View: CWE Cross-section
Incomplete
Type: Explicit
Objective
This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful to most audiences. It can be used by researchers to determine how broad their theories, models, or tools are. It will also be used by the CWE content team in 2012 to focus quality improvement efforts for individual CWE entries.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-14 | Compiler Removal of Code to Clear Buffers | A compiler optimization can remove security-critical code intended to wipe sensitive data from memory, leaving secrets exposed. This happens when the compiler identifies buffer-clearing operations as unnecessary 'dead stores' and eliminates them. |
| CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | This vulnerability occurs when an application builds a file path using user input but fails to properly validate it, allowing an attacker to break out of the intended directory and access files or folders anywhere on the server. |
| CWE-23 | Relative Path Traversal | This vulnerability occurs when an application builds file paths using user-supplied input without properly validating or sanitizing it. Attackers can exploit this by inserting special directory traversal sequences like '..' to access files and directories outside the intended restricted folder. |
| CWE-36 | Absolute Path Traversal | This vulnerability occurs when an application builds file paths using user input without properly blocking absolute paths like '/etc/passwd' or 'C:\Windows\system32'. Attackers can exploit this to escape the intended directory and access sensitive files anywhere on the server. |
| CWE-41 | Improper Resolution of Path Equivalence | This vulnerability occurs when an application fails to properly handle different text representations that refer to the same file or directory on the system. Attackers can use special characters or alternative naming conventions to bypass security checks and access restricted files. |
| CWE-59 | Improper Link Resolution Before File Access ('Link Following') | This vulnerability occurs when an application uses a filename to access a file but fails to properly check if that name points to a symbolic link, shortcut, or junction. This allows an attacker to manipulate the link's target, causing the application to read or write to an unintended, potentially sensitive location. |
| CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | OS Command Injection occurs when an application builds a system command using untrusted, external input without properly sanitizing it. This allows an attacker to inject and execute arbitrary commands on the underlying operating system. |
| CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | This vulnerability occurs when a web application fails to properly sanitize or encode user-supplied input before displaying it on a webpage viewed by other users. |
| CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | This vulnerability occurs when an application builds a command string for execution by another component, but fails to properly separate or 'neutralize' the intended arguments. This allows an attacker to inject additional command-line arguments, options, or switches by including argument-separating characters (like spaces or dashes) in untrusted input. |
| CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | SQL Injection occurs when an application builds a database query using untrusted user input without properly sanitizing it. This allows an attacker to insert malicious SQL code that the database executes, potentially letting them view, modify, or delete sensitive data. |
| CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | This vulnerability occurs when an application builds an LDAP query using untrusted user input without properly sanitizing it. An attacker can inject special characters or commands to alter the query's logic, potentially gaining unauthorized access to, modifying, or extracting sensitive directory information. |
| CWE-94 | Improper Control of Generation of Code ('Code Injection') | This vulnerability occurs when an application builds executable code using unvalidated external input, such as user data. Because the application fails to properly filter or escape this input, an attacker can inject special characters or commands that alter the intended code's logic or syntax. |
| CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | This vulnerability occurs when an application takes user input and passes it directly into a dynamic code execution function, like eval(), without properly sanitizing it. This allows an attacker to inject and execute arbitrary code within the application's context. |
| CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Static Code Injection occurs when an application incorporates unvalidated or improperly sanitized user input directly into a static, executable resource like a configuration file, template, or library. Because this input is saved and later executed, it allows an attacker to inject malicious code that becomes a permanent part of the application's logic. |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | This vulnerability occurs when an application accepts user input as a resource identifier (like a file path or port number) without proper validation, allowing an attacker to access or manipulate resources outside the intended scope. |
| CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | This vulnerability occurs when an application accepts user-supplied data and includes it directly in HTTP headers without properly filtering out carriage return (CR) and line feed (LF) characters. This allows an attacker to inject new headers or split a single HTTP response into two separate responses, corrupting the intended communication flow. |
| CWE-117 | Improper Output Neutralization for Logs | This vulnerability occurs when an application creates log entries using unvalidated external data, allowing attackers to inject malicious characters or commands that can corrupt log files, trigger parsing errors, or enable log injection attacks. |
| CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') | This vulnerability occurs when a program copies data from one memory location to another without first verifying that the source data will fit within the destination buffer's allocated space. |
| CWE-129 | Improper Validation of Array Index | This vulnerability occurs when software uses unverified, external input to calculate or access an array index, without properly checking that the index points to a valid location within the array's bounds. |
| CWE-131 | Incorrect Calculation of Buffer Size | This vulnerability occurs when a program miscalculates the amount of memory needed for a buffer, potentially leading to a buffer overflow that can crash the software or allow attackers to execute malicious code. |
| CWE-134 | Use of Externally-Controlled Format String | This vulnerability occurs when a program uses a format string from an untrusted, external source (like user input, a network packet, or a file) in a formatting function (e.g., printf, sprintf). An attacker can craft a malicious format string to read or write memory, potentially crashing the application or executing arbitrary code. |
| CWE-135 | Incorrect Calculation of Multi-Byte String Length | This vulnerability occurs when software incorrectly measures the length of strings containing multi-byte or wide characters, leading to buffer overflows, data corruption, or crashes. |
| CWE-170 | Improper Null Termination | This weakness occurs when software fails to properly end a string or array with the required null character or equivalent terminator. |
| CWE-173 | Improper Handling of Alternate Encoding | This vulnerability occurs when software fails to correctly process input that arrives in a different character encoding than expected, allowing that input to bypass security checks or cause misinterpretation. |
| CWE-174 | Double Decoding of the Same Data | This vulnerability occurs when an application decodes the same piece of data twice in sequence. This double processing can bypass or neutralize security checks that happen after the first decode, leaving the system exposed. |
| CWE-175 | Improper Handling of Mixed Encoding | This vulnerability occurs when software fails to correctly process input that contains multiple character encodings within the same data stream. |
| CWE-179 | Incorrect Behavior Order: Early Validation | This vulnerability occurs when an application validates user input before applying security filters or data normalization. Attackers can exploit this order of operations by submitting specially crafted input that passes the initial validation but becomes malicious after the application's filters or canonicalization processes modify it. |
| CWE-185 | Incorrect Regular Expression | This vulnerability occurs when a regular expression is written incorrectly, causing it to match or validate data in unintended and potentially dangerous ways. |
| CWE-190 | Integer Overflow or Wraparound | Integer overflow or wraparound occurs when a calculation produces a numeric result that exceeds the maximum value a variable can hold. Instead of increasing as expected, the value wraps around to a very small or negative number, breaking the program's logic. |
| CWE-191 | Integer Underflow (Wrap or Wraparound) | Integer underflow occurs when a subtraction operation results in a value smaller than the data type's minimum limit, causing the value to wrap around to a large, incorrect number. |
| CWE-193 | Off-by-one Error | An off-by-one error occurs when a program incorrectly calculates a boundary, such as a loop counter or array index, by being one unit too high or too low. This often leads to buffer overflows, memory corruption, or unexpected program behavior. |
| CWE-203 | Observable Discrepancy | This vulnerability occurs when an application responds differently to unauthorized users based on internal conditions. Attackers can observe these variations—like changes in error messages, timing, or system behavior—to infer sensitive information, such as whether a username exists, a password is incorrect, or a specific operation succeeded. |
| CWE-209 | Generation of Error Message Containing Sensitive Information | This vulnerability occurs when an application reveals sensitive details about its internal systems, user data, or environment within error messages shown to users. |
| CWE-212 | Improper Removal of Sensitive Information Before Storage or Transfer | This vulnerability occurs when an application stores or transmits a resource containing sensitive data without properly cleaning it first, potentially exposing that information to unauthorized parties. |
| CWE-222 | Truncation of Security-relevant Information | This vulnerability occurs when a system shortens or cuts off security-critical data during display, logging, or processing. This truncation can hide the true details of an attack, making it harder to detect, investigate, and respond to threats. |
