Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 1.11 Total" lists the total number of relationships
in Version 1.11. The "Shared" value is the total number of
relationships in entries that were in both Version 1.11 and Version 1.10. The
"New" value is the total number of relationships involving
entries that did not exist in Version 1.10. Thus, the total number of
relationships in Version 1.11 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
D | | |
20 |
Improper Input Validation |
| | R |
34 |
Path Traversal: '....//' |
| | R |
35 |
Path Traversal: '.../...//' |
| N | |
69 |
Improper Handling of Windows ::DATA Alternate Data Stream |
D | | |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
D | | |
76 |
Improper Neutralization of Equivalent Special Elements |
D | | |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
D | | |
85 |
Doubled Character XSS Manipulations |
D | | |
103 |
Struts: Incomplete validate() Method Definition |
| N | |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
| | R |
123 |
Write-what-where Condition |
D | | |
138 |
Improper Neutralization of Special Elements |
| N | |
168 |
Improper Handling of Inconsistent Special Elements |
D | | |
172 |
Encoding Error |
| N | |
173 |
Improper Handling of Alternate Encoding |
| N | |
175 |
Improper Handling of Mixed Encoding |
| N | |
176 |
Improper Handling of Unicode Encoding |
| N | |
177 |
Improper Handling of URL Encoding (Hex Encoding) |
| N | |
178 |
Improper Handling of Case Sensitivity |
| | R |
182 |
Collapse of Data into Unsafe Value |
D | | |
226 |
Sensitive Information Uncleared Before Release |
D | | |
227 |
Failure to Fulfill API Contract ('API Abuse') |
| N | |
243 |
Creation of chroot Jail Without Changing Working Directory |
| N | |
244 |
Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
| | R |
259 |
Use of Hard-coded Password |
D | | |
297 |
Improper Validation of Host-specific Certificate Data |
D | | |
300 |
Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
| | R |
321 |
Use of Hard-coded Cryptographic Key |
| | R |
344 |
Use of Invariant Value in Dynamically Changing Context |
D | N | |
353 |
Missing Support for Integrity Check |
D | | |
354 |
Improper Validation of Integrity Check Value |
D | N | R |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
D | | R |
364 |
Signal Handler Race Condition |
| | R |
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
| | R |
371 |
State Issues |
D | N | R |
373 |
DEPRECATED: State Synchronization Error |
| | R |
381 |
J2EE Time and State Issues |
D | | R |
383 |
J2EE Bad Practices: Direct Use of Threads |
D | N | |
392 |
Missing Report of Error Condition |
| | R |
398 |
Indicator of Poor Code Quality |
| N | |
401 |
Improper Release of Memory Before Removing Last Reference ('Memory Leak') |
D | | |
405 |
Asymmetric Resource Consumption (Amplification) |
| | R |
415 |
Double Free |
D | | R |
416 |
Use After Free |
| N | |
424 |
Improper Protection of Alternate Path |
D | | |
431 |
Missing Handler |
D | N | R |
432 |
Dangerous Signal Handler not Disabled During Sensitive Operations |
D | | |
472 |
External Control of Assumed-Immutable Web Parameter |
| | R |
476 |
NULL Pointer Dereference |
D | N | R |
479 |
Signal Handler Use of a Non-reentrant Function |
| | R |
488 |
Data Leak Between Sessions |
D | | R |
543 |
Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
| N | |
544 |
Missing Standardized Error Handling Mechanism |
D | N | R |
567 |
Unsynchronized Access to Shared Data in a Multithreaded Context |
| | R |
574 |
EJB Bad Practices: Use of Synchronization Primitives |
D | | |
580 |
clone() Method Without super.clone() |
D | | |
599 |
Trust of OpenSSL Certificate Without Validation |
D | N | |
600 |
Uncaught Exception in Servlet |
| | R |
609 |
Double-Checked Locking |
| N | |
637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
| N | |
638 |
Not Using Complete Mediation |
D | | |
648 |
Incorrect Use of Privileged APIs |
D | | |
649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
D | | R |
662 |
Improper Synchronization |
D | N | R |
663 |
Use of a Non-reentrant Function in a Concurrent Context |
D | | R |
664 |
Improper Control of a Resource Through its Lifetime |
D | N | R |
667 |
Improper Locking |
| | R |
669 |
Incorrect Resource Transfer Between Spheres |
| | R |
691 |
Insufficient Control Flow Management |
| N | |
703 |
Improper Check or Handling of Exceptional Conditions |
| | R |
706 |
Use of Incorrectly-Resolved Name or Reference |
D | | |
755 |
Improper Handling of Exceptional Conditions |
D | | |
756 |
Missing Custom Error Page |
D | | |
769 |
File Descriptor Exhaustion |
