CWE - Differences between Version 1.12 and Version 1.13

Home > CWE List > Reports > Differences between Version 1.12 and Version 1.13

Differences between Version 1.12 and Version 1.13

Summary | Field Change Summary | Important Changes | Detailed Difference Report

Summary

Total (Version 1.13)	865
Total (Version 1.12)	844
Total new	21
Total deprecated	0
Total shared	844
Total important changes	138
Total major changes	682
Total minor changes	3
Total minor changes (no major)
Total unchanged	162

Summary of Entry Types

Type	Version 1.12	Version 1.13
Category	120	137
Chain	3	3
Composite	6	6
Deprecated	12	12
View	24	25
Weakness	679	682

Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field	Major	Minor
Name	0	0
Description	4	2
Applicable_Platforms	2	0
Time_of_Introduction	0	0
Demonstrative_Examples	10	0
Detection_Factors	0	0
Likelihood_of_Exploit	0	0
Common_Consequences	678	0
Relationships	136	0
References	0	0
Potential_Mitigations	1	0
Observed_Examples	2	0
Terminology_Notes	0	0
Alternate_Terms	0	0
Related_Attack_Patterns	0	0
Relationship_Notes	1	0
Taxonomy_Mappings	127	0
Maintenance_Notes	3	0
Modes_of_Introduction	0	0
Affected_Resources	0	0
Functional_Areas	0	0
Research_Gaps	0	0
Background_Details	0	0
Theoretical_Notes	0	0
Weakness_Ordinalities	0	0
White_Box_Definitions	0	0
Enabling_Factors_for_Exploitation	0	0
Other_Notes	8	1
Relevant_Properties	0	0
View_Type	0	0
View_Structure	0	0
View_Filter	0	0
View_Audience	0	0
Common_Methods_of_Exploitation	0	0
Type	0	0
Causal_Nature	0	0
Source_Taxonomy	0	0
Context_Notes	0	0
Black_Box_Definitions	0	0

Form and Abstraction Changes

From	To	Total
Unchanged		844

Status Changes

From	To	Total
Unchanged		844

Relationship Changes

The "Version 1.13 Total" lists the total number of relationships in Version 1.13. The "Shared" value is the total number of relationships in entries that were in both Version 1.13 and Version 1.12. The "New" value is the total number of relationships involving entries that did not exist in Version 1.12. Thus, the total number of relationships in Version 1.13 would combine stats from Shared entries and New entries.

Relationship	Version 1.13 Total	Version 1.12 Total	Version 1.13 Shared	Unchanged	Added to Version 1.13	Removed from Version 1.12	Version 1.13 New
ALL	5395	5063	5043	5039	4	24	352
ChildOf	2325	2177	2167	2165	2	12	158
ParentOf	2325	2177	2167	2165	2	12	158
MemberOf	136	119	119	119			17
HasMember	136	119	119	119			17
CanPrecede	113	112	112	112			1
CanFollow	113	112	112	112			1
StartsWith	3	3	3	3
Requires	19	19	19	19
RequiredBy	19	19	19	19
CanAlsoBe	34	34	34	34
PeerOf	172	172	172	172

Nodes Removed from Version 1.12

CWE-ID	CWE Name
None.