| CWE-223 | Omission of Security-relevant Information | This vulnerability occurs when an application fails to capture or present crucial security-related details, such as the origin of a request or the specifics of a security event. Without this information, developers and security teams cannot effectively trace attacks or validate whether an operation is legitimate. |
| CWE-228 | Improper Handling of Syntactically Invalid Structure | This vulnerability occurs when software fails to properly reject or process input that doesn't follow the expected format or structure, often leading to crashes or unexpected behavior. |
| CWE-244 | Improper Clearing of Heap Memory Before Release ('Heap Inspection') | Using realloc() to resize buffers containing secrets like passwords or keys can leave that sensitive data exposed in memory, as the original data is not securely erased. |
| CWE-248 | Uncaught Exception | This vulnerability occurs when a function throws an error or exception, but the calling code does not have a proper handler to catch and manage it. |
| CWE-250 | Execution with Unnecessary Privileges | This vulnerability occurs when software runs with higher permissions than it actually needs to perform its tasks. This excessive privilege creates security risks by opening doors to new attacks or making existing weaknesses more dangerous. |
| CWE-252 | Unchecked Return Value | This vulnerability occurs when a program fails to verify the result of a function or method call, allowing it to continue execution without detecting errors or unexpected conditions. |
| CWE-253 | Incorrect Check of Function Return Value | This vulnerability occurs when a program misinterprets or improperly validates the return value from a function, causing it to miss critical error states or unexpected conditions. |
| CWE-262 | Not Using Password Aging | This vulnerability occurs when a system lacks password expiration policies, allowing users to keep the same password indefinitely. |
| CWE-263 | Password Aging with Long Expiration | The system enforces password changes, but the time allowed between changes is excessively long, weakening security. |
| CWE-266 | Incorrect Privilege Assignment | This vulnerability occurs when a system mistakenly grants a user, process, or entity a specific permission or privilege they should not have. This error creates an unintended level of access, allowing the actor to perform actions beyond their intended authority. |
| CWE-267 | Privilege Defined With Unsafe Actions | This vulnerability occurs when a system grants a user, role, or process a specific permission that can be misused to perform dangerous, unintended actions. The permission itself is correctly assigned, but its scope is too broad or allows for unsafe operations. |
| CWE-268 | Privilege Chaining | Privilege chaining occurs when an attacker combines two separate permissions or capabilities, neither of which is dangerous on its own, to perform a harmful action that neither permission should individually allow. |
| CWE-270 | Privilege Context Switching Error | This vulnerability occurs when an application fails to properly manage user permissions while moving between different security contexts, potentially allowing unauthorized actions. |
| CWE-271 | Privilege Dropping / Lowering Errors | This vulnerability occurs when a system or process fails to reduce its elevated permissions before transferring control of a resource to a less-privileged user or component. |
| CWE-273 | Improper Check for Dropped Privileges | This vulnerability occurs when an application tries to lower its system privileges but fails to verify that the operation was successful. |
| CWE-283 | Unverified Ownership | This vulnerability occurs when an application fails to confirm that a user has legitimate ownership rights to a sensitive resource before allowing them to perform actions on it. |
| CWE-290 | Authentication Bypass by Spoofing | This weakness occurs when an application's authentication system can be tricked into accepting forged or manipulated credentials, allowing unauthorized access without proper verification. |
| CWE-294 | Authentication Bypass by Capture-replay | This vulnerability occurs when an attacker can intercept and record legitimate authentication traffic, then replay it later to gain unauthorized access. The system accepts the replayed data as valid, effectively bypassing normal authentication checks. |
| CWE-296 | Improper Following of a Certificate's Chain of Trust | This vulnerability occurs when software fails to properly validate the entire certificate chain back to a trusted root authority. This mistake can cause the system to incorrectly trust a certificate and the resource it represents, creating a security gap. |
| CWE-299 | Improper Check for Certificate Revocation | This vulnerability occurs when an application fails to properly verify whether a security certificate has been revoked, potentially allowing it to accept and use a compromised or untrustworthy certificate. |
| CWE-300 | Channel Accessible by Non-Endpoint | This vulnerability occurs when a system fails to properly verify who is on the other end of a communication link or to secure the channel itself. This allows an unauthorized third party to access or manipulate the communication as if they were a legitimate participant. |