| | R |
776 |
Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
D | | |
798 |
Use of Hard-coded Credentials |
| | R |
820 |
Missing Synchronization |
| | R |
821 |
Incorrect Synchronization |
20 |
Improper Input Validation |
|
Major |
Demonstrative_Examples, Description |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
34 |
Path Traversal: '....//' |
|
Major |
Relationships |
|
Minor |
None |
35 |
Path Traversal: '.../...//' |
|
Major |
Relationships |
|
Minor |
None |
49 |
Path Equivalence: 'filename/' (Trailing Slash) |
|
Major |
Observed_Examples |
|
Minor |
None |
69 |
Improper Handling of Windows ::DATA Alternate Data Stream |
|
Major |
Name |
|
Minor |
None |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Common_Consequences, Relationship_Notes |
|
Minor |
None |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
|
Major |
Description |
|
Minor |
None |
76 |
Improper Neutralization of Equivalent Special Elements |
|
Major |
Description |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Description, Potential_Mitigations |
|
Minor |
None |
85 |
Doubled Character XSS Manipulations |
|
Major |
Description |
|
Minor |
None |
87 |
Improper Neutralization of Alternate XSS Syntax |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
94 |
Failure to Control Generation of Code ('Code Injection') |
|
Major |
None |
|
Minor |
Common_Consequences |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
103 |
Struts: Incomplete validate() Method Definition |
|
Major |
Description |
|
Minor |
None |
116 |
Improper Encoding or Escaping of Output |
|
Major |
None |
|
Minor |
Common_Consequences |
117 |
Improper Output Neutralization for Logs |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
Name |
|
Minor |
None |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
123 |
Write-what-where Condition |
|
Major |
Relationships |
|
Minor |
None |
128 |
Wrap-around Error |
|
Major |
Background_Details |
|
Minor |
None |
129 |
Improper Validation of Array Index |
|
Major |
Demonstrative_Examples, Observed_Examples, Potential_Mitigations |
|
Minor |
None |
130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Potential_Mitigations |
|
Minor |
None |
131 |
Incorrect Calculation of Buffer Size |
|
Major |
Potential_Mitigations |
|
Minor |
None |
138 |
Improper Neutralization of Special Elements |
|
Major |
Description |
|
Minor |
None |
168 |
Improper Handling of Inconsistent Special Elements |
|
Major |
Name |
|
Minor |
None |
170 |
Improper Null Termination |
|
Major |
None |
|
Minor |
Common_Consequences |
172 |
Encoding Error |
|
Major |
Description |
|
Minor |
None |
173 |
Improper Handling of Alternate Encoding |
|
Major |
Name |
|
Minor |
None |
175 |
Improper Handling of Mixed Encoding |
|
Major |
Name |
|
Minor |
None |
176 |
Improper Handling of Unicode Encoding |
|
Major |
Name |
|
Minor |
None |
177 |
Improper Handling of URL Encoding (Hex Encoding) |
|
Major |
Name |
|
Minor |
None |
178 |
Improper Handling of Case Sensitivity |
|
Major |
Name |
|
Minor |
None |
182 |
Collapse of Data into Unsafe Value |
|
Major |
Relationships |
|
Minor |
None |
193 |
Off-by-one Error |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
194 |
Unexpected Sign Extension |
|
Major |
Applicable_Platforms |
|
Minor |
None |
196 |
Unsigned to Signed Conversion Error |
|
Major |
Other_Notes |
|
Minor |
None |
197 |
Numeric Truncation Error |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
201 |
Information Exposure Through Sent Data |
|
Major |
Common_Consequences |
|
Minor |
None |
211 |
Product-External Error Message Information Leak |
|
Major |
Observed_Examples |
|
Minor |
None |
226 |
Sensitive Information Uncleared Before Release |
|
Major |
Description |
|
Minor |
None |
227 |
Failure to Fulfill API Contract ('API Abuse') |
|
Major |
Description |
|
Minor |
None |
243 |
Creation of chroot Jail Without Changing Working Directory |
|
Major |
Demonstrative_Examples, Name |
|
Minor |
None |
244 |
Improper Clearing of Heap Memory Before Release ('Heap Inspection') |
|
Major |
Name |
|
Minor |
None |
252 |
Unchecked Return Value |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
258 |
Empty Password in Configuration File |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
259 |
Use of Hard-coded Password |
|
Major |
Relationships |
|
Minor |
None |
272 |
Least Privilege Violation |
|
Major |
Other_Notes |
|
Minor |
None |
296 |
Improper Following of Chain of Trust for Certificate Validation |
|
Major |
Other_Notes |
|
Minor |
None |
297 |
Improper Validation of Host-specific Certificate Data |
|
Major |
Description, Other_Notes |
