CWE - Differences between Draft 9 and Version 1.0

Home > CWE List > Reports > Differences between Draft 9 and Version 1.0

Differences between Draft 9 and Version 1.0

Differences between Draft 9 and Version 1.0

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total new	39
Total deprecated	3
Total shared	695
Total important changes	692
Total major changes	695
Total minor changes	452
Total minor changes (no major)
Total unchanged	0

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Affected_Resources	0	0
Alternate_Terms	19	22
Applicable_Platforms	100	422
Background_Details	15	0
Black_Box_Definitions	0	0
Causal_Nature	2	74
Common_Consequences	133	0
Demonstrative_Examples	258	0
Description	134	2
Detection_Factors	11	0
Enabling_Factors_for_Exploitation	1	0
Functional_Areas	4	3
Likelihood_of_Exploit	6	2
Maintenance_Notes	33	0
Modes_of_Introduction	10	0
Name	26	1
Observed_Examples	43	0
Other_Notes	312	0
Potential_Mitigations	278	0
References	15	0
Related_Attack_Patterns	0	0
Relationship_Notes	58	0
Relationships	686	0
Relevant_Properties	6	0
Research_Gaps	6	0
Taxonomy_Mappings	552	0
Terminology_Notes	3	0
Theoretical_Notes	2	0
Time_of_Introduction	548	0
Type	22	0
View_Audience	2	0
View_Filter	7	0
View_Structure	14	0
Weakness_Ordinalities	103	1
White_Box_Definitions	22	3

Form and Abstraction Changes

From	To	Total
Unchanged		673
Category	Deprecated	1
Weakness/Base	Deprecated	2
Weakness/Base	Weakness/Class	1
Weakness/Base	Weakness/Variant	1
Weakness/Class	Category	3
Weakness/Class	Weakness/Base	6
Weakness/Class	Weakness/Variant	1
Weakness/Variant	Weakness/Base	7

Relationship Changes

The "Version 1.0 Total" lists the total number of relationships in Version 1.0. The "Shared" value is the total number of relationships in entries that were in both Version 1.0 and Draft 9. The "New" value is the total number of relationships involving entries that did not exist in Draft 9. Thus, the total number of relationships in Version 1.0 would combine stats from Shared entries and New entries.

Relationship	Version 1.0 Total	Draft 9 Total	Version 1.0 Shared	Unchanged	Added to Version 1.0	Removed from Version 1.0	Version 1.0 New
ALL	3994	2332	3529	1438	2091	894	465
CanAlsoBe	39	47	38	38		9	1
CanFollow	65	35	64	32	32	3	1
CanPrecede	65	35	64	32	32	3	1
ChildOf	1694	989	1504	558	946	431	190
HasMember	96	0	57		57		39
MemberOf	96	0	57		57		39
ParentOf	1694	989	1504	558	946	431	190
PeerOf	188	181	186	168	18	13	2
RequiredBy	27	28	26	26		2	1
Requires	27	28	26	26		2	1
StartsWith	3	0	3		3

Nodes Removed from Draft 9

CWE-ID	CWE Name
None.

Nodes Added to Version 1.0

CWE-ID	CWE Name
694	Use of Multiple Resources with Duplicate Identifier
695	Use of Low-Level Functionality
696	Incorrect Behavior Order
697	Insufficient Comparison
698	Redirect Without Exit
699	Development Concepts
700	Seven Pernicious Kingdoms
701	Weaknesses Introduced During Design
702	Weaknesses Introduced During Implementation
703	Failure to Handle Exceptional Conditions
704	Incorrect Type Conversion or Cast
705	Incorrect Control Flow Scoping
706	Use of Incorrectly-Resolved Name or Reference
707	Failure to Enforce that Messages or Data are Well-Formed
708	Incorrect Ownership Assignment
709	Named Chains
710	Coding Standards Violation
711	Weaknesses in OWASP Top Ten (2004)
712	OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
713	OWASP Top Ten 2007 Category A2 - Injection Flaws
714	OWASP Top Ten 2007 Category A3 - Malicious File Execution
715	OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
716	OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
717	OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
718	OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
719	OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
720	OWASP Top Ten 2007 Category A9 - Insecure Communications
721	OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
722	OWASP Top Ten 2004 Category A1 - Unvalidated Input
723	OWASP Top Ten 2004 Category A2 - Broken Access Control
724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
725	OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
726	OWASP Top Ten 2004 Category A5 - Buffer Overflows
727	OWASP Top Ten 2004 Category A6 - Injection Flaws
728	OWASP Top Ten 2004 Category A7 - Improper Error Handling
729	OWASP Top Ten 2004 Category A8 - Insecure Storage
730	OWASP Top Ten 2004 Category A9 - Denial of Service
731	OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
732	Insecure Permission Assignment for Resource

Nodes Deprecated in Version 1.0

CWE-ID	CWE Name
132	DEPRECATED (Duplicate): Miscalculated Null Termination
139	DEPRECATED: General Special Element Problems
218	DEPRECATED (Duplicate): Failure to provide confidentiality for stored data