| CWE-301 | Reflection Attack in an Authentication Protocol | A reflection attack is a flaw in mutual authentication protocols that allows an attacker to impersonate a legitimate user without knowing the secret key. This happens when an attacker can bounce, or 'reflect,' a server's own challenge back to it using a second connection, tricking the system into granting access. |
| CWE-304 | Missing Critical Step in Authentication | This vulnerability occurs when a software authentication process omits a required step, weakening its overall security. |
| CWE-306 | Missing Authentication for Critical Function | This vulnerability occurs when a software feature that performs a sensitive action or uses significant system resources does not verify the user's identity before executing. Attackers can exploit this to trigger critical functions without any credentials. |
| CWE-307 | Improper Restriction of Excessive Authentication Attempts | This vulnerability occurs when an application fails to properly limit how many times someone can attempt to log in or verify their identity in rapid succession, allowing attackers to systematically guess credentials. |
| CWE-308 | Use of Single-factor Authentication | Relying solely on single-factor authentication, like a password, exposes systems to significant security risks because it depends on only one type of proof for verifying a user's identity. |
| CWE-312 | Cleartext Storage of Sensitive Information | This vulnerability occurs when an application stores sensitive data like passwords, credit card numbers, or personal information in plain text, without any encryption. This unsecured data is kept in files, databases, caches, or logs that could be accessed by unauthorized users or systems. |
| CWE-319 | Cleartext Transmission of Sensitive Information | This vulnerability occurs when an application sends sensitive data, such as passwords or personal information, over a network connection without using encryption. Attackers can easily intercept and read this unprotected data as it travels. |
| CWE-322 | Key Exchange without Entity Authentication | This vulnerability occurs when a system establishes a cryptographic key with another party without first confirming that party's true identity. |
| CWE-323 | Reusing a Nonce, Key Pair in Encryption | This vulnerability occurs when a cryptographic nonce or key pair is reused, compromising the security of the encrypted data. |
| CWE-325 | Missing Cryptographic Step | This vulnerability occurs when a software implementation skips a critical step in a cryptographic process, resulting in security that is significantly weaker than the intended algorithm provides. |
| CWE-327 | Use of a Broken or Risky Cryptographic Algorithm | The software relies on a cryptographic algorithm or protocol that is either fundamentally flawed or considered too weak by modern security standards. |
| CWE-331 | Insufficient Entropy | This vulnerability occurs when a system's random number generator or algorithm lacks sufficient unpredictability, creating patterns or predictable outputs that are easier for attackers to guess. |
| CWE-334 | Small Space of Random Values | This vulnerability occurs when a system uses a random number generator that produces too few possible values. Attackers can easily predict or guess these values through brute force attacks. |
| CWE-335 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) | This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is used, but its initial seed value is not handled securely or predictably, compromising the randomness of its output. |
| CWE-338 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) | This vulnerability occurs when software uses a pseudo-random number generator (PRNG) that is not cryptographically strong for security-sensitive operations, such as generating keys, tokens, or initialization vectors. |
| CWE-341 | Predictable from Observable State | This vulnerability occurs when an attacker can guess or deduce sensitive values, like random numbers or identifiers, by observing predictable system or network characteristics such as timestamps, process IDs, or other public information. |
| CWE-347 | Improper Verification of Cryptographic Signature | This vulnerability occurs when an application fails to properly check the digital signature on data, or skips the verification step entirely, allowing tampered or forged information to be accepted as legitimate. |
| CWE-348 | Use of Less Trusted Source | This vulnerability occurs when a system has access to multiple sources for the same critical data, but it chooses to rely on the less secure or less trustworthy one. This creates a security gap because the system ignores better-protected alternatives that offer stronger verification or are harder for attackers to compromise. |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | This vulnerability occurs when a system processes both trusted and untrusted data together, but fails to separate them. The application incorrectly treats all incoming data—including the untrusted portion—with the same level of trust as the legitimate data. |
| CWE-352 | Cross-Site Request Forgery (CSRF) | Cross-Site Request Forgery (CSRF) happens when a web application cannot reliably tell if a user actually intended to submit a request, allowing an attacker to trick a user's browser into performing unwanted actions on their behalf. |
| CWE-353 | Missing Support for Integrity Check | This vulnerability occurs when a system uses a communication protocol that lacks built-in integrity verification, such as a checksum or cryptographic hash, to detect if data has been altered or corrupted during transmission. |