Nodes Added to Version 1.13

CWE-ID	CWE Name
843	Access of Resource Using Incompatible Type ('Type Confusion')
844	Weaknesses Addressed by the CERT Java Secure Coding Standard
845	CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)
846	CERT Java Secure Coding Section 01 - Declarations and Initialization (DCL)
847	CERT Java Secure Coding Section 02 - Expressions (EXP)
848	CERT Java Secure Coding Section 03 - Numeric Types and Operations (NUM)
849	CERT Java Secure Coding Section 04 - Object Orientation (OBJ)
850	CERT Java Secure Coding Section 05 - Methods (MET)
851	CERT Java Secure Coding Section 06 - Exceptional Behavior (ERR)
852	CERT Java Secure Coding Section 07 - Visibility and Atomicity (VNA)
853	CERT Java Secure Coding Section 08 - Locking (LCK)
854	CERT Java Secure Coding Section 09 - Thread APIs (THI)
855	CERT Java Secure Coding Section 10 - Thread Pools (TPS)
856	CERT Java Secure Coding Section 11 - Thread-Safety Miscellaneous (TSM)
857	CERT Java Secure Coding Section 12 - Input Output (FIO)
858	CERT Java Secure Coding Section 13 - Serialization (SER)
859	CERT Java Secure Coding Section 14 - Platform Security (SEC)
860	CERT Java Secure Coding Section 15 - Runtime Environment (ENV)
861	CERT Java Secure Coding Section 49 - Miscellaneous (MSC)
862	Missing Authorization
863	Incorrect Authorization

Nodes Deprecated in Version 1.13

CWE-ID	CWE Name
None.

Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D	Description
N	Name
R	Relationships