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

		R	1	Location
		R	2	Environment
		R	3	Technology-specific Environment Issues
		R	4	J2EE Environment Issues
		R	5	J2EE Misconfiguration: Data Transmission Without Encryption
		R	6	J2EE Misconfiguration: Insufficient Session-ID Length
		R	7	J2EE Misconfiguration: Missing Error Handling
		R	8	J2EE Misconfiguration: Entity Bean Declared Remote
		R	9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods
		R	10	ASP.NET Environment Issues
		R	11	ASP.NET Misconfiguration: Creating Debug Binary
		R	12	ASP.NET Misconfiguration: Missing Custom Error Handling
		R	13	ASP.NET Misconfiguration: Password in Configuration File
		R	14	Compiler Removal of Code to Clear Buffers
		R	15	External Control of System or Configuration Setting
		R	16	Configuration
		R	17	Code
		R	18	Source Code
		R	19	Data Handling
		R	20	Insufficient Input Validation
		R	21	Pathname Traversal and Equivalence Errors
		R	22	Path Traversal
		R	23	Relative Path Traversal
		R	24	Path Traversal: '../filedir'
		R	25	Path Traversal: '/../filedir'
		R	26	Path Traversal: '/dir/../filename'
		R	27	Path Traversal: 'dir/../../filename'
		R	28	Path Traversal: '..\filename'
		R	29	Path Traversal: '\..\filename'
		R	30	Path Traversal: '\dir\..\filename'
		R	31	Path Traversal: 'dir\..\filename'
		R	32	Path Traversal: '...' (Triple Dot)
		R	33	Path Traversal: '....' (Multiple Dot)
		R	34	Path Traversal: '....//'
D		R	35	Path Traversal: '.../...//'
		R	36	Absolute Path Traversal
		R	37	Path Traversal: '/absolute/pathname/here'
		R	38	Path Traversal: '\absolute\pathname\here'
		R	39	Path Traversal: 'C:dirname'
		R	40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
		R	41	Failure to Resolve Path Equivalence
		R	42	Path Equivalence: 'filename.' (Trailing Dot)
		R	43	Path Equivalence: 'filename....' (Multiple Trailing Dot)
		R	44	Path Equivalence: 'file.name' (Internal Dot)
		R	45	Path Equivalence: 'file...name' (Multiple Internal Dot)
		R	46	Path Equivalence: 'filename ' (Trailing Space)
		R	47	Path Equivalence: ' filename (Leading Space)
		R	48	Path Equivalence: 'file name' (Internal Whitespace)
		R	49	Path Equivalence: 'filename/' (Trailing Slash)
		R	50	Path Equivalence: '//multiple/leading/slash'
		R	51	Path Equivalence: '/multiple//internal/slash'
		R	52	Path Equivalence: '/multiple/trailing/slash//'
		R	53	Path Equivalence: '\multiple\\internal\backslash'
		R	54	Path Equivalence: 'filedir\' (Trailing Backslash)
		R	55	Path Equivalence: '/./' (Single Dot Directory)
		R	56	*Path Equivalence: 'filedir' (Wildcard)**
		R	57	Path Equivalence: 'dirname/fakechild/../realchild/filename'
		R	58	Path Equivalence: Windows 8.3 Filename
		R	59	Failure to Resolve Links Before File Access (aka 'Link Following')
		R	60	UNIX Path Link Problems
		R	61	UNIX Symbolic Link (Symlink) Following
		R	62	UNIX Hard Link
		R	63	Windows Path Link Problems
		R	64	Windows Shortcut Following (.LNK)
		R	65	Windows Hard Link
D		R	66	Failure to Handle File Names that Identify Virtual Resources
		R	67	Failure to Handle Windows Device Names
		R	68	Windows Virtual File Problems
D		R	69	Failure to Handle Windows ::DATA Alternate Data Stream
		R	70	Mac Virtual File Problems
		R	71	Apple '.DS_Store'
		R	72	Apple HFS+ Alternate Data Stream
		R	73	External Control of File Name or Path
D		R	74	Failure to Sanitize Data into a Different Plane (aka 'Injection')
		R	75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
		R	76	Failure to Resolve Equivalent Special Elements into a Different Plane
		R	77	Failure to Sanitize Data into a Control Plane (aka 'Command Injection')
		R	78	Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')
D		R	79	Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))
		R	80	Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)
D		R	81	Failure to Sanitize Directives in an Error Message Web Page
		R	82	Failure to Sanitize Script in Attributes of IMG Tags in a Web Page
		R	83	Failure to Sanitize Script in Attributes in a Web Page
		R	84	Failure to Resolve Encoded URI Schemes in a Web Page
		R	85	Doubled Character XSS Manipulations
D	N	R	86	Failure to Sanitize Invalid Characters in Identifiers in Web Pages
	N	R	87	Failure to Sanitize Alternate XSS Syntax
		R	88	Argument Injection or Modification
	N	R	89	Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')
		R	90	Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')
		R	91	XML Injection (aka Blind XPath Injection)
		R	92	Custom Special Character Injection
		R	93	Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')
		R	94	Code Injection
D		R	95	Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')
		R	96	Insufficient Control of Directives in Statically Saved Code (Static Code Injection)
		R	97	Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
		R	98	Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')
		R	99	Insufficient Control of Resource Identifiers (aka 'Resource Injection')
		R	100	Technology-Specific Input Validation Problems
D		R	101	Struts Validation Problems
		R	102	Struts: Duplicate Validation Forms
		R	103	Struts: Incomplete validate() Method Definition
		R	104	Struts: Form Bean Does Not Extend Validation Class
		R	105	Struts: Form Field Without Validator
		R	106	Struts: Plug-in Framework not in Use
D		R	107	Struts: Unused Validation Form
		R	108	Struts: Unvalidated Action Form
		R	109	Struts: Validator Turned Off
		R	110	Struts: Validator Without Form Field
		R	111	Direct Use of Unsafe JNI
		R	112	Missing XML Validation
		R	113	Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')
		R	114	Process Control
		R	115	Misinterpretation of Input
	N	R	116	Insufficient Output Sanitization
		R	117	Incorrect Output Sanitization for Logs
D	N	R	118	Improper Access of Indexable Resource (aka 'Range Error')
D		R	119	Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer
		R	120	Unbounded Transfer ('Classic Buffer Overflow')
		R	121	Stack-based Buffer Overflow
		R	122	Heap-based Buffer Overflow
		R	123	Write-what-where Condition
D		R	124	Boundary Beginning Violation ('Buffer Underwrite')
		R	125	Out-of-bounds Read
		R	126	Buffer Over-read
		R	127	Buffer Under-read
		R	128	Wrap-around Error
		R	129	Unchecked Array Indexing
D	N	R	130	Failure to Handle Length Parameter Inconsistency
		R	131	Incorrect Calculation of Buffer Size
D	N	R	132	DEPRECATED (Duplicate): Miscalculated Null Termination
		R	133	String Errors
		R	134	Uncontrolled Format String
		R	135	Incorrect Calculation of Multi-Byte String Length
		R	136	Type Errors
		R	137	Representation Errors
D		R	138	Failure to Sanitize Special Elements
D	N	R	139	DEPRECATED: General Special Element Problems
		R	140	Failure to Sanitize Delimiters
		R	141	Failure to Sanitize Parameter/Argument Delimiters
		R	142	Failure to Sanitize Value Delimiters
		R	143	Failure to Sanitize Record Delimiters
		R	144	Failure to Sanitize Line Delimiters
		R	145	Failure to Sanitize Section Delimiters
		R	146	Failure to Sanitize Expression/Command Delimiters
		R	147	Failure to Sanitize Input Terminators
		R	148	Failure to Sanitize Input Leaders
		R	149	Failure to Sanitize Quoting Syntax
		R	150	Failure to Sanitize Escape, Meta, or Control Sequences
		R	151	Failure to Sanitize Comment Element
		R	152	Failure to Sanitize Macro Symbol
		R	153	Failure to Sanitize Substitution Character
		R	154	Failure to Sanitize Variable Name Delimiter
		R	155	Failure to Sanitize Wildcard or Matching Symbol
D		R	156	Failure to Sanitize Whitespace
		R	157	Failure to Sanitize Paired Delimiters
		R	158	Failure to Sanitize Null Byte or NUL Character
		R	159	Failure to Sanitize Special Element
		R	160	Failure to Sanitize Leading Special Element
		R	161	Failure to Sanitize Multiple Leading Special Elements
		R	162	Failure to Sanitize Trailing Special Element
		R	163	Failure to Sanitize Multiple Trailing Special Elements
		R	164	Failure to Sanitize Internal Special Element
		R	165	Failure to Sanitize Multiple Internal Special Elements
		R	166	Failure to Handle Missing Special Element
		R	167	Failure to Handle Additional Special Element
		R	168	Failure to Resolve Inconsistent Special Elements
		R	169	Technology-Specific Special Elements
D		R	170	Improper Null Termination
		R	171	Cleansing, Canonicalization, and Comparison Errors
		R	172	Encoding Error
		R	173	Failure to Handle Alternate Encoding
		R	174	Double Decoding of the Same Data
		R	175	Failure to Handle Mixed Encoding
		R	176	Failure to Handle Unicode Encoding
		R	177	Failure to Handle URL Encoding (Hex Encoding)
D		R	178	Failure to Resolve Case Sensitivity
		R	179	Incorrect Behavior Order: Early Validation
		R	180	Incorrect Behavior Order: Validate Before Canonicalize
		R	181	Incorrect Behavior Order: Validate Before Filter
D		R	182	Collapse of Data Into Unsafe Value
D		R	183	Permissive Whitelist
		R	184	Incomplete Blacklist
D	N	R	185	Incorrect Regular Expression
		R	186	Overly Restrictive Regular Expression
D		R	187	Partial Comparison
		R	188	Reliance on Data/Memory Layout
		R	189	Numeric Errors
		R	190	Integer Overflow (Wrap or Wraparound)
		R	191	Integer Underflow (Wrap or Wraparound)
		R	192	Integer Coercion Error
		R	193	Off-by-one Error
D		R	194	Incorrect Sign Extension
		R	195	Signed to Unsigned Conversion Error
		R	196	Unsigned to Signed Conversion Error
		R	197	Numeric Truncation Error
		R	198	Use of Incorrect Byte Ordering
		R	199	Information Management Errors
		R	200	Information Leak (Information Disclosure)
		R	201	Information Leak Through Sent Data
D		R	202	Privacy Leak through Data Queries
		R	203	Discrepancy Information Leaks
		R	204	Response Discrepancy Information Leak
		R	205	Behavioral Discrepancy Information Leak
		R	206	Internal Behavioral Inconsistency Information Leak
		R	207	External Behavioral Inconsistency Information Leak
		R	208	Timing Discrepancy Information Leak
		R	209	Error Message Information Leaks
		R	210	Product-Generated Error Message Information Leak
		R	211	Product-External Error Message Information Leak
		R	212	Cross-boundary Cleansing Information Leak
		R	213	Intended Information Leak
		R	214	Process Environment Information Leak
		R	215	Information Leak Through Debug Information
		R	216	Containment Errors (Container Errors)
		R	217	Failure to Protect Stored Data from Modification
D	N	R	218	DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
		R	219	Sensitive Data Under Web Root
		R	220	Sensitive Data Under FTP Root
D		R	221	Information Loss or Omission
		R	222	Truncation of Security-relevant Information
		R	223	Omission of Security-relevant Information
		R	224	Obscured Security-relevant Information by Alternate Name
		R	225	DEPRECATED (Duplicate): General Information Management Problems