| CWE-354 | Improper Validation of Integrity Check Value | This vulnerability occurs when software fails to properly check the integrity of data by validating its checksum or hash value. Without this verification, the application cannot reliably detect if information has been altered, corrupted, or tampered with during storage or transmission. |
| CWE-364 | Signal Handler Race Condition | A signal handler race condition occurs when a program's signal handling routine is vulnerable to timing issues, allowing its state to be corrupted through asynchronous execution. |
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | This vulnerability occurs when a program verifies a resource's state (like a file's permissions or existence) but then uses it after that state has already changed. The gap between checking and using creates a race window where an attacker can manipulate the resource, causing the program to operate on invalid or malicious data. |
| CWE-369 | Divide By Zero | A divide-by-zero error occurs when software attempts to perform a division operation where the denominator is zero. |
| CWE-390 | Detection of Error Condition Without Action | This weakness occurs when software successfully identifies an error condition but then fails to take any meaningful action to address it. The error is detected but ignored, leaving the system in an inconsistent or vulnerable state. |
| CWE-392 | Missing Report of Error Condition | This vulnerability occurs when a system fails to properly signal that an error has happened. Instead of returning a clear error code, status, or exception, the software continues as if nothing went wrong, leaving other components unaware of the failure. |
| CWE-393 | Return of Wrong Status Code | This vulnerability occurs when a function returns an inaccurate status code or value that misrepresents the actual outcome of an operation. This false signal can cause the application to behave in unexpected and potentially insecure ways. |
| CWE-400 | Uncontrolled Resource Consumption | This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service. |
| CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | This vulnerability occurs when a system fails to properly limit the amount of network traffic it can generate in response to a request, allowing an attacker to abuse it to send a disproportionately large volume of data. |
| CWE-407 | Inefficient Algorithmic Complexity | This vulnerability occurs when a software component uses an algorithm with poor worst-case performance. An attacker can exploit this by providing specially crafted input that forces the algorithm into its slowest possible execution path, leading to severe performance degradation or denial of service. |
| CWE-408 | Incorrect Behavior Order: Early Amplification | This vulnerability occurs when a system allows a user to trigger a resource-intensive operation before verifying their identity or checking their permissions. |
| CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | This vulnerability occurs when software fails to safely process highly compressed data, where a small input file can trigger the creation of an extremely large amount of data during decompression, overwhelming system resources. |
| CWE-434 | Unrestricted Upload of File with Dangerous Type | This vulnerability occurs when an application accepts file uploads without properly restricting the file types, allowing attackers to upload and execute malicious files on the server. |
| CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | This weakness occurs when a proxy, firewall, or other intermediary HTTP agent interprets a malformed HTTP request or response differently than the final destination server or client. This inconsistency allows an attacker to craft messages that bypass the intermediary's security checks. |
| CWE-451 | User Interface (UI) Misrepresentation of Critical Information | This vulnerability occurs when a user interface fails to accurately display or highlight crucial information, potentially misleading users about the true state of the system or the source of data. Attackers exploit this weakness to trick users into performing unintended actions, often as part of phishing campaigns or other deception-based attacks. |
| CWE-453 | Insecure Default Variable Initialization | This vulnerability occurs when software sets an internal variable to an insecure or unnecessarily weak default value during initialization, rather than using the most secure option available. |
| CWE-454 | External Initialization of Trusted Variables or Data Stores | This vulnerability occurs when an application sets up its critical internal variables or storage systems using data from untrusted, external sources that an attacker could control. |
| CWE-455 | Non-exit on Failed Initialization | This vulnerability occurs when software continues to run as normal after encountering a critical security failure during its startup process. Instead of halting or entering a safe mode, the application proceeds with weakened or missing security controls, leaving it exposed. |
| CWE-456 | Missing Initialization of a Variable | This vulnerability occurs when a program uses a variable before giving it a starting value, causing the software to rely on unpredictable data left over in memory. |
| CWE-467 | Use of sizeof() on a Pointer Type | This vulnerability occurs when a developer uses the sizeof() operator on a pointer variable instead of the data it points to, leading to incorrect size calculations and potential buffer overflows or underflows. |