	R	15	External Control of System or Configuration Setting
	R	36	Absolute Path Traversal
	R	67	Improper Handling of Windows Device Names
	R	73	External Control of File Name or Path
	R	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	R	111	Direct Use of Unsafe JNI
D		113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
	R	116	Improper Encoding or Escaping of Output
	R	119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	R	134	Uncontrolled Format String
	R	135	Incorrect Calculation of Multi-Byte String Length
	R	144	Improper Neutralization of Line Delimiters
	R	150	Improper Neutralization of Escape, Meta, or Control Sequences
D	R	171	Cleansing, Canonicalization, and Comparison Errors
D		172	Encoding Error
	R	180	Incorrect Behavior Order: Validate Before Canonicalize
	R	182	Collapse of Data into Unsafe Value
	R	197	Numeric Truncation Error
	R	198	Use of Incorrect Byte Ordering
	R	209	Information Exposure Through an Error Message
	R	215	Information Exposure Through Debug Information
	R	226	Sensitive Information Uncleared Before Release
	R	230	Improper Handling of Missing Values
	R	232	Improper Handling of Undefined Values
	R	248	Uncaught Exception
	R	250	Execution with Unnecessary Privileges
	R	252	Unchecked Return Value
	R	256	Plaintext Storage of a Password
	R	259	Use of Hard-coded Password
	R	266	Incorrect Privilege Assignment
	R	272	Least Privilege Violation
	R	276	Incorrect Default Permissions
	R	279	Incorrect Execution-Assigned Permissions
	R	285	Improper Authorization
	R	289	Authentication Bypass by Alternate Name
	R	300	Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
	R	302	Authentication Bypass by Assumed-Immutable Data
	R	311	Missing Encryption of Sensitive Data
	R	319	Cleartext Transmission of Sensitive Information
	R	327	Use of a Broken or Risky Cryptographic Algorithm
	R	330	Use of Insufficiently Random Values
	R	332	Insufficient Entropy in PRNG
	R	333	Improper Handling of Insufficient Entropy in TRNG
	R	336	Same Seed in PRNG
	R	337	Predictable Seed in PRNG
	R	347	Improper Verification of Cryptographic Signature
	R	349	Acceptance of Extraneous Untrusted Data With Trusted Data
	R	358	Improperly Implemented Security Check for Standard
	R	359	Privacy Violation
	R	362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	R	366	Race Condition within a Thread
	R	369	Divide By Zero
	R	374	Passing Mutable Objects to an Untrusted Method
	R	375	Returning a Mutable Object to an Untrusted Caller
	R	377	Insecure Temporary File
	R	382	J2EE Bad Practices: Use of System.exit()
	R	390	Detection of Error Condition Without Action
	R	392	Missing Report of Error Condition
	R	395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
	R	397	Declaration of Throws for Generic Exception
	R	400	Uncontrolled Resource Consumption ('Resource Exhaustion')
	R	401	Improper Release of Memory Before Removing Last Reference ('Memory Leak')
	R	404	Improper Resource Shutdown or Release
	R	405	Asymmetric Resource Consumption (Amplification)
	R	409	Improper Handling of Highly Compressed Data (Data Amplification)
	R	410	Insufficient Resource Pool
	R	412	Unrestricted Externally Accessible Lock
	R	413	Improper Resource Locking
	R	425	Direct Request ('Forced Browsing')
	R	454	External Initialization of Trusted Variables or Data Stores
	R	459	Incomplete Cleanup
	R	460	Improper Cleanup on Thrown Exception
	R	470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
	R	479	Signal Handler Use of a Non-reentrant Function
	R	480	Use of Incorrect Operator
	R	484	Omitted Break Statement in Switch
	R	486	Comparison of Classes by Name
	R	487	Reliance on Package-level Scope
	R	491	Public cloneable() Method Without Final ('Object Hijack')
	R	492	Use of Inner Class Containing Sensitive Data
	R	493	Critical Public Variable Without Final Modifier
	R	494	Download of Code Without Integrity Check
	R	497	Exposure of System Data to an Unauthorized Control Sphere
	R	498	Cloneable Class Containing Sensitive Information
	R	499	Serializable Class Containing Sensitive Data
	R	500	Public Static Field Not Marked Final
	R	502	Deserialization of Untrusted Data
	R	524	Information Exposure Through Caching
	R	526	Information Exposure Through Environmental Variables
	R	528	Exposure of Core Dump File to an Unauthorized Control Sphere
	R	532	Information Exposure Through Log Files
	R	533	Information Exposure Through Server Log Files
	R	534	Information Exposure Through Debug Log Files
	R	539	Information Exposure Through Persistent Cookies
	R	542	Information Exposure Through Cleanup Log Files
	R	543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context
D	R	551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
	R	567	Unsynchronized Access to Shared Data in a Multithreaded Context
	R	568	finalize() Method Without super.finalize()
	R	572	Call to Thread run() instead of start()
	R	573	Improper Following of Specification by Caller
	R	581	Object Model Violation: Just One of Equals and Hashcode Defined
	R	582	Array Declared Public, Final, and Static
	R	583	finalize() Method Declared Public
	R	584	Return Inside Finally Block
	R	586	Explicit Call to Finalize()
	R	589	Call to Non-ubiquitous API
	R	595	Comparison of Object References Instead of Object Contents
	R	597	Use of Wrong Operator in String Comparison
	R	600	Uncaught Exception in Servlet
	R	607	Public Static Final Field References Mutable Object
	R	609	Double-Checked Locking
	R	625	Permissive Regular Expression
	R	638	Not Using Complete Mediation
	R	639	Authorization Bypass Through User-Controlled Key
	R	647	Use of Non-Canonical URL Paths for Authorization Decisions
	R	662	Improper Synchronization
	R	664	Improper Control of a Resource Through its Lifetime
	R	665	Improper Initialization
	R	667	Improper Locking
	R	670	Always-Incorrect Control Flow Implementation
	R	681	Incorrect Conversion between Numeric Types
	R	690	Unchecked Return Value to NULL Pointer Dereference
	R	703	Improper Check or Handling of Exceptional Conditions
	R	704	Incorrect Type Conversion or Cast
	R	705	Incorrect Control Flow Scoping
	R	732	Incorrect Permission Assignment for Critical Resource
	R	766	Critical Variable Declared Public
	R	770	Allocation of Resources Without Limits or Throttling
	R	772	Missing Release of Resource after Effective Lifetime
	R	798	Use of Hard-coded Credentials
	R	804	Guessable CAPTCHA
	R	820	Missing Synchronization
	R	821	Incorrect Synchronization
	R	833	Deadlock
	R	834	Excessive Iteration
	R	835	Loop with Unreachable Exit Condition ('Infinite Loop')
	R	838	Inappropriate Encoding for Output Context