		R	226	Sensitive Information Uncleared Before Release
D		R	227	Failure to Fulfill API Contract (aka 'API Abuse')
D	N	R	228	Failure to Handle Syntactically Invalid Structure
		R	229	Improper Handling of Values
		R	230	Failure to Handle Missing Value
		R	231	Failure to Handle Extra Value
		R	232	Failure to Handle Undefined Value
		R	233	Parameter Problems
		R	234	Failure to Handle Missing Parameter
		R	235	Failure to Handle Extra Parameter
		R	236	Failure to Handle Undefined Parameter
		R	237	Element Problems
		R	238	Failure to Handle Missing Element
		R	239	Failure to Handle Incomplete Element
		R	240	Failure to Resolve Inconsistent Elements
		R	241	Failure to Handle Wrong Data Type
		R	242	Use of Inherently Dangerous Function
D		R	243	Failure to Change Working Directory in chroot Jail
	N	R	244	Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')
		R	245	J2EE Bad Practices: Direct Management of Connections
		R	246	J2EE Bad Practices: Direct Use of Sockets
		R	247	Reliance on DNS Lookups in a Security Decision
		R	248	Uncaught Exception
		R	249	Often Misused: Path Manipulation
D		R	250	Design Principle Violation: Failure to Use Least Privilege
		R	251	Often Misused: String Management
		R	252	Unchecked Return Value
		R	253	Misinterpreted Function Return Value
		R	254	Security Features
		R	255	Credentials Management
		R	256	Plaintext Storage of a Password
		R	257	Storing Passwords in a Recoverable Format
		R	258	Empty Password in Configuration File
		R	259	Hard-Coded Password
		R	260	Password in Configuration File
		R	261	Weak Cryptography for Passwords
		R	262	Not Using Password Aging
		R	263	Password Aging with Long Expiration
		R	264	Permissions, Privileges, and Access Controls
D		R	265	Privilege / Sandbox Issues
D		R	266	Incorrect Privilege Assignment
D		R	267	Privilege Defined With Unsafe Actions
		R	268	Privilege Chaining
D	N	R	269	Insecure Privilege Management
D		R	270	Privilege Context Switching Error
D		R	271	Privilege Dropping / Lowering Errors
		R	272	Least Privilege Violation
D		R	273	Failure to Check Whether Privileges Were Dropped Successfully
D		R	274	Failure to Handle Insufficient Privileges
		R	275	Permission Issues
		R	276	Insecure Default Permissions
		R	277	Insecure Inherited Permissions
		R	278	Insecure Preserved Inherited Permissions
		R	279	Insecure Execution-assigned Permissions
		R	280	Failure to Handle Insufficient Permissions or Privileges
		R	281	Permission Preservation Failure
		R	282	Improper Ownership Management
		R	283	Unverified Ownership
D	N	R	284	Access Control (Authorization) Issues
		R	285	Missing or Inconsistent Access Control
D	N	R	286	Incorrect User Management
		R	287	Insufficient Authentication
D	N	R	288	Authentication Bypass Using an Alternate Path or Channel
D		R	289	Authentication Bypass by Alternate Name
D		R	290	Authentication Bypass by Spoofing
		R	291	Trusting Self-reported IP Address
		R	292	Trusting Self-reported DNS Name
		R	293	Using Referer Field for Authentication
		R	294	Authentication Bypass by Capture-replay
		R	295	Certificate Issues
		R	296	Failure to Follow Chain of Trust in Certificate Validation
		R	297	Failure to Validate Host-specific Certificate Data
		R	298	Failure to Validate Certificate Expiration
		R	299	Failure to Check for Certificate Revocation
D		R	300	Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')
D		R	301	Reflection Attack in an Authentication Protocol
		R	302	Authentication Bypass by Assumed-Immutable Data
		R	303	Improper Implementation of Authentication Algorithm
		R	304	Missing Critical Step in Authentication
		R	305	Authentication Bypass by Primary Weakness
		R	306	No Authentication for Critical Function
		R	307	Failure to Restrict Excessive Authentication Attempts
		R	308	Use of Single-factor Authentication
		R	309	Use of Password System for Primary Authentication
		R	310	Cryptographic Issues
		R	311	Failure to Encrypt Sensitive Data
		R	312	Plaintext Storage of Sensitive Information
		R	313	Plaintext Storage in a File or on Disk
		R	314	Plaintext Storage in the Registry
		R	315	Plaintext Storage in a Cookie
D		R	316	Plaintext Storage in Memory
D		R	317	Plaintext Storage in GUI
		R	318	Plaintext Storage in Executable
		R	319	Plaintext Transmission of Sensitive Information
		R	320	Key Management Errors
		R	321	Use of Hard-coded Cryptographic Key
		R	322	Key Exchange without Entity Authentication
		R	323	Reusing a Nonce, Key Pair in Encryption
		R	324	Use of a Key Past its Expiration Date
D		R	325	Missing Required Cryptographic Step
		R	326	Weak Encryption
D		R	327	Use of a Broken or Risky Cryptographic Algorithm
		R	328	Reversible One-Way Hash
		R	329	Not Using a Random IV with CBC Mode
		R	330	Use of Insufficiently Random Values
		R	331	Insufficient Entropy
		R	332	Insufficient Entropy in PRNG
		R	333	Failure to Handle Insufficient Entropy in TRNG
		R	334	Small Space of Random Values
		R	335	PRNG Seed Error
		R	336	Same Seed in PRNG
		R	337	Predictable Seed in PRNG
		R	338	Use of Cryptographically Weak PRNG
		R	339	Small Seed Space in PRNG
		R	340	Predictability Problems
		R	341	Predictable from Observable State
		R	342	Predictable Exact Value from Previous Values
		R	343	Predictable Value Range from Previous Values
		R	344	Use of Invariant Value in Dynamically Changing Context
		R	345	Insufficient Verification of Data Authenticity
		R	346	Origin Validation Error
		R	347	Improperly Verified Signature
		R	348	Use of Less Trusted Source
		R	349	Acceptance of Extraneous Untrusted Data With Trusted Data
		R	350	Improperly Trusted Reverse DNS
		R	351	Insufficient Type Distinction
D		R	352	Cross-Site Request Forgery (CSRF)
		R	353	Failure to Add Integrity Check Value
		R	354	Failure to Check Integrity Check Value
		R	355	User Interface Security Issues
		R	356	Product UI does not Warn User of Unsafe Actions
		R	357	Insufficient UI Warning of Dangerous Operations
		R	358	Improperly Implemented Security Check for Standard
		R	359	Privacy Violation
		R	360	Trust of System Event Data
		R	361	Time and State
		R	362	Race Condition
		R	363	Race Condition Enabling Link Following
		R	364	Signal Handler Race Condition
		R	365	Race Condition in Switch
		R	366	Race Condition within a Thread
		R	367	Time-of-check Time-of-use Race Condition
		R	368	Context Switching Race Condition
D		R	369	Divide By Zero
		R	370	Race Condition in Checking for Certificate Revocation
		R	371	State Issues
		R	372	Incomplete Internal State Distinction
		R	373	State Synchronization Error
		R	374	Mutable Objects Passed by Reference
		R	375	Passing Mutable Objects to an Untrusted Method
		R	376	Temporary File Issues
		R	377	Insecure Temporary File
		R	378	Creation of Temporary File With Insecure Permissions
		R	379	Creation of Temporary File in Directory with Insecure Permissions
		R	380	Technology-Specific Time and State Issues
		R	381	J2EE Time and State Issues
		R	382	J2EE Bad Practices: Use of System.exit()
		R	383	J2EE Bad Practices: Direct Use of Threads
D		R	384	Session Fixation
		R	385	Covert Timing Channel
		R	386	Symbolic Name not Mapping to Correct Object
D		R	387	Signal Errors
D		R	388	Error Handling
		R	389	Error Conditions, Return Values, Status Codes
		R	390	Detection of Error Condition Without Action
		R	391	Unchecked Error Condition
		R	392	Failure to Report Error in Status Code
		R	393	Return of Wrong Status Code
		R	394	Unexpected Status Code or Return Value
		R	395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
		R	396	Declaration of Catch for Generic Exception
		R	397	Declaration of Throws for Generic Exception
D		R	398	Indicator of Poor Code Quality
		R	399	Resource Management Errors
		R	400	Resource Exhaustion
		R	401	Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')
		R	402	Transmission of Private Resources into a New Sphere (aka 'Resource Leak')
		R	403	UNIX File Descriptor Leak
D		R	404	Improper Resource Shutdown or Release
		R	405	Asymmetric Resource Consumption (Amplification)
		R	406	Network Amplification
		R	407	Algorithmic Complexity
		R	408	Incorrect Behavior Order: Early Amplification
		R	409	Failure to Handle Highly Compressed Data (Data Amplification)
		R	410	Insufficient Resource Pool
		R	411	Resource Locking Problems
D		R	412	Unrestricted Lock on Critical Resource
		R	413	Insufficient Resource Locking
		R	414	Missing Lock Check
D		R	415	Double Free
		R	416	Use After Free
		R	417	Channel and Path Errors
		R	418	Channel Errors
		R	419	Unprotected Primary Channel
		R	420	Unprotected Alternate Channel
		R	421	Race Condition During Access to Alternate Channel
		R	422	Unprotected Windows Messaging Channel ('Shatter')
		R	423	Proxied Trusted Channel
		R	424	Failure to Protect Alternate Path
		R	425	Direct Request ('Forced Browsing')
		R	426	Untrusted Search Path
		R	427	Uncontrolled Search Path Element
		R	428	Unquoted Search Path or Element
		R	429	Handler Errors
		R	430	Deployment of Wrong Handler
		R	431	Missing Handler
		R	432	Dangerous Handler not Disabled During Sensitive Operations
		R	433	Unparsed Raw Web Content Delivery
		R	434	Unrestricted File Upload
		R	435	Interaction Error
		R	436	Interpretation Conflict
		R	437	Incomplete Model of Endpoint Features
		R	438	Behavioral Problems
		R	439	Behavioral Change in New Version or Environment
		R	440	Expected Behavior Violation
		R	441	Unintended Proxy/Intermediary
D		R	442	Web Problems
		R	443	DEPRECATED (Duplicate): HTTP response splitting
	N	R	444	Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')
		R	445	User Interface Errors
		R	446	UI Discrepancy for Security Feature
		R	447	Unimplemented or Unsupported Feature in UI
		R	448	Obsolete Feature in UI
		R	449	The UI Performs the Wrong Action
		R	450	Multiple Interpretations of UI Input
		R	451	UI Misrepresentation of Critical Information
		R	452	Initialization and Cleanup Errors
		R	453	Insecure Default Variable Initialization
D		R	454	External Initialization of Trusted Variables
		R	455	Non-exit on Failed Initialization
		R	456	Missing Initialization
D		R	457	Use of Uninitialized Variable
		R	458	DEPRECATED: Incorrect Initialization
		R	459	Incomplete Cleanup
		R	460	Improper Cleanup on Thrown Exception
		R	461	Data Structure Issues
		R	462	Duplicate Key in Associative List (Alist)
		R	463	Deletion of Data Structure Sentinel
		R	464	Addition of Data Structure Sentinel
		R	465	Pointer Issues
		R	466	Return of Pointer Value Outside of Expected Range
		R	467	Use of sizeof() on a Pointer Type
		R	468	Incorrect Pointer Scaling
		R	469	Use of Pointer Subtraction to Determine Size
D		R	470	Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')
		R	471	Modification of Assumed-Immutable Data (MAID)
D		R	472	External Control of Assumed-Immutable Web Parameter