| CWE-468 | Incorrect Pointer Scaling | This vulnerability occurs when a programmer incorrectly accounts for pointer arithmetic in C or C++, causing the program to access unintended memory locations. The core issue is forgetting that adding an integer to a pointer automatically scales that integer by the size of the data type it points to. |
| CWE-469 | Use of Pointer Subtraction to Determine Size | This vulnerability occurs when a program calculates a size or offset by subtracting two memory pointers, but the pointers point to locations in different memory blocks, leading to an incorrect and potentially dangerous result. |
| CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | This vulnerability occurs when an application uses unvalidated external input, like a URL parameter or form field, to dynamically decide which class to load or which method to execute via reflection. An attacker can manipulate this input to force the application to load unexpected, potentially malicious code. |
| CWE-476 | NULL Pointer Dereference | This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or unexpected behavior. |
| CWE-478 | Missing Default Case in Multiple Condition Expression | This vulnerability occurs when code with multiple conditional branches, like a switch statement, lacks a default case to handle unexpected values. |
| CWE-480 | Use of Incorrect Operator | This vulnerability occurs when a developer mistakenly uses the wrong operator in their code, leading to unintended and potentially insecure logic. |
| CWE-483 | Incorrect Block Delimitation | This vulnerability occurs when a developer fails to use explicit braces or delimiters to group multiple statements within a block, leading to unexpected program logic. |
| CWE-484 | Omitted Break Statement in Switch | This vulnerability occurs when a developer forgets to include a 'break' statement inside a switch-case block. Without it, the code execution 'falls through' and unintentionally runs the logic for subsequent cases, leading to unexpected behavior. |
| CWE-486 | Comparison of Classes by Name | This vulnerability occurs when an application determines an object's trustworthiness or behavior solely by checking its class name. Since multiple classes can share identical names across different packages or classloaders, this comparison can lead to using the wrong, potentially malicious, class. |
| CWE-494 | Download of Code Without Integrity Check | This vulnerability occurs when an application fetches and runs code from an external source—like a remote server or CDN—without properly verifying where it came from or ensuring it hasn't been tampered with. |
| CWE-495 | Private Data Structure Returned From A Public Method | This vulnerability occurs when a public method directly returns a reference to a private, internal data structure. Because the reference is live, external callers can bypass intended controls and modify the data unexpectedly, corrupting the application's state. |
| CWE-496 | Public Data Assigned to Private Array-Typed Field | This vulnerability occurs when a developer stores sensitive data in a private array, but then assigns a publicly accessible reference to that same array. This effectively makes all the private array's contents available to unauthorized code, bypassing intended access controls. |
| CWE-498 | Cloneable Class Containing Sensitive Information | This vulnerability occurs when a class containing sensitive information, such as credentials or personal data, is made cloneable. Attackers can bypass normal initialization and access the sensitive data by creating a copy of the object. |
| CWE-499 | Serializable Class Containing Sensitive Data | This vulnerability occurs when a class containing sensitive information, such as credentials or personal data, is left serializable by default. Because the class does not explicitly prevent serialization, its internal data can be accessed and extracted by other parts of the application or external processes. |
| CWE-502 | Deserialization of Untrusted Data | This vulnerability occurs when an application accepts and processes serialized data from an untrusted source without proper validation, allowing an attacker to manipulate the data to execute malicious code or cause unexpected behavior. |
| CWE-521 | Weak Password Requirements | This vulnerability occurs when an application fails to enforce strong password policies, making user accounts easier to compromise through guessing or automated attacks. |
| CWE-522 | Insufficiently Protected Credentials | This vulnerability occurs when an application handles sensitive credentials like passwords or API keys in an insecure way, making them easy for attackers to steal during transmission or while stored. |
| CWE-546 | Suspicious Comment | This weakness occurs when code contains comments that flag potential issues, such as bugs, security gaps, or unfinished work, which can expose underlying problems or oversights. |
| CWE-547 | Use of Hard-coded, Security-relevant Constants | This vulnerability occurs when code directly embeds security-critical values like passwords, cryptographic keys, or access levels as raw numbers or strings, instead of using named constants or configuration files. This practice makes the code brittle and error-prone during updates or security reviews. |
| CWE-561 | Dead Code | Dead code refers to sections of a program that can never run during normal execution, effectively making them inactive and unreachable. |