Detailed Difference Report

5	J2EE Misconfiguration: Data Transmission Without Encryption
	Major	Common_Consequences
	Minor	None
6	J2EE Misconfiguration: Insufficient Session-ID Length
	Major	Common_Consequences
	Minor	None
7	J2EE Misconfiguration: Missing Custom Error Page
	Major	Common_Consequences
	Minor	None
8	J2EE Misconfiguration: Entity Bean Declared Remote
	Major	Common_Consequences
	Minor	None
9	J2EE Misconfiguration: Weak Access Permissions for EJB Methods
	Major	Common_Consequences
	Minor	None
11	ASP.NET Misconfiguration: Creating Debug Binary
	Major	Common_Consequences
	Minor	None
12	ASP.NET Misconfiguration: Missing Custom Error Page
	Major	Common_Consequences
	Minor	None
13	ASP.NET Misconfiguration: Password in Configuration File
	Major	Common_Consequences
	Minor	None
14	Compiler Removal of Code to Clear Buffers
	Major	Common_Consequences
	Minor	None
15	External Control of System or Configuration Setting
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
20	Improper Input Validation
	Major	Applicable_Platforms, Common_Consequences, Relationship_Notes
	Minor	None
23	Relative Path Traversal
	Major	Common_Consequences
	Minor	None
24	Path Traversal: '../filedir'
	Major	Common_Consequences
	Minor	None
25	Path Traversal: '/../filedir'
	Major	Common_Consequences
	Minor	None
26	Path Traversal: '/dir/../filename'
	Major	Common_Consequences
	Minor	None
27	Path Traversal: 'dir/../../filename'
	Major	Common_Consequences
	Minor	None
28	Path Traversal: '..\filedir'
	Major	Common_Consequences
	Minor	None
29	Path Traversal: '\..\filename'
	Major	Common_Consequences
	Minor	None
30	Path Traversal: '\dir\..\filename'
	Major	Common_Consequences
	Minor	None
31	Path Traversal: 'dir\..\..\filename'
	Major	Common_Consequences
	Minor	None
32	Path Traversal: '...' (Triple Dot)
	Major	Common_Consequences
	Minor	None
33	Path Traversal: '....' (Multiple Dot)
	Major	Common_Consequences
	Minor	None
34	Path Traversal: '....//'
	Major	Common_Consequences
	Minor	None
35	Path Traversal: '.../...//'
	Major	Common_Consequences
	Minor	None
36	Absolute Path Traversal
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
37	Path Traversal: '/absolute/pathname/here'
	Major	Common_Consequences
	Minor	None
38	Path Traversal: '\absolute\pathname\here'
	Major	Common_Consequences
	Minor	None
39	Path Traversal: 'C:dirname'
	Major	Common_Consequences
	Minor	None
40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
	Major	Common_Consequences
	Minor	None
41	Improper Resolution of Path Equivalence
	Major	Common_Consequences
	Minor	None
42	Path Equivalence: 'filename.' (Trailing Dot)
	Major	Common_Consequences
	Minor	None
43	Path Equivalence: 'filename....' (Multiple Trailing Dot)
	Major	Common_Consequences
	Minor	None
44	Path Equivalence: 'file.name' (Internal Dot)
	Major	Common_Consequences
	Minor	None
45	Path Equivalence: 'file...name' (Multiple Internal Dot)
	Major	Common_Consequences
	Minor	None
46	Path Equivalence: 'filename ' (Trailing Space)
	Major	Common_Consequences
	Minor	None
47	Path Equivalence: ' filename' (Leading Space)
	Major	Common_Consequences
	Minor	None
48	Path Equivalence: 'file name' (Internal Whitespace)
	Major	Common_Consequences
	Minor	None
49	Path Equivalence: 'filename/' (Trailing Slash)
	Major	Common_Consequences
	Minor	None
50	Path Equivalence: '//multiple/leading/slash'
	Major	Common_Consequences
	Minor	None
51	Path Equivalence: '/multiple//internal/slash'
	Major	Common_Consequences
	Minor	None
52	Path Equivalence: '/multiple/trailing/slash//'
	Major	Common_Consequences
	Minor	None
53	Path Equivalence: '\multiple\\internal\backslash'
	Major	Common_Consequences
	Minor	None
54	Path Equivalence: 'filedir\' (Trailing Backslash)
	Major	Common_Consequences
	Minor	None
55	Path Equivalence: '/./' (Single Dot Directory)