		R	473	PHP External Variable Modification
		R	474	Use of Function with Inconsistent Implementations
		R	475	Undefined Behavior for Input to API
		R	476	NULL Pointer Dereference
		R	477	Use of Obsolete Functions
D		R	478	Failure to Use Default Case in Switch
D		R	479	Unsafe Function Call from a Signal Handler
		R	480	Use of Incorrect Operator
D		R	481	Assigning instead of Comparing
D		R	482	Comparing instead of Assigning
D		R	483	Incorrect Block Delimitation
D		R	484	Omitted Break Statement
D		R	485	Insufficient Encapsulation
D		R	486	Comparison of Classes by Name
		R	487	Reliance on Package-level Scope
D		R	488	Data Leak Between Sessions
		R	489	Leftover Debug Code
		R	490	Mobile Code Issues
		R	491	Public cloneable() Method Without Final (aka 'Object Hijack')
		R	492	Use of Inner Class Containing Sensitive Data
D		R	493	Critical Public Variable Without Final Modifier
		R	494	Download of Untrusted Mobile Code Without Integrity Check
		R	495	Private Array-Typed Field Returned From A Public Method
		R	496	Public Data Assigned to Private Array-Typed Field
		R	497	Information Leak of System Data
D		R	498	Information Leak through Class Cloning
D		R	499	Serializable Class Containing Sensitive Data
		R	500	Static Field Not Marked Final
D		R	501	Trust Boundary Violation
D		R	502	Deserialization of Untrusted Data
		R	503	Byte/Object Code
		R	504	Motivation/Intent
D		R	505	Intentionally Introduced Weakness
D		R	506	Embedded Malicious Code
		R	507	Trojan Horse
		R	508	Non-Replicating Malicious Code
		R	509	Replicating Malicious Code (Virus or Worm)
		R	510	Trapdoor
		R	511	Logic/Time Bomb
		R	512	Spyware
		R	513	Intentionally Introduced Nonmalicious Weakness
		R	514	Covert Channel
		R	515	Covert Storage Channel
		R	516	DEPRECATED (Duplicate): Covert Timing Channel
		R	517	Other Intentional, Nonmalicious Weakness
		R	518	Inadvertently Introduced Weakness
		R	519	.NET Environment Issues
		R	520	.NET Misconfiguration: Use of Impersonation
D		R	521	Weak Password Requirements
		R	522	Insufficiently Protected Credentials
		R	523	Unprotected Transport of Credentials
		R	524	Information Leak Through Caching
		R	525	Information Leak Through Browser Caching
		R	526	Information Leak Through Environmental Variables
		R	527	Information Leak Through CVS Repository
		R	528	Information Leak Through Core Dump Files
		R	529	Information Leak Through Access Control List Files
		R	530	Information Leak Through Backup (.~bk) Files
		R	531	Information Leak Through Test Code
		R	532	Information Leak Through Log Files
		R	533	Information Leak Through Server Log Files
		R	534	Information Leak Through Debug Log Files
		R	535	Information Leak Through Shell Error Message
		R	536	Information Leak Through Servlet Runtime Error Message
		R	537	Information Leak Through Java Runtime Error Message
		R	538	File and Directory Information Leaks
		R	539	Information Leak Through Persistent Cookies
		R	540	Information Leak Through Source Code
		R	541	Information Leak Through Include Source Code
		R	542	Information Leak Through Cleanup Log Files
		R	543	Use of Singleton Pattern in a Non-thread-safe Manner
D		R	544	Missing Error Handling Mechanism
		R	545	Use of Dynamic Class Loading
D		R	546	Suspicious Comment
D		R	547	Use of Hard-coded, Security-relevant Constants
		R	548	Information Leak Through Directory Listing
		R	549	Missing Password Field Masking
		R	550	Information Leak Through Server Error Message
		R	551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
		R	552	Files or Directories Accessible to External Parties
		R	553	Command Shell in Externally Accessible Directory
D		R	554	ASP.NET Misconfiguration: Not Using Input Validation Framework
D		R	555	J2EE Misconfiguration: Plaintext Password in Configuration File
		R	556	ASP.NET Misconfiguration: Use of Identity Impersonation
		R	557	Concurrency Issues
D		R	558	Use of getlogin() in Multithreaded Application
		R	559	Often Misused: Arguments and Parameters
		R	560	Use of umask() with chmod-style Argument
D		R	561	Dead Code
		R	562	Return of Stack Variable Address
D		R	563	Unused Variable
		R	564	SQL Injection: Hibernate
		R	565	Use of Cookies in Security Decision
		R	566	Access Control Bypass Through User-Controlled SQL Primary Key
		R	567	Unsynchronized Access to Shared Data
		R	568	finalize() Method Without super.finalize()
		R	569	Expression Issues
		R	570	Expression is Always False
		R	571	Expression is Always True
		R	572	Call to Thread run() instead of start()
D		R	573	Failure to Follow Specification
		R	574	EJB Bad Practices: Use of Synchronization Primitives
		R	575	EJB Bad Practices: Use of AWT Swing
		R	576	EJB Bad Practices: Use of Java I/O
		R	577	EJB Bad Practices: Use of Sockets
		R	578	EJB Bad Practices: Use of Class Loader
		R	579	J2EE Bad Practices: Non-serializable Object Stored in Session
		R	580	clone() Method Without super.clone()
		R	581	Object Model Violation: Just One of Equals and Hashcode Defined
D		R	582	Array Declared Public, Final, and Static
		R	583	finalize() Method Declared Public
		R	584	Return Inside Finally Block
		R	585	Empty Synchronized Block
		R	586	Explicit Call to Finalize()
D		R	587	Assignment of a Fixed Address to a Pointer
		R	588	Attempt to Access Child of a Non-structure Pointer
		R	589	Call to Non-ubiquitous API
D		R	590	Free of Invalid Pointer Not on the Heap
		R	591	Sensitive Data Storage in Improperly Locked Memory
		R	592	Authentication Bypass Issues
		R	593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
		R	594	J2EE Framework: Saving Unserializable Objects to Disk
D		R	595	Incorrect Syntactic Object Comparison
D		R	596	Incorrect Semantic Object Comparison
D		R	597	Use of Wrong Operator in String Comparison
		R	598	Information Leak Through Query Strings in GET Request
		R	599	Trust of OpenSSL Certificate Without Validation
		R	600	Failure to Catch All Exceptions (Missing Catch Block)
D	N	R	601	URL Redirection to Untrusted Site (aka 'Open Redirect')
		R	602	Design Principle Violation: Client-Side Enforcement of Server-Side Security
D		R	603	Use of Client-Side Authentication
		R	604	Deprecated
		R	605	Multiple Binds to the Same Port
		R	606	Unchecked Input for Loop Condition
		R	607	Public Static Final Field References Mutable Object
		R	608	Struts: Non-private Field in ActionForm Class
D		R	609	Double-Checked Locking
		R	610	Externally Controlled Reference to a Resource in Another Sphere
D		R	611	Information Leak Through XML External Entity File Disclosure
D		R	612	Information Leak Through Indexing of Private Data
		R	613	Insufficient Session Expiration
		R	614	Sensitive Cookie in HTTPS Session Without "Secure" Attribute
		R	615	Information Leak Through Comments
		R	616	Incomplete Identification of Uploaded File Variables (PHP)
D		R	617	Reachable Assertion
		R	618	Exposed Unsafe ActiveX Method
		R	619	Dangling Database Cursor (aka 'Cursor Injection')
D		R	620	Unverified Password Change
D		R	621	Variable Extraction Error
D		R	622	Unvalidated Function Hook Arguments
D		R	623	Unsafe ActiveX Control Marked Safe For Scripting
		R	624	Executable Regular Expression Error
D		R	625	Permissive Regular Expression
D		R	626	Null Byte Interaction Error (Poison Null Byte)
		R	627	Dynamic Variable Evaluation
D		R	628	Function Call with Incorrectly Specified Arguments
D	N	R	629	Weaknesses in OWASP Top Ten (2007)
		R	630	Weaknesses Examined by SAMATE
		R	631	Resource-specific Weaknesses
		R	632	Weaknesses that Affect Files or Directories
		R	633	Weaknesses that Affect Memory
		R	634	Weaknesses that Affect System Processes
		R	635	Weaknesses Used by NVD
D	N	R	636	Design Principle Violation: Not Failing Securely (aka 'Failing Open')
D		R	637	Design Principle Violation: Not Using Economy of Mechanism
		R	638	Design Principle Violation: Not Using Complete Mediation
		R	639	Access Control Bypass Through User-Controlled Key
D	N	R	640	Weak Password Recovery Mechanism for Forgotten Password
		R	641	Insufficient Filtering of File and Other Resource Names for Executable Content
		R	642	External Control of User State Data
		R	643	Unsafe Treatment of XPath Input
		R	644	Insufficient Filtering of HTTP Headers for Scripting Syntax
		R	645	Overly Restrictive Account Lockout Mechanism
		R	646	Taking Actions based on File Name or Extension of a User Supplied File
		R	647	Using Non-Canonical Paths for Authorization Decisions
		R	648	Improper Use of Privileged APIs
		R	649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
		R	650	Trusting HTTP Permission Methods on the Server Side
D		R	651	Information Leak through WSDL File
		R	652	Unsafe Treatment of XQuery Input
D		R	653	Design Principle Violation: Insufficient Compartmentalization
		R	654	Design Principle Violation: Reliance on a Single Factor in a Security Decision
		R	655	Design Principle Violation: Failure to Satisfy Psychological Acceptability
D		R	656	Design Principle Violation: Reliance on Security through Obscurity
D		R	657	Violation of Secure Design Principles
D	N		658	Weaknesses in Software Written in C
D	N		659	Weaknesses in Software Written in C++
D	N		660	Weaknesses in Software Written in Java
D	N		661	Weaknesses in Software Written in PHP
		R	662	Insufficient Synchronization
		R	663	Use of a Non-reentrant Function in an Unsynchronized Context
D		R	664	Insufficient Control of a Resource Through its Lifetime
		R	665	Incorrect or Incomplete Initialization
D			666	Operation on Resource in Wrong Phase of Lifetime
		R	667	Insufficient Locking
		R	668	Exposure of Resource to Wrong Sphere
		R	669	Incorrect Resource Transfer Between Spheres
D		R	670	Always-Incorrect Control Flow Implementation
D		R	671	Design Principle Violation: Lack of Administrator Control over Security
		R	672	Use of a Resource after Expiration or Release
D		R	673	External Influence of Sphere Definition
		R	674	Uncontrolled Recursion
		R	675	Duplicate Operations on Resource
		R	676	Use of Potentially Dangerous Function
D			678	Composites
		R	680	Integer Overflow to Buffer Overflow
		R	681	Incorrect Conversion between Numeric Types
		R	682	Incorrect Calculation
D		R	683	Function Call With Incorrect Order of Arguments
D		R	684	Failure to Provide Specified Functionality
		R	685	Function Call With Incorrect Number of Arguments
D		R	686	Function Call With Incorrect Argument Type
		R	687	Function Call With Incorrectly Specified Argument Value
		R	688	Function Call With Incorrect Variable or Reference as Argument
		R	689	Permission Race Condition During Resource Copy
D		R	690	Unchecked Return Value to NULL Pointer Dereference
		R	691	Insufficient Control Flow Management
		R	692	Incomplete Blacklist to Cross-Site Scripting
D		R	693	Protection Mechanism Failure
D	N	R	1000	Research Concepts