|
Minor |
None |
299 |
Improper Check for Certificate Revocation |
|
Major |
Other_Notes |
|
Minor |
None |
300 |
Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
|
Major |
Description |
|
Minor |
None |
309 |
Use of Password System for Primary Authentication |
|
Major |
Common_Consequences |
|
Minor |
None |
311 |
Missing Encryption of Sensitive Data |
|
Major |
Demonstrative_Examples, Observed_Examples, Related_Attack_Patterns |
|
Minor |
None |
313 |
Plaintext Storage in a File or on Disk |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
319 |
Cleartext Transmission of Sensitive Information |
|
Major |
Observed_Examples, Related_Attack_Patterns |
|
Minor |
None |
321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Relationships |
|
Minor |
None |
344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Relationships |
|
Minor |
None |
345 |
Insufficient Verification of Data Authenticity |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
346 |
Origin Validation Error |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
353 |
Missing Support for Integrity Check |
|
Major |
Description, Name |
|
Minor |
None |
354 |
Improper Validation of Integrity Check Value |
|
Major |
Description |
|
Minor |
None |
362 |
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Description, Name, Potential_Mitigations, Relationships |
|
Minor |
None |
363 |
Race Condition Enabling Link Following |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
364 |
Signal Handler Race Condition |
|
Major |
Common_Consequences, Demonstrative_Examples, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships |
|
Minor |
None |
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Alternate_Terms, Relationships |
|
Minor |
None |
368 |
Context Switching Race Condition |
|
Major |
Observed_Examples |
|
Minor |
None |
371 |
State Issues |
|
Major |
Relationships |
|
Minor |
None |
372 |
Incomplete Internal State Distinction |
|
Major |
Maintenance_Notes |
|
Minor |
None |
373 |
DEPRECATED: State Synchronization Error |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Name, Other_Notes, Potential_Mitigations, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type |
|
Minor |
None |
374 |
Passing Mutable Objects to an Untrusted Method |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
381 |
J2EE Time and State Issues |
|
Major |
Relationships |
|
Minor |
None |
383 |
J2EE Bad Practices: Direct Use of Threads |
|
Major |
Description, Other_Notes, Relationships |
|
Minor |
None |
392 |
Missing Report of Error Condition |
|
Major |
Description, Name |
|
Minor |
None |
398 |
Indicator of Poor Code Quality |
|
Major |
Relationships |
|
Minor |
None |
401 |
Improper Release of Memory Before Removing Last Reference ('Memory Leak') |
|
Major |
Demonstrative_Examples, Name |
|
Minor |
None |
404 |
Improper Resource Shutdown or Release |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Description |
|
Minor |
None |
413 |
Improper Resource Locking |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
415 |
Double Free |
|
Major |
Observed_Examples, Relationships |
|
Minor |
None |
416 |
Use After Free |
|
Major |
Alternate_Terms, Common_Consequences, Description, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships |
|
Minor |
Demonstrative_Examples |
419 |
Unprotected Primary Channel |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
424 |
Improper Protection of Alternate Path |
|
Major |
Name |
|
Minor |
None |
431 |
Missing Handler |
|
Major |
Description, Other_Notes |
|
Minor |
None |
432 |
Dangerous Signal Handler not Disabled During Sensitive Operations |
|
Major |
Applicable_Platforms, Description, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Potential_Mitigations |
|
Minor |
None |
437 |
Incomplete Model of Endpoint Features |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
472 |
External Control of Assumed-Immutable Web Parameter |
|
Major |
Description |
|
Minor |
None |
476 |
NULL Pointer Dereference |
|
Major |
Relationships |
|
Minor |
None |
479 |
Signal Handler Use of a Non-reentrant Function |
|
Major |
Demonstrative_Examples, Description, Name, Observed_Examples, Other_Notes, Potential_Mitigations, Relationships |
|
Minor |
None |
488 |
Data Leak Between Sessions |
|
Major |
Relationships |
|
Minor |
None |
494 |
Download of Code Without Integrity Check |
|
Major |
Potential_Mitigations |
|
Minor |
None |
543 |
Use of Singleton Pattern Without Synchronization in a Multithreaded Context |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Description, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