	Major	Common_Consequences
	Minor	None
56	*Path Equivalence: 'filedir' (Wildcard)**
	Major	Common_Consequences
	Minor	None
57	Path Equivalence: 'fakedir/../realdir/filename'
	Major	Common_Consequences
	Minor	None
58	Path Equivalence: Windows 8.3 Filename
	Major	Common_Consequences
	Minor	None
59	Improper Link Resolution Before File Access ('Link Following')
	Major	Common_Consequences
	Minor	None
61	UNIX Symbolic Link (Symlink) Following
	Major	Common_Consequences
	Minor	None
62	UNIX Hard Link
	Major	Common_Consequences
	Minor	None
64	Windows Shortcut Following (.LNK)
	Major	Common_Consequences
	Minor	None
65	Windows Hard Link
	Major	Common_Consequences
	Minor	None
66	Improper Handling of File Names that Identify Virtual Resources
	Major	Common_Consequences
	Minor	None
67	Improper Handling of Windows Device Names
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
69	Improper Handling of Windows ::DATA Alternate Data Stream
	Major	Common_Consequences
	Minor	None
71	Apple '.DS_Store'
	Major	Common_Consequences
	Minor	None
72	Improper Handling of Apple HFS+ Alternate Data Stream Path
	Major	Common_Consequences
	Minor	None
73	External Control of File Name or Path
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
	Major	Common_Consequences
	Minor	None
75	Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
	Major	Common_Consequences
	Minor	None
76	Improper Neutralization of Equivalent Special Elements
	Major	Common_Consequences
	Minor	None
77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
	Major	Common_Consequences
	Minor	None
78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
	Major	Common_Consequences
	Minor	None
80	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
	Major	Common_Consequences
	Minor	None
81	Improper Neutralization of Script in an Error Message Web Page
	Major	Common_Consequences
	Minor	None
82	Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
	Major	Common_Consequences
	Minor	None
83	Improper Neutralization of Script in Attributes in a Web Page
	Major	Common_Consequences
	Minor	None
84	Improper Neutralization of Encoded URI Schemes in a Web Page
	Major	Common_Consequences
	Minor	None
85	Doubled Character XSS Manipulations
	Major	Common_Consequences
	Minor	None
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
	Major	Common_Consequences
	Minor	None
87	Improper Neutralization of Alternate XSS Syntax
	Major	Common_Consequences
	Minor	None
88	Argument Injection or Modification
	Major	Common_Consequences
	Minor	None
89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
	Major	Common_Consequences
	Minor	None
90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
	Major	Common_Consequences
	Minor	None
91	XML Injection (aka Blind XPath Injection)
	Major	Common_Consequences
	Minor	None
93	Improper Neutralization of CRLF Sequences ('CRLF Injection')
	Major	Common_Consequences
	Minor	None
94	Improper Control of Generation of Code ('Code Injection')
	Major	Common_Consequences
	Minor	None
95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
	Major	Common_Consequences
	Minor	None
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
	Major	Common_Consequences
	Minor	None
97	Improper Neutralization of Server-Side Includes (SSI) Within a Web Page
	Major	Common_Consequences
	Minor	None
99	Improper Control of Resource Identifiers ('Resource Injection')
	Major	Common_Consequences, Other_Notes
	Minor	None
102	Struts: Duplicate Validation Forms
	Major	Common_Consequences
	Minor	None
103	Struts: Incomplete validate() Method Definition
	Major	Common_Consequences
	Minor	None
104	Struts: Form Bean Does Not Extend Validation Class
	Major	Common_Consequences
	Minor	None
105	Struts: Form Field Without Validator
	Major	Common_Consequences
	Minor	None
106	Struts: Plug-in Framework not in Use