Detailed Difference Report

1	Location
	Major	Relationships
	Minor	None
2	Environment
	Major	Relationships
	Minor	None
3	Technology-specific Environment Issues
	Major	Relationships
	Minor	None
4	J2EE Environment Issues
	Major	Relationships, Taxonomy_Mappings
	Minor	None
5	J2EE Misconfiguration: Data Transmission Without Encryption
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
6	J2EE Misconfiguration: Insufficient Session-ID Length
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
7	J2EE Misconfiguration: Missing Error Handling
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
8	J2EE Misconfiguration: Entity Bean Declared Remote
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
10	ASP.NET Environment Issues
	Major	Relationships, Taxonomy_Mappings
	Minor	None
11	ASP.NET Misconfiguration: Creating Debug Binary
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
12	ASP.NET Misconfiguration: Missing Custom Error Handling
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
13	ASP.NET Misconfiguration: Password in Configuration File
	Major	Demonstrative_Examples, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
14	Compiler Removal of Code to Clear Buffers
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
15	External Control of System or Configuration Setting
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Description
16	Configuration
	Major	Relationships
	Minor	None
17	Code
	Major	Relationships
	Minor	None
18	Source Code
	Major	Relationships, Taxonomy_Mappings
	Minor	None
19	Data Handling
	Major	Relationships
	Minor	None
20	Insufficient Input Validation
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
21	Pathname Traversal and Equivalence Errors
	Major	Relationships, Taxonomy_Mappings, Type
	Minor	Applicable_Platforms
22	Path Traversal
	Major	Alternate_Terms, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
23	Relative Path Traversal
	Major	Demonstrative_Examples, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
24	Path Traversal: '../filedir'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
25	Path Traversal: '/../filedir'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
26	Path Traversal: '/dir/../filename'
	Major	Applicable_Platforms, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
27	Path Traversal: 'dir/../../filename'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
28	Path Traversal: '..\filename'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
29	Path Traversal: '\..\filename'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
30	Path Traversal: '\dir\..\filename'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
31	Path Traversal: 'dir\..\filename'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
32	Path Traversal: '...' (Triple Dot)
	Major	Maintenance_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
33	Path Traversal: '....' (Multiple Dot)
	Major	Maintenance_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
34	Path Traversal: '....//'
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
35	Path Traversal: '.../...//'
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
36	Absolute Path Traversal
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
37	Path Traversal: '/absolute/pathname/here'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
38	Path Traversal: '\absolute\pathname\here'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
39	Path Traversal: 'C:dirname'
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
41	Failure to Resolve Path Equivalence
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
42	Path Equivalence: 'filename.' (Trailing Dot)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
43	Path Equivalence: 'filename....' (Multiple Trailing Dot)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
44	Path Equivalence: 'file.name' (Internal Dot)
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
45	Path Equivalence: 'file...name' (Multiple Internal Dot)
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
46	Path Equivalence: 'filename ' (Trailing Space)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
47	Path Equivalence: ' filename (Leading Space)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
48	Path Equivalence: 'file name' (Internal Whitespace)
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
49	Path Equivalence: 'filename/' (Trailing Slash)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
50	Path Equivalence: '//multiple/leading/slash'
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
51	Path Equivalence: '/multiple//internal/slash'
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
52	Path Equivalence: '/multiple/trailing/slash//'
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
53	Path Equivalence: '\multiple\\internal\backslash'
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
54	Path Equivalence: 'filedir\' (Trailing Backslash)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
55	Path Equivalence: '/./' (Single Dot Directory)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
56	*Path Equivalence: 'filedir' (Wildcard)**
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
57	Path Equivalence: 'dirname/fakechild/../realchild/filename'
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
58	Path Equivalence: Windows 8.3 Filename
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
59	Failure to Resolve Links Before File Access (aka 'Link Following')
	Major	Alternate_Terms, Applicable_Platforms, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
60	UNIX Path Link Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
61	UNIX Symbolic Link (Symlink) Following
	Major	Observed_Examples, Other_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Applicable_Platforms, Causal_Nature
62	UNIX Hard Link
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
63	Windows Path Link Problems
	Major	Applicable_Platforms, Relationships
	Minor	None
64	Windows Shortcut Following (.LNK)
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Causal_Nature
65	Windows Hard Link
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
66	Failure to Handle File Names that Identify Virtual Resources
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
67	Failure to Handle Windows Device Names
	Major	Applicable_Platforms, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
68	Windows Virtual File Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
69	Failure to Handle Windows ::DATA Alternate Data Stream
	Major	Applicable_Platforms, Background_Details, Description, Other_Notes, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
70	Mac Virtual File Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
71	Apple '.DS_Store'
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
72	Apple HFS+ Alternate Data Stream
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
73	External Control of File Name or Path
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
74	Failure to Sanitize Data into a Different Plane (aka 'Injection')
	Major	Common_Consequences, Description, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
76	Failure to Resolve Equivalent Special Elements into a Different Plane
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
77	Failure to Sanitize Data into a Control Plane (aka 'Command Injection')
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
78	Failure to Sanitize Data into an OS Command (aka 'OS Command Injection')
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Alternate_Terms, Applicable_Platforms
79	Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))
	Major	Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, References, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
80	Failure to Sanitize Script-Related HTML Tags in a Web Page (Basic XSS)
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities, White_Box_Definitions
	Minor	Applicable_Platforms, Causal_Nature
81	Failure to Sanitize Directives in an Error Message Web Page
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
82	Failure to Sanitize Script in Attributes of IMG Tags in a Web Page
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
83	Failure to Sanitize Script in Attributes in a Web Page
	Major	Observed_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
84	Failure to Resolve Encoded URI Schemes in a Web Page
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
85	Doubled Character XSS Manipulations
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
86	Failure to Sanitize Invalid Characters in Identifiers in Web Pages
	Major	Description, Name, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
87	Failure to Sanitize Alternate XSS Syntax
	Major	Demonstrative_Examples, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
88	Argument Injection or Modification
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
89	Failure to Sanitize Data within SQL Queries (aka 'SQL Injection')
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Modes_of_Introduction, Name, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
90	Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
92	Custom Special Character Injection
	Major	Maintenance_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
93	Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
94	Code Injection
	Major	Applicable_Platforms, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
95	Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection')
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Modes_of_Introduction, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Causal_Nature
96	Insufficient Control of Directives in Statically Saved Code (Static Code Injection)
	Major	Applicable_Platforms, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
97	Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
98	Insufficient Control of Filename for Include/Require Statement in PHP Program (aka 'PHP File Inclusion')
	Major	Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
99	Insufficient Control of Resource Identifiers (aka 'Resource Injection')
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities, White_Box_Definitions
	Minor	Applicable_Platforms, Causal_Nature
100	Technology-Specific Input Validation Problems
	Major	Relationships, Time_of_Introduction
	Minor	None
101	Struts Validation Problems
	Major	Description, Relationships, Type
	Minor	Applicable_Platforms
102	Struts: Duplicate Validation Forms
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
103	Struts: Incomplete validate() Method Definition
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
104	Struts: Form Bean Does Not Extend Validation Class
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
105	Struts: Form Field Without Validator
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
106	Struts: Plug-in Framework not in Use
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
107	Struts: Unused Validation Form
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
108	Struts: Unvalidated Action Form
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
109	Struts: Validator Turned Off
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
110	Struts: Validator Without Form Field
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
111	Direct Use of Unsafe JNI
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
112	Missing XML Validation
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
113	Failure to Sanitize CRLF Sequences in HTTP Headers (aka 'HTTP Response Splitting')
	Major	Demonstrative_Examples, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
114	Process Control
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
115	Misinterpretation of Input
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
116	Insufficient Output Sanitization
	Major	Demonstrative_Examples, Name, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
117	Incorrect Output Sanitization for Logs
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
118	Improper Access of Indexable Resource (aka 'Range Error')
	Major	Description, Name, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
119	Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
120	Unbounded Transfer ('Classic Buffer Overflow')
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
121	Stack-based Buffer Overflow
	Major	Alternate_Terms, Applicable_Platforms, Background_Details, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature, Likelihood_of_Exploit
122	Heap-based Buffer Overflow
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
123	Write-what-where Condition
	Major	Applicable_Platforms, Common_Consequences, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
124	Boundary Beginning Violation ('Buffer Underwrite')
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
125	Out-of-bounds Read
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
126	Buffer Over-read
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
127	Buffer Under-read
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
128	Wrap-around Error
	Major	Applicable_Platforms, Background_Details, Common_Consequences, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
129	Unchecked Array Indexing
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
130	Failure to Handle Length Parameter Inconsistency
	Major	Applicable_Platforms, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Causal_Nature
131	Incorrect Calculation of Buffer Size
	Major	Applicable_Platforms, Maintenance_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	None
132	DEPRECATED (Duplicate): Miscalculated Null Termination
	Major	Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships, Type
	Minor	Weakness_Ordinalities
133	String Errors
	Major	Relationships
	Minor	None
134	Uncontrolled Format String
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature, Functional_Areas, White_Box_Definitions
135	Incorrect Calculation of Multi-Byte String Length
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
136	Type Errors
	Major	Relationships
	Minor	None
137	Representation Errors
	Major	Relationships
	Minor	None
138	Failure to Sanitize Special Elements
	Major	Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
139	DEPRECATED: General Special Element Problems
	Major	Applicable_Platforms, Description, Functional_Areas, Name, Potential_Mitigations, Relationships, Type
	Minor	None
140	Failure to Sanitize Delimiters
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
141	Failure to Sanitize Parameter/Argument Delimiters
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
142	Failure to Sanitize Value Delimiters
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
143	Failure to Sanitize Record Delimiters
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
144	Failure to Sanitize Line Delimiters
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
145	Failure to Sanitize Section Delimiters
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
146	Failure to Sanitize Expression/Command Delimiters
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
147	Failure to Sanitize Input Terminators
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
148	Failure to Sanitize Input Leaders
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
149	Failure to Sanitize Quoting Syntax
	Major	Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
150	Failure to Sanitize Escape, Meta, or Control Sequences
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
151	Failure to Sanitize Comment Element
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
152	Failure to Sanitize Macro Symbol
	Major	Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
153	Failure to Sanitize Substitution Character
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
154	Failure to Sanitize Variable Name Delimiter
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
155	Failure to Sanitize Wildcard or Matching Symbol
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
156	Failure to Sanitize Whitespace
	Major	Description, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
157	Failure to Sanitize Paired Delimiters
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
158	Failure to Sanitize Null Byte or NUL Character
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
159	Failure to Sanitize Special Element
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
160	Failure to Sanitize Leading Special Element
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
161	Failure to Sanitize Multiple Leading Special Elements
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
162	Failure to Sanitize Trailing Special Element
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
163	Failure to Sanitize Multiple Trailing Special Elements
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
164	Failure to Sanitize Internal Special Element
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
165	Failure to Sanitize Multiple Internal Special Elements
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
166	Failure to Handle Missing Special Element
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
167	Failure to Handle Additional Special Element
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
168	Failure to Resolve Inconsistent Special Elements
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
169	Technology-Specific Special Elements
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
170	Improper Null Termination
	Major	Applicable_Platforms, Causal_Nature, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	White_Box_Definitions
171	Cleansing, Canonicalization, and Comparison Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
172	Encoding Error
	Major	Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
173	Failure to Handle Alternate Encoding
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
174	Double Decoding of the Same Data
	Major	Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
175	Failure to Handle Mixed Encoding
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
176	Failure to Handle Unicode Encoding
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
177	Failure to Handle URL Encoding (Hex Encoding)
	Major	Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
178	Failure to Resolve Case Sensitivity
	Major	Demonstrative_Examples, Description, Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
179	Incorrect Behavior Order: Early Validation
	Major	Modes_of_Introduction, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