544 |
Missing Standardized Error Handling Mechanism |
|
Major |
Name |
|
Minor |
None |
567 |
Unsynchronized Access to Shared Data in a Multithreaded Context |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Name, Other_Notes, Potential_Mitigations, Relationships |
|
Minor |
None |
574 |
EJB Bad Practices: Use of Synchronization Primitives |
|
Major |
Relationships |
|
Minor |
None |
580 |
clone() Method Without super.clone() |
|
Major |
Description |
|
Minor |
None |
581 |
Object Model Violation: Just One of Equals and Hashcode Defined |
|
Major |
Common_Consequences |
|
Minor |
None |
595 |
Comparison of Object References Instead of Object Contents |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
599 |
Trust of OpenSSL Certificate Without Validation |
|
Major |
Description |
|
Minor |
None |
600 |
Uncaught Exception in Servlet |
|
Major |
Description, Name |
|
Minor |
None |
602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
Related_Attack_Patterns |
|
Minor |
None |
609 |
Double-Checked Locking |
|
Major |
Relationships |
|
Minor |
None |
636 |
Not Failing Securely ('Failing Open') |
|
Major |
Research_Gaps |
|
Minor |
None |
637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
Major |
Name, Research_Gaps |
|
Minor |
None |
638 |
Not Using Complete Mediation |
|
Major |
Name |
|
Minor |
None |
639 |
Access Control Bypass Through User-Controlled Key |
|
Major |
None |
|
Minor |
Common_Consequences |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Common_Consequences |
|
Minor |
None |
641 |
Improper Restriction of Names for Files and Other Resources |
|
Major |
Common_Consequences |
|
Minor |
None |
643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
Major |
Common_Consequences |
|
Minor |
None |
644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
|
Major |
Common_Consequences |
|
Minor |
None |
646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
Major |
Applicable_Platforms, Common_Consequences |
|
Minor |
None |
647 |
Use of Non-Canonical URL Paths for Authorization Decisions |
|
Major |
Common_Consequences |
|
Minor |
Observed_Examples |
648 |
Incorrect Use of Privileged APIs |
|
Major |
Common_Consequences, Description |
|
Minor |
None |
649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
Major |
Common_Consequences, Description, Enabling_Factors_for_Exploitation, Observed_Examples |
|
Minor |
None |
651 |
Information Exposure through WSDL File |
|
Major |
Common_Consequences |
|
Minor |
Description |
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Common_Consequences |
|
Minor |
None |
653 |
Insufficient Compartmentalization |
|
Major |
Other_Notes, Relationship_Notes, Terminology_Notes |
|
Minor |
None |
662 |
Improper Synchronization |
|
Major |
Description, Relationships, Taxonomy_Mappings |
|
Minor |
None |
663 |
Use of a Non-reentrant Function in a Concurrent Context |
|
Major |
Description, Name, Relationships |
|
Minor |
None |
664 |
Improper Control of a Resource Through its Lifetime |
|
Major |
Description, Relationships |
|
Minor |
None |
667 |
Improper Locking |
|
Major |
Description, Name, Relationships |
|
Minor |
None |
669 |
Incorrect Resource Transfer Between Spheres |
|
Major |
Relationships |
|
Minor |
None |
684 |
Failure to Provide Specified Functionality |
|
Major |
Potential_Mitigations |
|
Minor |
None |
691 |
Insufficient Control Flow Management |
|
Major |
Relationships |
|
Minor |
None |
703 |
Improper Check or Handling of Exceptional Conditions |
|
Major |
Name, Relationship_Notes |
|
Minor |
None |
706 |
Use of Incorrectly-Resolved Name or Reference |
|
Major |
Relationships |
|
Minor |
None |
732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Potential_Mitigations |
|
Minor |
None |
754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Relationship_Notes |
|
Minor |
None |
755 |
Improper Handling of Exceptional Conditions |
|
Major |
Description, Observed_Examples |
|
Minor |
None |
756 |
Missing Custom Error Page |
|
Major |
Description |
|
Minor |
None |
766 |
Critical Variable Declared Public |
|
Major |
Observed_Examples |
|
Minor |
None |
769 |
File Descriptor Exhaustion |
|
Major |
Description |
|
Minor |
None |
776 |
Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
|
Major |
Relationships |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Description |
|
Minor |
None |
805 |
Buffer Access with Incorrect Length Value |
|
Major |
Potential_Mitigations |
|
Minor |
None |
820 |
Missing Synchronization |
|
Major |
Demonstrative_Examples, Relationships |
|
Minor |
None |
821 |
Incorrect Synchronization |
|
Major |
Relationships |
|
Minor |
None |