	Major	Common_Consequences
	Minor	Other_Notes
107	Struts: Unused Validation Form
	Major	Common_Consequences
	Minor	None
108	Struts: Unvalidated Action Form
	Major	Common_Consequences
	Minor	None
109	Struts: Validator Turned Off
	Major	Common_Consequences
	Minor	None
110	Struts: Validator Without Form Field
	Major	Common_Consequences
	Minor	None
111	Direct Use of Unsafe JNI
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
112	Missing XML Validation
	Major	Common_Consequences
	Minor	None
113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
	Major	Common_Consequences, Description
	Minor	None
114	Process Control
	Major	Common_Consequences
	Minor	None
115	Misinterpretation of Input
	Major	Common_Consequences
	Minor	None
116	Improper Encoding or Escaping of Output
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
117	Improper Output Neutralization for Logs
	Major	Common_Consequences
	Minor	None
118	Improper Access of Indexable Resource ('Range Error')
	Major	Common_Consequences
	Minor	None
119	Improper Restriction of Operations within the Bounds of a Memory Buffer
	Major	Common_Consequences, Relationships
	Minor	None
120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
	Major	Common_Consequences
	Minor	None
121	Stack-based Buffer Overflow
	Major	Common_Consequences
	Minor	None
122	Heap-based Buffer Overflow
	Major	Common_Consequences
	Minor	None
123	Write-what-where Condition
	Major	Common_Consequences
	Minor	None
124	Buffer Underwrite ('Buffer Underflow')
	Major	Common_Consequences
	Minor	None
125	Out-of-bounds Read
	Major	Common_Consequences
	Minor	None
126	Buffer Over-read
	Major	Common_Consequences
	Minor	None
127	Buffer Under-read
	Major	Common_Consequences
	Minor	None
128	Wrap-around Error
	Major	Common_Consequences
	Minor	None
129	Improper Validation of Array Index
	Major	Common_Consequences
	Minor	None
130	Improper Handling of Length Parameter Inconsistency
	Major	Common_Consequences
	Minor	None
131	Incorrect Calculation of Buffer Size
	Major	Common_Consequences
	Minor	None
134	Uncontrolled Format String
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
135	Incorrect Calculation of Multi-Byte String Length
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
138	Improper Neutralization of Special Elements
	Major	Common_Consequences
	Minor	None
140	Improper Neutralization of Delimiters
	Major	Common_Consequences
	Minor	None
141	Improper Neutralization of Parameter/Argument Delimiters
	Major	Common_Consequences
	Minor	None
142	Improper Neutralization of Value Delimiters
	Major	Common_Consequences
	Minor	None
143	Improper Neutralization of Record Delimiters
	Major	Common_Consequences
	Minor	None
144	Improper Neutralization of Line Delimiters
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
145	Improper Neutralization of Section Delimiters
	Major	Common_Consequences
	Minor	None
146	Improper Neutralization of Expression/Command Delimiters
	Major	Common_Consequences
	Minor	None
147	Improper Neutralization of Input Terminators
	Major	Common_Consequences
	Minor	None
148	Improper Neutralization of Input Leaders
	Major	Common_Consequences
	Minor	None
149	Improper Neutralization of Quoting Syntax
	Major	Common_Consequences
	Minor	None
150	Improper Neutralization of Escape, Meta, or Control Sequences
	Major	Common_Consequences, Observed_Examples, Relationships, Taxonomy_Mappings
	Minor	None
151	Improper Neutralization of Comment Delimiters
	Major	Common_Consequences
	Minor	None
152	Improper Neutralization of Macro Symbols
	Major	Common_Consequences
	Minor	None
153	Improper Neutralization of Substitution Characters
	Major	Common_Consequences
	Minor	None
154	Improper Neutralization of Variable Name Delimiters
	Major	Common_Consequences
	Minor	None