181	Incorrect Behavior Order: Validate Before Filter
	Major	Functional_Areas, Potential_Mitigations, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Alternate_Terms, Applicable_Platforms
182	Collapse of Data Into Unsafe Value
	Major	Description, Potential_Mitigations, Relationship_Notes, Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
183	Permissive Whitelist
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
184	Incomplete Blacklist
	Major	Demonstrative_Examples, Detection_Factors, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
185	Incorrect Regular Expression
	Major	Description, Name, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
186	Overly Restrictive Regular Expression
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
187	Partial Comparison
	Major	Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
188	Reliance on Data/Memory Layout
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
189	Numeric Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
190	Integer Overflow (Wrap or Wraparound)
	Major	Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Terminology_Notes
	Minor	None
191	Integer Underflow (Wrap or Wraparound)
	Major	Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings
	Minor	None
192	Integer Coercion Error
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
193	Off-by-one Error
	Major	Alternate_Terms, Common_Consequences, Observed_Examples, Relationship_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
194	Incorrect Sign Extension
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
	Minor	None
195	Signed to Unsigned Conversion Error
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings
	Minor	None
196	Unsigned to Signed Conversion Error
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
197	Numeric Truncation Error
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings
	Minor	None
198	Use of Incorrect Byte Ordering
	Major	Detection_Factors, Relationships, Research_Gaps, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
199	Information Management Errors
	Major	Relationships
	Minor	Applicable_Platforms
200	Information Leak (Information Disclosure)
	Major	Likelihood_of_Exploit, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
201	Information Leak Through Sent Data
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
202	Privacy Leak through Data Queries
	Major	Common_Consequences, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
203	Discrepancy Information Leaks
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
204	Response Discrepancy Information Leak
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
205	Behavioral Discrepancy Information Leak
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
206	Internal Behavioral Inconsistency Information Leak
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
207	External Behavioral Inconsistency Information Leak
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
208	Timing Discrepancy Information Leak
	Major	Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
209	Error Message Information Leaks
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
210	Product-Generated Error Message Information Leak
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
211	Product-External Error Message Information Leak
	Major	Applicable_Platforms, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
212	Cross-boundary Cleansing Information Leak
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
213	Intended Information Leak
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
214	Process Environment Information Leak
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
215	Information Leak Through Debug Information
	Major	Demonstrative_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
216	Containment Errors (Container Errors)
	Major	Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
217	Failure to Protect Stored Data from Modification
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
218	DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
	Major	Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Potential_Mitigations, Relationships, Type
	Minor	None
219	Sensitive Data Under Web Root
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
220	Sensitive Data Under FTP Root
	Major	Background_Details, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
221	Information Loss or Omission
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
222	Truncation of Security-relevant Information
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
223	Omission of Security-relevant Information
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
224	Obscured Security-relevant Information by Alternate Name
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
225	DEPRECATED (Duplicate): General Information Management Problems
	Major	Relationships
	Minor	None
226	Sensitive Information Uncleared Before Release
	Major	Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature, Functional_Areas
227	Failure to Fulfill API Contract (aka 'API Abuse')
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms
228	Failure to Handle Syntactically Invalid Structure
	Major	Description, Maintenance_Notes, Name, Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
229	Improper Handling of Values
	Major	Relationships, Time_of_Introduction
	Minor	None
230	Failure to Handle Missing Value
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
231	Failure to Handle Extra Value
	Major	Modes_of_Introduction, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
232	Failure to Handle Undefined Value
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
233	Parameter Problems
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
234	Failure to Handle Missing Parameter
	Major	Common_Consequences, Demonstrative_Examples, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
235	Failure to Handle Extra Parameter
	Major	Modes_of_Introduction, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
236	Failure to Handle Undefined Parameter
	Major	Observed_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
237	Element Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	None
238	Failure to Handle Missing Element
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
239	Failure to Handle Incomplete Element
	Major	Observed_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
240	Failure to Resolve Inconsistent Elements
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
241	Failure to Handle Wrong Data Type
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
242	Use of Inherently Dangerous Function
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Type, Weakness_Ordinalities
	Minor	Causal_Nature
243	Failure to Change Working Directory in chroot Jail
	Major	Applicable_Platforms, Background_Details, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Causal_Nature
244	Failure to Clear Heap Memory Before Release (aka 'Heap Inspection')
	Major	Applicable_Platforms, Demonstrative_Examples, Name, Other_Notes, Relationships, Taxonomy_Mappings, White_Box_Definitions
	Minor	None
245	J2EE Bad Practices: Direct Management of Connections
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
246	J2EE Bad Practices: Direct Use of Sockets
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
247	Reliance on DNS Lookups in a Security Decision
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
248	Uncaught Exception
	Major	Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
249	Often Misused: Path Manipulation
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
250	Design Principle Violation: Failure to Use Least Privilege
	Major	Description, Modes_of_Introduction, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
251	Often Misused: String Management
	Major	Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings, White_Box_Definitions
	Minor	None
252	Unchecked Return Value
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
253	Misinterpreted Function Return Value
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
254	Security Features
	Major	Relationships, Taxonomy_Mappings
	Minor	None
255	Credentials Management
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
256	Plaintext Storage of a Password
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
257	Storing Passwords in a Recoverable Format
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
258	Empty Password in Configuration File
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
259	Hard-Coded Password
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities, White_Box_Definitions
	Minor	Applicable_Platforms, Causal_Nature
260	Password in Configuration File
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
261	Weak Cryptography for Passwords
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
262	Not Using Password Aging
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
263	Password Aging with Long Expiration
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
264	Permissions, Privileges, and Access Controls
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
265	Privilege / Sandbox Issues
	Major	Description, Relationship_Notes, Relationships, Taxonomy_Mappings, Theoretical_Notes
	Minor	None
266	Incorrect Privilege Assignment
	Major	Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
267	Privilege Defined With Unsafe Actions
	Major	Description, Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
268	Privilege Chaining
	Major	Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
269	Insecure Privilege Management
	Major	Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
270	Privilege Context Switching Error
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
271	Privilege Dropping / Lowering Errors
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
272	Least Privilege Violation
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
273	Failure to Check Whether Privileges Were Dropped Successfully
	Major	Common_Consequences, Demonstrative_Examples, Description, Modes_of_Introduction, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
274	Failure to Handle Insufficient Privileges
	Major	Description, Maintenance_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
275	Permission Issues
	Major	Relationships, Taxonomy_Mappings
	Minor	None
276	Insecure Default Permissions
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
277	Insecure Inherited Permissions
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
278	Insecure Preserved Inherited Permissions
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
279	Insecure Execution-assigned Permissions
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
280	Failure to Handle Insufficient Permissions or Privileges
	Major	Maintenance_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
281	Permission Preservation Failure
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
282	Improper Ownership Management
	Major	Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
283	Unverified Ownership
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
284	Access Control (Authorization) Issues
	Major	Alternate_Terms, Background_Details, Description, Maintenance_Notes, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
285	Missing or Inconsistent Access Control
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
286	Incorrect User Management
	Major	Description, Maintenance_Notes, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
287	Insufficient Authentication
	Major	Alternate_Terms, Common_Consequences, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
288	Authentication Bypass Using an Alternate Path or Channel
	Major	Description, Modes_of_Introduction, Name, Observed_Examples, Relationship_Notes, Relationships, Taxonomy_Mappings, Type
	Minor	Applicable_Platforms
289	Authentication Bypass by Alternate Name
	Major	Description, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
290	Authentication Bypass by Spoofing
	Major	Demonstrative_Examples, Description, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
291	Trusting Self-reported IP Address
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
292	Trusting Self-reported DNS Name
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
293	Using Referer Field for Authentication
	Major	Alternate_Terms, Background_Details, Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Relationships, Relevant_Properties, Taxonomy_Mappings
	Minor	Applicable_Platforms
294	Authentication Bypass by Capture-replay
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
295	Certificate Issues
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
296	Failure to Follow Chain of Trust in Certificate Validation
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
297	Failure to Validate Host-specific Certificate Data
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
298	Failure to Validate Certificate Expiration
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
299	Failure to Check for Certificate Revocation
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
300	Channel Accessible by Non-Endpoint (aka 'Man-in-the-Middle')
	Major	Demonstrative_Examples, Description, Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
301	Reflection Attack in an Authentication Protocol
	Major	Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
302	Authentication Bypass by Assumed-Immutable Data
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
303	Improper Implementation of Authentication Algorithm
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
304	Missing Critical Step in Authentication
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
305	Authentication Bypass by Primary Weakness
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
306	No Authentication for Critical Function
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
307	Failure to Restrict Excessive Authentication Attempts
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
308	Use of Single-factor Authentication
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
309	Use of Password System for Primary Authentication
	Major	Background_Details, Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
310	Cryptographic Issues
	Major	Maintenance_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
311	Failure to Encrypt Sensitive Data
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
312	Plaintext Storage of Sensitive Information
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
313	Plaintext Storage in a File or on Disk
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
314	Plaintext Storage in the Registry
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
315	Plaintext Storage in a Cookie
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
316	Plaintext Storage in Memory
	Major	Description, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
317	Plaintext Storage in GUI
	Major	Applicable_Platforms, Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
318	Plaintext Storage in Executable
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
319	Plaintext Transmission of Sensitive Information
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
320	Key Management Errors
	Major	Maintenance_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
321	Use of Hard-coded Cryptographic Key
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms, Description
322	Key Exchange without Entity Authentication
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
323	Reusing a Nonce, Key Pair in Encryption
	Major	Background_Details, Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
324	Use of a Key Past its Expiration Date
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
325	Missing Required Cryptographic Step
	Major	Description, Functional_Areas, Modes_of_Introduction, Observed_Examples, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
326	Weak Encryption
	Major	Maintenance_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Background_Details, Common_Consequences, Demonstrative_Examples, Description, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
328	Reversible One-Way Hash
	Major	Observed_Examples, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
329	Not Using a Random IV with CBC Mode
	Major	Background_Details, Common_Consequences, Demonstrative_Examples, Functional_Areas, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
330	Use of Insufficiently Random Values
	Major	Background_Details, Demonstrative_Examples, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Functional_Areas
331	Insufficient Entropy
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
332	Insufficient Entropy in PRNG
	Major	Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
333	Failure to Handle Insufficient Entropy in TRNG
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
334	Small Space of Random Values
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
335	PRNG Seed Error
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
336	Same Seed in PRNG
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
337	Predictable Seed in PRNG
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
338	Use of Cryptographically Weak PRNG
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
339	Small Seed Space in PRNG
	Major	Maintenance_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
340	Predictability Problems
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
341	Predictable from Observable State
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
342	Predictable Exact Value from Previous Values
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
343	Predictable Value Range from Previous Values
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
344	Use of Invariant Value in Dynamically Changing Context
	Major	Other_Notes, Relationship_Notes, Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
345	Insufficient Verification of Data Authenticity
	Major	Maintenance_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
346	Origin Validation Error
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
347	Improperly Verified Signature
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
348	Use of Less Trusted Source
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
349	Acceptance of Extraneous Untrusted Data With Trusted Data
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
350	Improperly Trusted Reverse DNS
	Major	Demonstrative_Examples, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
