprecated and its content has been moved. Please refer to CWE-385: Covert Timing Channel for the current information. |
| CWE-533 | DEPRECATED: Information Exposure Through Server Log Files | This entry has been deprecated. Its scope was too narrow, focusing on a specific symptom rather than the root cause. Please refer to CWE-532: Insertion of Sensitive Information into Log File for the current, more comprehensive guidance. |
| CWE-534 | DEPRECATED: Information Exposure Through Debug Log Files | This deprecated entry describes a vulnerability where sensitive application data is unintentionally written to debug log files, potentially exposing it to unauthorized users. It has been consolidated into the broader CWE-532: Information Exposure Through Log Files. |
| CWE-542 | DEPRECATED: Information Exposure Through Cleanup Log Files | This entry has been deprecated because it was too specific. Please refer to the broader and more comprehensive CWE-532: Information Exposure Through Log Files for current guidance. |
| CWE-545 | DEPRECATED: Use of Dynamic Class Loading | This entry has been retired. Its content is now covered elsewhere, primarily because it described a standard programming technique rather than a specific vulnerability and overlapped with other existing weakness entries. |
| CWE-592 | DEPRECATED: Authentication Bypass Issues | This entry has been retired because its core concept—authentication bypass vulnerabilities—is fully covered by CWE-287: Improper Authentication. It was removed to eliminate redundancy and streamline the CWE list. |
| CWE-596 | DEPRECATED: Incorrect Semantic Object Comparison | This CWE entry has been retired. It was originally created to describe a specific type of bug where code incorrectly compares two objects that should be considered the same, but the description was too vague and overlapped with other weaknesses. It has been consolidated into CWE-1023. |
| CWE-71 | DEPRECATED: Apple '.DS_Store' | This entry has been deprecated because it describes a specific real-world example of a UNIX hard link vulnerability, not a distinct weakness category. For the core issue, please refer to CWE-62: UNIX Hard Link. |
| CWE-769 | DEPRECATED: Uncontrolled File Descriptor Consumption | This entry has been deprecated and merged into CWE-774 (Allocation of Resources Without Limits or Throttling). The content describing uncontrolled file descriptor consumption is now fully covered under that more comprehensive weakness. |
| CWE-92 | DEPRECATED: Improper Sanitization of Custom Special Characters | This deprecated entry originally flagged issues where custom or non-standard special characters weren't properly sanitized. It has been consolidated into the more comprehensive CWE-75: Failure to Sanitize Special Elements. |
| CWE-1 | DEPRECATED: Location | This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-10 | DEPRECATED: ASP.NET Environment Issues | This category has been deprecated. It added unnecessary depth and complexity to its associated views. |
| CWE-100 | DEPRECATED: Technology-Specific Input Validation Problems | This category has been deprecated. It was originally intended as a "catch-all" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy. |
| CWE-101 | DEPRECATED: Struts Validation Problems | This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-139 | DEPRECATED: General Special Element Problems | This entry has been deprecated. It is a leftover from PLOVER, but CWE-138 is a more appropriate mapping. |
| CWE-169 | DEPRECATED: Technology-Specific Special Elements | This category has been deprecated. It was originally intended as a "catch-all" for input validation problems in technologies that did not have their own CWE, but introduces unnecessary depth to the hierarchy. |
| CWE-17 | DEPRECATED: Code | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-171 | DEPRECATED: Cleansing, Canonicalization, and Comparison Errors | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. Weaknesses in this category were related to improper handling of data within protection mechanisms that attempt to perform neutralization for untrusted data. These weaknesses can be found in other similar categories. |
| CWE-18 | DEPRECATED: Source Code | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-21 | DEPRECATED: Pathname Traversal and Equivalence Errors | This category has been deprecated. It was originally used for organizing weaknesses involving file names, which enabled access to files outside of a restricted directory (path traversal) or to perform operations on files that would otherwise be restricted (path equivalence). Consider using either the File Handling Issues category (CWE-1219) or the class Use of Incorrectly-Resolved Name or Reference (CWE-706). |
| CWE-3 | DEPRECATED: Technology-specific Environment Issues | This category has been deprecated. It was originally intended as a "catch-all" for environment issues for technologies that did not have their own CWE, but it introduced unnecessary depth and complexity to the Development View (CWE-699). |
| CWE-376 | DEPRECATED: Temporary File Issues | This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. Consider using the File Handling Issues category (CWE-1219). |
| CWE-380 | DEPRECATED: Technology-Specific Time and State Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-381 | DEPRECATED: J2EE Time and State Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-4 | DEPRECATED: J2EE Environment Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-418 | DEPRECATED: Channel Errors | This category has been deprecated because it redundant with the grouping provided by CWE-417. |
| CWE-442 | DEPRECATED: Web Problems | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-445 | DEPRECATED: User Interface Errors | This weakness has been deprecated because it was a duplicate of CWE-355. All content has been transferred to CWE-355. |
| CWE-461 | DEPRECATED: Data Structure Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-490 | DEPRECATED: Mobile Code Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-503 | DEPRECATED: Byte/Object Code | This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-504 | DEPRECATED: Motivation/Intent | This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-505 | DEPRECATED: Intentionally Introduced Weakness | This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-513 | DEPRECATED: Intentionally Introduced Nonmalicious Weakness | This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-517 | DEPRECATED: Other Intentional, Nonmalicious Weakness | This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-518 | DEPRECATED: Inadvertently Introduced Weakness | This category has been deprecated as it was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-519 | DEPRECATED: .NET Environment Issues | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-559 | DEPRECATED: Often Misused: Arguments and Parameters | This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree. |
| CWE-60 | DEPRECATED: UNIX Path Link Problems | This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view. |
| CWE-63 | DEPRECATED: Windows Path Link Problems | This category has been deprecated. It covered a very low level of abstraction based on operating system, which was not useful for any existing view. |
| CWE-632 | DEPRECATED: Weaknesses that Affect Files or Directories | This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE. |
| CWE-633 | DEPRECATED: Weaknesses that Affect Memory | This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE. |
| CWE-634 | DEPRECATED: Weaknesses that Affect System Processes | This category has been deprecated. It was not actively maintained, and it was not useful to stakeholders. It was originally created before CWE 1.0 as part of view CWE-631, which was a simple example of how views could be structured within CWE. |
| CWE-68 | DEPRECATED: Windows Virtual File Problems | This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships. |
| CWE-70 | DEPRECATED: Mac Virtual File Problems | This category has been deprecated as it was found to be an unnecessary abstraction of platform specific details. Please refer to the category CWE-632 and weakness CWE-66 for relevant relationships. |
| CWE-630 | DEPRECATED: Weaknesses Examined by SAMATE | This view has been deprecated. It was only used for an early year of the NIST SAMATE project, and it did not represent any official or commonly-utilized list. |
| CWE-631 | DEPRECATED: Resource-specific Weaknesses | This view has been deprecated because it is not actively maintained and does not provide utility to stakeholders. It was originally created before CWE 1.0 as a simple example of how views could be structured within CWE. |
| CWE-679 | DEPRECATED: Chain Elements | This view has been deprecated. It has limited utility for stakeholders, since all weaknesses can be links in a chain. |
| CWE-999 | DEPRECATED: Weaknesses without Software Fault Patterns | This view has been deprecated. It was based on gaps in another view (CWE-888) related to research that is no longer updated, but was complete with respect to CWE at the time it was conducted. |
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.