| CWE-563 | Assignment to Variable without Use | This vulnerability occurs when a value is stored in a variable, but that variable is never read or used in subsequent code, creating a 'dead store.' |
| CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | This vulnerability occurs when multiple threads in an application can read and modify shared data, like static variables, without proper coordination. This unsynchronized access corrupts data, causes crashes, and leads to unpredictable, often security-critical, behavior. |
| CWE-587 | Assignment of a Fixed Address to a Pointer | This vulnerability occurs when code explicitly assigns a hardcoded memory address to a pointer, instead of using a dynamic or null value. |
| CWE-595 | Comparison of Object References Instead of Object Contents | This vulnerability occurs when code incorrectly checks if two object references point to the same memory location, rather than comparing the actual data or values contained within the objects. This mistake prevents the software from correctly identifying when two separate objects hold equivalent content. |
| CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | An open redirect vulnerability occurs when a web application uses unvalidated user input to determine the destination of a redirect, allowing an attacker to send users to an untrusted, external website. |
| CWE-602 | Client-Side Enforcement of Server-Side Security | This vulnerability occurs when a server incorrectly trusts the client to enforce critical security rules, such as input validation or access controls, instead of performing these checks itself. |
| CWE-605 | Multiple Binds to the Same Port | This vulnerability occurs when a system's socket configuration allows multiple applications to bind to the same network port simultaneously. This can let a malicious process hijack or impersonate legitimate services running on that port. |
| CWE-617 | Reachable Assertion | A reachable assertion occurs when an attacker can trigger an assert() statement or similar debugging check, causing the application to crash or behave in a more disruptive way than intended. This turns a helpful development tool into a denial-of-service vulnerability. |
| CWE-621 | Variable Extraction Error | This vulnerability occurs when an application uses unvalidated external input to dynamically select which variables to populate with data. Without proper checks, this can allow an attacker to overwrite critical internal variables, leading to unexpected behavior or security breaches. |
| CWE-627 | Dynamic Variable Evaluation | This vulnerability occurs when an application allows user input to directly determine which variable or function name is used at runtime. Without strict validation, an attacker can manipulate these names to access or modify sensitive data, execute unauthorized functions, or disrupt the application's logic. |
| CWE-628 | Function Call with Incorrectly Specified Arguments | This weakness occurs when a function is called with arguments that are incorrectly specified, causing the function to behave in an unintended and consistently wrong manner. |
| CWE-642 | External Control of Critical State Data | This vulnerability occurs when an application stores security-sensitive state data in locations that unauthorized users can access and modify. |
| CWE-648 | Incorrect Use of Privileged APIs | This vulnerability occurs when software incorrectly uses functions that require special permissions. Attackers can exploit these mistakes to gain unauthorized access, elevate their privileges, or steal sensitive data. |
| CWE-667 | Improper Locking | This vulnerability occurs when a program fails to correctly acquire or release a lock on a shared resource, such as a file, database record, or memory location. This improper synchronization allows other processes or threads to interfere, leading to corrupted data, crashes, or unpredictable behavior. |
| CWE-672 | Operation on a Resource after Expiration or Release | This vulnerability occurs when a program continues to use a resource—like memory, a file handle, or a network connection—after it has been freed, closed, or is no longer valid. |
| CWE-674 | Uncontrolled Recursion | This vulnerability occurs when an application fails to limit how deeply a function can call itself. Without proper controls, this uncontrolled recursion can exhaust system resources like memory or stack space, leading to crashes or denial-of-service. |
| CWE-676 | Use of Potentially Dangerous Function | This vulnerability occurs when code calls a function that can be dangerous if misused, but can also be used safely with proper precautions. The risk lies not in the function itself, but in how it's implemented. |
| CWE-681 | Incorrect Conversion between Numeric Types | This vulnerability occurs when a program converts a value from one numeric type to another (like a 64-bit integer to a 32-bit integer) and the conversion loses or misinterprets data. If these corrupted values are later used in security-critical operations—like calculating buffer sizes, checking permissions, or performing financial transactions—they can lead to crashes, incorrect behavior, or security bypasses. |
| CWE-698 | Execution After Redirect (EAR) | Execution After Redirect (EAR) occurs when a web application sends a redirect response to a user's browser but continues to run server-side code, potentially performing unintended actions. |