351	Insufficient Type Distinction
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
352	Cross-Site Request Forgery (CSRF)
	Major	Alternate_Terms, Description, Other_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
353	Failure to Add Integrity Check Value
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
354	Failure to Check Integrity Check Value
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
355	User Interface Security Issues
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
356	Product UI does not Warn User of Unsafe Actions
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
357	Insufficient UI Warning of Dangerous Operations
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
358	Improperly Implemented Security Check for Standard
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
359	Privacy Violation
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
360	Trust of System Event Data
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
361	Time and State
	Major	Relationships, Taxonomy_Mappings
	Minor	None
362	Race Condition
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
363	Race Condition Enabling Link Following
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
364	Signal Handler Race Condition
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
365	Race Condition in Switch
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
366	Race Condition within a Thread
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
367	Time-of-check Time-of-use Race Condition
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Applicable_Platforms
368	Context Switching Race Condition
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
369	Divide By Zero
	Major	Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
370	Race Condition in Checking for Certificate Revocation
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
371	State Issues
	Major	Relationships
	Minor	None
372	Incomplete Internal State Distinction
	Major	Maintenance_Notes, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
373	State Synchronization Error
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
374	Mutable Objects Passed by Reference
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
375	Passing Mutable Objects to an Untrusted Method
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
376	Temporary File Issues
	Major	Relationships
	Minor	None
377	Insecure Temporary File
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
378	Creation of Temporary File With Insecure Permissions
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
379	Creation of Temporary File in Directory with Insecure Permissions
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
380	Technology-Specific Time and State Issues
	Major	Relationships
	Minor	None
381	J2EE Time and State Issues
	Major	Relationships
	Minor	None
382	J2EE Bad Practices: Use of System.exit()
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
383	J2EE Bad Practices: Direct Use of Threads
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
384	Session Fixation
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
385	Covert Timing Channel
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
386	Symbolic Name not Mapping to Correct Object
	Major	Common_Consequences, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
387	Signal Errors
	Major	Applicable_Platforms, Description, Maintenance_Notes, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Type
	Minor	None
388	Error Handling
	Major	Common_Consequences, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
	Minor	None
389	Error Conditions, Return Values, Status Codes
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
390	Detection of Error Condition Without Action
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
391	Unchecked Error Condition
	Major	Demonstrative_Examples, Maintenance_Notes, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Applicable_Platforms
392	Failure to Report Error in Status Code
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
393	Return of Wrong Status Code
	Major	Demonstrative_Examples, Maintenance_Notes, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
394	Unexpected Status Code or Return Value
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
396	Declaration of Catch for Generic Exception
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
397	Declaration of Throws for Generic Exception
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
398	Indicator of Poor Code Quality
	Major	Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
399	Resource Management Errors
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
400	Resource Exhaustion
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms, Likelihood_of_Exploit
401	Failure to Release Memory Before Removing Last Reference (aka 'Memory Leak')
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, References, Relationship_Notes, Relationships, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction
	Minor	White_Box_Definitions
402	Transmission of Private Resources into a New Sphere (aka 'Resource Leak')
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
403	UNIX File Descriptor Leak
	Major	Applicable_Platforms, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
405	Asymmetric Resource Consumption (Amplification)
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
406	Network Amplification
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
407	Algorithmic Complexity
	Major	Common_Consequences, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
408	Incorrect Behavior Order: Early Amplification
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
409	Failure to Handle Highly Compressed Data (Data Amplification)
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
410	Insufficient Resource Pool
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
411	Resource Locking Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	None
412	Unrestricted Lock on Critical Resource
	Major	Common_Consequences, Description, Detection_Factors, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
413	Insufficient Resource Locking
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
414	Missing Lock Check
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
415	Double Free
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Alternate_Terms
416	Use After Free
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Alternate_Terms
417	Channel and Path Errors
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
418	Channel Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
419	Unprotected Primary Channel
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
420	Unprotected Alternate Channel
	Major	Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
421	Race Condition During Access to Alternate Channel
	Major	Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
422	Unprotected Windows Messaging Channel ('Shatter')
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
423	Proxied Trusted Channel
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
424	Failure to Protect Alternate Path
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
425	Direct Request ('Forced Browsing')
	Major	Alternate_Terms, Demonstrative_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Taxonomy_Mappings, Theoretical_Notes, Time_of_Introduction
	Minor	Applicable_Platforms
426	Untrusted Search Path
	Major	Common_Consequences, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
427	Uncontrolled Search Path Element
	Major	Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
428	Unquoted Search Path or Element
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
429	Handler Errors
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	None
430	Deployment of Wrong Handler
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
431	Missing Handler
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
432	Dangerous Handler not Disabled During Sensitive Operations
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
433	Unparsed Raw Web Content Delivery
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
434	Unrestricted File Upload
	Major	Alternate_Terms, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
435	Interaction Error
	Major	Relationship_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
436	Interpretation Conflict
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
437	Incomplete Model of Endpoint Features
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
438	Behavioral Problems
	Major	Relationships, Taxonomy_Mappings
	Minor	None
439	Behavioral Change in New Version or Environment
	Major	Observed_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
440	Expected Behavior Violation
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
441	Unintended Proxy/Intermediary
	Major	Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
442	Web Problems
	Major	Description, Relationships, Taxonomy_Mappings
	Minor	None
443	DEPRECATED (Duplicate): HTTP response splitting
	Major	Relationships
	Minor	None
444	Inconsistent Interpretation of HTTP Requests (aka 'HTTP Request Smuggling')
	Major	Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
445	User Interface Errors
	Major	Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
446	UI Discrepancy for Security Feature
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
447	Unimplemented or Unsupported Feature in UI
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
448	Obsolete Feature in UI
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
449	The UI Performs the Wrong Action
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
450	Multiple Interpretations of UI Input
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
451	UI Misrepresentation of Critical Information
	Major	Maintenance_Notes, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
452	Initialization and Cleanup Errors
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
453	Insecure Default Variable Initialization
	Major	Applicable_Platforms, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
454	External Initialization of Trusted Variables
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
455	Non-exit on Failed Initialization
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
456	Missing Initialization
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
457	Use of Uninitialized Variable
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
458	DEPRECATED: Incorrect Initialization
	Major	Relationships
	Minor	None
459	Incomplete Cleanup
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
460	Improper Cleanup on Thrown Exception
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
461	Data Structure Issues
	Major	Relationships
	Minor	None
462	Duplicate Key in Associative List (Alist)
	Major	Applicable_Platforms, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
463	Deletion of Data Structure Sentinel
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
464	Addition of Data Structure Sentinel
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
465	Pointer Issues
	Major	Relationships
	Minor	None
466	Return of Pointer Value Outside of Expected Range
	Major	Applicable_Platforms, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
467	Use of sizeof() on a Pointer Type
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities, White_Box_Definitions
	Minor	None
468	Incorrect Pointer Scaling
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Applicable_Platforms, Common_Consequences, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
470	Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection')
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Applicable_Platforms
471	Modification of Assumed-Immutable Data (MAID)
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
472	External Control of Assumed-Immutable Web Parameter
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
473	PHP External Variable Modification
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
474	Use of Function with Inconsistent Implementations
	Major	Applicable_Platforms, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
475	Undefined Behavior for Input to API
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
476	NULL Pointer Dereference
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
477	Use of Obsolete Functions
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
478	Failure to Use Default Case in Switch
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
479	Unsafe Function Call from a Signal Handler
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
480	Use of Incorrect Operator
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
481	Assigning instead of Comparing
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
482	Comparing instead of Assigning
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
483	Incorrect Block Delimitation
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
484	Omitted Break Statement
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
485	Insufficient Encapsulation
	Major	Description, Maintenance_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction
	Minor	None
486	Comparison of Classes by Name
	Major	Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Relevant_Properties, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
487	Reliance on Package-level Scope
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
488	Data Leak Between Sessions
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
489	Leftover Debug Code
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	Applicable_Platforms
490	Mobile Code Issues
	Major	Relationships
	Minor	None
491	Public cloneable() Method Without Final (aka 'Object Hijack')
	Major	Demonstrative_Examples, Potential_Mitigations, References, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
492	Use of Inner Class Containing Sensitive Data
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
493	Critical Public Variable Without Final Modifier
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
494	Download of Untrusted Mobile Code Without Integrity Check
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
495	Private Array-Typed Field Returned From A Public Method
	Major	Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
496	Public Data Assigned to Private Array-Typed Field
	Major	Applicable_Platforms, Demonstrative_Examples, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
497	Information Leak of System Data
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
498	Information Leak through Class Cloning
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
499	Serializable Class Containing Sensitive Data
	Major	Common_Consequences, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
500	Static Field Not Marked Final
	Major	Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, White_Box_Definitions
	Minor	None
501	Trust Boundary Violation
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
502	Deserialization of Untrusted Data
	Major	Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
503	Byte/Object Code
	Major	Relationships, Taxonomy_Mappings
	Minor	None
504	Motivation/Intent
	Major	Relationships, Taxonomy_Mappings
	Minor	None
505	Intentionally Introduced Weakness
	Major	Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
	Minor	None
506	Embedded Malicious Code
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
507	Trojan Horse
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
508	Non-Replicating Malicious Code
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
509	Replicating Malicious Code (Virus or Worm)
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
510	Trapdoor
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
511	Logic/Time Bomb
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
512	Spyware
	Major	Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
513	Intentionally Introduced Nonmalicious Weakness
	Major	Relationships, Taxonomy_Mappings
	Minor	None
514	Covert Channel
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
515	Covert Storage Channel
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
516	DEPRECATED (Duplicate): Covert Timing Channel
	Major	Relationships
	Minor	None
517	Other Intentional, Nonmalicious Weakness
	Major	Relationships, Taxonomy_Mappings
	Minor	None
518	Inadvertently Introduced Weakness
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
519	.NET Environment Issues
	Major	Relationships
	Minor	None
520	.NET Misconfiguration: Use of Impersonation
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
521	Weak Password Requirements
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
522	Insufficiently Protected Credentials
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
523	Unprotected Transport of Credentials
	Major	Background_Details, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
524	Information Leak Through Caching
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
525	Information Leak Through Browser Caching
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
526	Information Leak Through Environmental Variables
	Major	Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
527	Information Leak Through CVS Repository
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
528	Information Leak Through Core Dump Files
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
529	Information Leak Through Access Control List Files
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
530	Information Leak Through Backup (.~bk) Files
	Major	Common_Consequences, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
531	Information Leak Through Test Code
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
532	Information Leak Through Log Files
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
533	Information Leak Through Server Log Files
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
534	Information Leak Through Debug Log Files
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
535	Information Leak Through Shell Error Message
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
536	Information Leak Through Servlet Runtime Error Message
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
537	Information Leak Through Java Runtime Error Message
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
538	File and Directory Information Leaks
	Major	Potential_Mitigations, Relationships, Time_of_Introduction, Type
	Minor	Applicable_Platforms
539	Information Leak Through Persistent Cookies
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
540	Information Leak Through Source Code
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
541	Information Leak Through Include Source Code
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
542	Information Leak Through Cleanup Log Files
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
543	Use of Singleton Pattern in a Non-thread-safe Manner
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
544	Missing Error Handling Mechanism
	Major	Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
545	Use of Dynamic Class Loading
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
546	Suspicious Comment
	Major	Demonstrative_Examples, Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
547	Use of Hard-coded, Security-relevant Constants
	Major	Demonstrative_Examples, Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
548	Information Leak Through Directory Listing
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
549	Missing Password Field Masking
	Major	Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
550	Information Leak Through Server Error Message
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	None
552	Files or Directories Accessible to External Parties
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
553	Command Shell in Externally Accessible Directory
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
554	ASP.NET Misconfiguration: Not Using Input Validation Framework
	Major	Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	Applicable_Platforms
555	J2EE Misconfiguration: Plaintext Password in Configuration File
	Major	Demonstrative_Examples, Description, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
556	ASP.NET Misconfiguration: Use of Identity Impersonation
	Major	Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
557	Concurrency Issues
	Major	Relationships
	Minor	None
558	Use of getlogin() in Multithreaded Application
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
559	Often Misused: Arguments and Parameters
	Major	Other_Notes, Relationships
	Minor	None
560	Use of umask() with chmod-style Argument
	Major	Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
561	Dead Code
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
562	Return of Stack Variable Address
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
563	Unused Variable
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
564	SQL Injection: Hibernate
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
565	Use of Cookies in Security Decision
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
566	Access Control Bypass Through User-Controlled SQL Primary Key
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
567	Unsynchronized Access to Shared Data
	Major	Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
568	finalize() Method Without super.finalize()
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
569	Expression Issues
	Major	Relationships
	Minor	None
570	Expression is Always False
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
571	Expression is Always True
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
572	Call to Thread run() instead of start()
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
573	Failure to Follow Specification
	Major	Description, Relationships, Time_of_Introduction
	Minor	None
574	EJB Bad Practices: Use of Synchronization Primitives
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
575	EJB Bad Practices: Use of AWT Swing
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
576	EJB Bad Practices: Use of Java I/O
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
577	EJB Bad Practices: Use of Sockets
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
578	EJB Bad Practices: Use of Class Loader
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
579	J2EE Bad Practices: Non-serializable Object Stored in Session
	Major	Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
580	clone() Method Without super.clone()
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
581	Object Model Violation: Just One of Equals and Hashcode Defined
	Major	Common_Consequences, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
582	Array Declared Public, Final, and Static
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
583	finalize() Method Declared Public
	Major	Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
584	Return Inside Finally Block
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
585	Empty Synchronized Block
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
586	Explicit Call to Finalize()
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms, Name
587	Assignment of a Fixed Address to a Pointer
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities, White_Box_Definitions
	Minor	None
588	Attempt to Access Child of a Non-structure Pointer
	Major	Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction
	Minor	None
589	Call to Non-ubiquitous API
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	None
590	Free of Invalid Pointer Not on the Heap
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
591	Sensitive Data Storage in Improperly Locked Memory
	Major	Common_Consequences, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
592	Authentication Bypass Issues
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
594	J2EE Framework: Saving Unserializable Objects to Disk
	Major	Common_Consequences, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
595	Incorrect Syntactic Object Comparison
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction
	Minor	None
596	Incorrect Semantic Object Comparison
	Major	Demonstrative_Examples, Description, Detection_Factors, Relationships, Time_of_Introduction
	Minor	None
597	Use of Wrong Operator in String Comparison
	Major	Demonstrative_Examples, Description, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
598	Information Leak Through Query Strings in GET Request
	Major	Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
599	Trust of OpenSSL Certificate Without Validation
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
600	Failure to Catch All Exceptions (Missing Catch Block)
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
601	URL Redirection to Untrusted Site (aka 'Open Redirect')
	Major	Alternate_Terms, Background_Details, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
602	Design Principle Violation: Client-Side Enforcement of Server-Side Security
	Major	Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
603	Use of Client-Side Authentication
	Major	Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
604	Deprecated
	Major	Relationships, View_Structure
	Minor	None
605	Multiple Binds to the Same Port
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
606	Unchecked Input for Loop Condition
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
	Minor	None
607	Public Static Final Field References Mutable Object
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
608	Struts: Non-private Field in ActionForm Class
	Major	Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
609	Double-Checked Locking
	Major	Demonstrative_Examples, Description, Relationships, Taxonomy_Mappings
	Minor	Applicable_Platforms
610	Externally Controlled Reference to a Resource in Another Sphere
	Major	Other_Notes, Relationships, Taxonomy_Mappings
	Minor	None
611	Information Leak Through XML External Entity File Disclosure
	Major	Description, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
612	Information Leak Through Indexing of Private Data
	Major	Description, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
613	Insufficient Session Expiration
	Major	Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
614	Sensitive Cookie in HTTPS Session Without "Secure" Attribute
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
615	Information Leak Through Comments
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	None
616	Incomplete Identification of Uploaded File Variables (PHP)
	Major	Demonstrative_Examples, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms
617	Reachable Assertion
	Major	Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
618	Exposed Unsafe ActiveX Method
	Major	Observed_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
619	Dangling Database Cursor (aka 'Cursor Injection')
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
620	Unverified Password Change
	Major	Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
621	Variable Extraction Error
	Major	Description, Observed_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Applicable_Platforms
622	Unvalidated Function Hook Arguments
	Major	Description, Observed_Examples, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
623	Unsafe ActiveX Control Marked Safe For Scripting
	Major	Description, Observed_Examples, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
624	Executable Regular Expression Error
	Major	Applicable_Platforms, Observed_Examples, Relationships, Time_of_Introduction
	Minor	None
625	Permissive Regular Expression
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
626	Null Byte Interaction Error (Poison Null Byte)
	Major	Applicable_Platforms, Description, Observed_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	None
627	Dynamic Variable Evaluation
	Major	Applicable_Platforms, Relationships, Time_of_Introduction
	Minor	Alternate_Terms
628	Function Call with Incorrectly Specified Arguments
	Major	Description, Other_Notes, Relationships, Weakness_Ordinalities
	Minor	Applicable_Platforms
629	Weaknesses in OWASP Top Ten (2007)
	Major	Description, Name, References, Relationship_Notes, Relationships, View_Audience, View_Structure
	Minor	None
630	Weaknesses Examined by SAMATE
	Major	References, Relationships, View_Structure
	Minor	None
631	Resource-specific Weaknesses
	Major	Relationships, View_Structure
	Minor	None
632	Weaknesses that Affect Files or Directories
	Major	Relationships
	Minor	None
633	Weaknesses that Affect Memory
	Major	Relationships
	Minor	None
634	Weaknesses that Affect System Processes
	Major	Relationships
	Minor	None
635	Weaknesses Used by NVD
	Major	Maintenance_Notes, References, Relationships, View_Structure
	Minor	None
636	Design Principle Violation: Not Failing Securely (aka 'Failing Open')
	Major	Common_Consequences, Demonstrative_Examples, Description, Name, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Applicable_Platforms, Causal_Nature
637	Design Principle Violation: Not Using Economy of Mechanism
	Major	Demonstrative_Examples, Description, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Applicable_Platforms, Causal_Nature
638	Design Principle Violation: Not Using Complete Mediation
	Major	Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
639	Access Control Bypass Through User-Controlled Key
	Major	Common_Consequences, Relationships, Type
	Minor	Applicable_Platforms
640	Weak Password Recovery Mechanism for Forgotten Password
	Major	Common_Consequences, Description, Maintenance_Notes, Name, Relationships
	Minor	Applicable_Platforms
641	Insufficient Filtering of File and Other Resource Names for Executable Content
	Major	Common_Consequences, Relationships
	Minor	Applicable_Platforms
642	External Control of User State Data
	Major	Common_Consequences, Demonstrative_Examples, Relationships
	Minor	Applicable_Platforms
643	Unsafe Treatment of XPath Input
	Major	Common_Consequences, Demonstrative_Examples, Relationships
	Minor	Applicable_Platforms
644	Insufficient Filtering of HTTP Headers for Scripting Syntax
	Major	Common_Consequences, Demonstrative_Examples, Observed_Examples, Relationships
	Minor	Applicable_Platforms
645	Overly Restrictive Account Lockout Mechanism
	Major	Common_Consequences, Enabling_Factors_for_Exploitation, Relationships
	Minor	Applicable_Platforms
646	Taking Actions based on File Name or Extension of a User Supplied File
	Major	Common_Consequences, Observed_Examples, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
647	Using Non-Canonical Paths for Authorization Decisions
	Major	Common_Consequences, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
648	Improper Use of Privileged APIs
	Major	Common_Consequences, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
	Major	Common_Consequences, Observed_Examples, Relationships
	Minor	Applicable_Platforms
650	Trusting HTTP Permission Methods on the Server Side
	Major	Common_Consequences, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
651	Information Leak through WSDL File
	Major	Applicable_Platforms, Common_Consequences, Description, Relationships, Time_of_Introduction
	Minor	None
652	Unsafe Treatment of XQuery Input
	Major	Common_Consequences, Relationships
	Minor	Applicable_Platforms
653	Design Principle Violation: Insufficient Compartmentalization
	Major	Alternate_Terms, Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
654	Design Principle Violation: Reliance on a Single Factor in a Security Decision
	Major	Alternate_Terms, Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
655	Design Principle Violation: Failure to Satisfy Psychological Acceptability
	Major	Common_Consequences, Demonstrative_Examples, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Applicable_Platforms, Causal_Nature
656	Design Principle Violation: Reliance on Security through Obscurity
	Major	Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction, Weakness_Ordinalities
	Minor	Alternate_Terms, Applicable_Platforms, Causal_Nature
657	Violation of Secure Design Principles
	Major	Description, Relationships, Time_of_Introduction
	Minor	None
658	Weaknesses in Software Written in C
	Major	Description, Name, View_Filter, View_Structure
	Minor	None
659	Weaknesses in Software Written in C++
	Major	Description, Name, View_Filter, View_Structure
	Minor	None
660	Weaknesses in Software Written in Java
	Major	Description, Name, View_Filter, View_Structure
	Minor	None
661	Weaknesses in Software Written in PHP
	Major	Description, Name, View_Filter, View_Structure
	Minor	None
662	Insufficient Synchronization
	Major	Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
663	Use of a Non-reentrant Function in an Unsynchronized Context
	Major	Potential_Mitigations, References, Relationships, Time_of_Introduction
	Minor	None
664	Insufficient Control of a Resource Through its Lifetime
	Major	Description, Maintenance_Notes, Potential_Mitigations, Relationships, Time_of_Introduction, Type
	Minor	None
665	Incorrect or Incomplete Initialization
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Applicable_Platforms
666	Operation on Resource in Wrong Phase of Lifetime
	Major	Description, Potential_Mitigations, Time_of_Introduction
	Minor	None
667	Insufficient Locking
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
668	Exposure of Resource to Wrong Sphere
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	None
669	Incorrect Resource Transfer Between Spheres
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	None
670	Always-Incorrect Control Flow Implementation
	Major	Description, Other_Notes, Relationships, Time_of_Introduction
	Minor	None
671	Design Principle Violation: Lack of Administrator Control over Security
	Major	Description, Relationships, Time_of_Introduction
	Minor	None
672	Use of a Resource after Expiration or Release
	Major	Relationships, Time_of_Introduction
	Minor	None
673	External Influence of Sphere Definition
	Major	Demonstrative_Examples, Description, Other_Notes, Relationships, Time_of_Introduction
	Minor	None
674	Uncontrolled Recursion
	Major	Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction
	Minor	Alternate_Terms, Applicable_Platforms
675	Duplicate Operations on Resource
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
676	Use of Potentially Dangerous Function
	Major	Applicable_Platforms, Demonstrative_Examples, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Weakness_Ordinalities
	Minor	Causal_Nature
677	Weakness Base Elements
	Major	View_Filter, View_Structure
	Minor	None
678	Composites
	Major	Description, View_Filter, View_Structure
	Minor	None
679	Chain Elements
	Major	View_Filter, View_Structure
	Minor	None
680	Integer Overflow to Buffer Overflow
	Major	Relationships
	Minor	Applicable_Platforms
681	Incorrect Conversion between Numeric Types
	Major	Demonstrative_Examples, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
682	Incorrect Calculation
	Major	Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
683	Function Call With Incorrect Order of Arguments
	Major	Demonstrative_Examples, Description, Other_Notes, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
684	Failure to Provide Specified Functionality
	Major	Description, Potential_Mitigations, Relationships, Time_of_Introduction
	Minor	None
685	Function Call With Incorrect Number of Arguments
	Major	Applicable_Platforms, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
686	Function Call With Incorrect Argument Type
	Major	Description, Other_Notes, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
687	Function Call With Incorrectly Specified Argument Value
	Major	Demonstrative_Examples, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
688	Function Call With Incorrect Variable or Reference as Argument
	Major	Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Other_Notes, Potential_Mitigations, Relationships, Weakness_Ordinalities
	Minor	None
689	Permission Race Condition During Resource Copy
	Major	Applicable_Platforms, Other_Notes, Relationships, Weakness_Ordinalities
	Minor	None
690	Unchecked Return Value to NULL Pointer Dereference
	Major	Applicable_Platforms, Demonstrative_Examples, Description, Detection_Factors, Other_Notes, Relationships
	Minor	None
691	Insufficient Control Flow Management
	Major	Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
692	Incomplete Blacklist to Cross-Site Scripting
	Major	Applicable_Platforms, Other_Notes, Relationships
	Minor	None
693	Protection Mechanism Failure
	Major	Description, Other_Notes, Relationships, Time_of_Introduction
	Minor	Applicable_Platforms
1000	Research Concepts
	Major	Description, Name, Relationships, View_Audience, View_Structure
	Minor	None
2000	Comprehensive CWE Dictionary
	Major	View_Structure
	Minor	None

Page Last Updated: January 05, 2017


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.