| CWE-708 | Incorrect Ownership Assignment | This vulnerability occurs when a system grants ownership of a resource to an entity that should not have that level of control, placing it outside the intended security boundary. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | This vulnerability occurs when a system grants overly permissive access to a sensitive resource, allowing unauthorized users or processes to read or alter it. |
| CWE-756 | Missing Custom Error Page | This vulnerability occurs when an application fails to display its own user-friendly error pages, instead falling back to default system messages that can leak sensitive technical details. |
| CWE-763 | Release of Invalid Pointer or Reference | This vulnerability occurs when a program tries to free a memory resource back to the system but uses an incorrect deallocation method or calls the correct method improperly. |
| CWE-770 | Allocation of Resources Without Limits or Throttling | This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of it as a buffet with no rules on how much one person can take, eventually leaving nothing for others and causing the system to fail. |
| CWE-772 | Missing Release of Resource after Effective Lifetime | This vulnerability occurs when a program fails to properly release a system resource—like memory, file handles, or network sockets—after it is no longer needed. This leads to a gradual accumulation of unused resources, known as a resource leak. |
| CWE-783 | Operator Precedence Logic Error | This vulnerability occurs when a developer writes a conditional expression where the intended logic is broken due to misunderstanding or misapplying the rules of operator precedence. |
| CWE-786 | Access of Memory Location Before Start of Buffer | This vulnerability occurs when software attempts to read from or write to a memory location positioned before the official start of a buffer. |
| CWE-788 | Access of Memory Location After End of Buffer | This vulnerability occurs when software attempts to read from or write to a memory buffer using an index or pointer that points past the buffer's allocated boundary. |
| CWE-798 | Use of Hard-coded Credentials | This vulnerability occurs when software contains built-in, unchangeable authentication secrets like passwords or encryption keys within its source code or configuration files. |
| CWE-805 | Buffer Access with Incorrect Length Value | This vulnerability occurs when software reads from or writes to a buffer using a loop or sequential operation, but mistakenly calculates or provides an incorrect length value. This incorrect length causes the operation to access memory outside the buffer's allocated boundaries. |
| CWE-807 | Reliance on Untrusted Inputs in a Security Decision | This vulnerability occurs when an application's security check depends on user-controlled data that can be manipulated to bypass protection mechanisms, such as authentication or authorization gates. |
| CWE-822 | Untrusted Pointer Dereference | This vulnerability occurs when software takes a value from an untrusted source, treats it as a memory address (a pointer), and then accesses that memory location directly for reading or writing. |
| CWE-825 | Expired Pointer Dereference | This vulnerability occurs when a program tries to use a pointer that still points to a memory location that has already been freed or released. |
| CWE-829 | Inclusion of Functionality from Untrusted Control Sphere | This weakness occurs when an application integrates executable code, like a library or plugin, from a source it does not fully control or trust. |
| CWE-835 | Loop with Unreachable Exit Condition ('Infinite Loop') | An infinite loop occurs when a program's iteration logic contains an exit condition that can never be satisfied, causing the loop to run indefinitely and consume system resources. |
| CWE-838 | Inappropriate Encoding for Output Context | This vulnerability occurs when a system uses one type of encoding for its output, but the component receiving that data expects a different encoding. The mismatch causes the downstream component to interpret the data incorrectly. |
| CWE-839 | Numeric Range Comparison Without Minimum Check | This vulnerability occurs when software validates that a number is within an acceptable range by only checking that it's less than or equal to a maximum value, but fails to also verify that it is greater than or equal to a required minimum. This oversight can allow negative or otherwise invalid low values to pass the check, leading to unexpected behavior. |
| CWE-841 | Improper Enforcement of Behavioral Workflow | This weakness occurs when an application requires a user to follow a specific sequence of actions, but fails to enforce that order. Attackers can exploit this by skipping steps, performing actions out of sequence, or interrupting the flow, which can corrupt the business logic or put the system into an invalid state. |
| CWE-862 | Missing Authorization | This vulnerability occurs when an application fails to verify whether a user has permission to access specific data or execute certain actions before allowing the request to proceed. |
| CWE-863 | Incorrect Authorization | This vulnerability occurs when an application checks if a user is allowed to perform an action or access data, but the check is flawed or incomplete, allowing unauthorized access. |
Mapping Notes
Usage: Prohibited
Reasons: View
Rationale:
This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.
Comment:
Use this View or other Views to search and navigate for the appropriate weakness.