155	Improper Neutralization of Wildcards or Matching Symbols
	Major	Common_Consequences
	Minor	None
156	Improper Neutralization of Whitespace
	Major	Common_Consequences
	Minor	None
157	Failure to Sanitize Paired Delimiters
	Major	Common_Consequences
	Minor	None
158	Improper Neutralization of Null Byte or NUL Character
	Major	Common_Consequences
	Minor	None
159	Failure to Sanitize Special Element
	Major	Common_Consequences
	Minor	None
160	Improper Neutralization of Leading Special Elements
	Major	Common_Consequences
	Minor	None
161	Improper Neutralization of Multiple Leading Special Elements
	Major	Common_Consequences
	Minor	None
162	Improper Neutralization of Trailing Special Elements
	Major	Common_Consequences
	Minor	None
163	Improper Neutralization of Multiple Trailing Special Elements
	Major	Common_Consequences
	Minor	None
164	Improper Neutralization of Internal Special Elements
	Major	Common_Consequences
	Minor	None
165	Improper Neutralization of Multiple Internal Special Elements
	Major	Common_Consequences
	Minor	None
166	Improper Handling of Missing Special Element
	Major	Common_Consequences
	Minor	None
167	Improper Handling of Additional Special Element
	Major	Common_Consequences
	Minor	None
168	Improper Handling of Inconsistent Special Elements
	Major	Common_Consequences
	Minor	None
170	Improper Null Termination
	Major	Common_Consequences
	Minor	None
171	Cleansing, Canonicalization, and Comparison Errors
	Major	Description, Relationships, Taxonomy_Mappings
	Minor	None
172	Encoding Error
	Major	Common_Consequences, Description
	Minor	None
173	Improper Handling of Alternate Encoding
	Major	Common_Consequences
	Minor	None
174	Double Decoding of the Same Data
	Major	Common_Consequences
	Minor	None
175	Improper Handling of Mixed Encoding
	Major	Common_Consequences
	Minor	None
176	Improper Handling of Unicode Encoding
	Major	Common_Consequences
	Minor	None
177	Improper Handling of URL Encoding (Hex Encoding)
	Major	Common_Consequences
	Minor	None
178	Improper Handling of Case Sensitivity
	Major	Common_Consequences
	Minor	None
179	Incorrect Behavior Order: Early Validation
	Major	Common_Consequences
	Minor	None
180	Incorrect Behavior Order: Validate Before Canonicalize
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
181	Incorrect Behavior Order: Validate Before Filter
	Major	Common_Consequences
	Minor	None
182	Collapse of Data into Unsafe Value
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
183	Permissive Whitelist
	Major	Common_Consequences
	Minor	None
184	Incomplete Blacklist
	Major	Common_Consequences
	Minor	None
185	Incorrect Regular Expression
	Major	Common_Consequences
	Minor	None
186	Overly Restrictive Regular Expression
	Major	Common_Consequences
	Minor	None
187	Partial Comparison
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
188	Reliance on Data/Memory Layout
	Major	Common_Consequences
	Minor	None
190	Integer Overflow or Wraparound
	Major	Common_Consequences
	Minor	None
191	Integer Underflow (Wrap or Wraparound)
	Major	Common_Consequences
	Minor	None
192	Integer Coercion Error
	Major	Common_Consequences
	Minor	None
193	Off-by-one Error
	Major	Common_Consequences
	Minor	None
194	Unexpected Sign Extension
	Major	Common_Consequences
	Minor	None
195	Signed to Unsigned Conversion Error
	Major	Common_Consequences
	Minor	None
196	Unsigned to Signed Conversion Error
	Major	Common_Consequences
	Minor	None
197	Numeric Truncation Error
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
198	Use of Incorrect Byte Ordering
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
200	Information Exposure
	Major	Common_Consequences
	Minor	None
201	Information Exposure Through Sent Data
	Major	Common_Consequences
	Minor	None
202	Exposure of Sensitive Data Through Data Queries
	Major	Common_Consequences
	Minor	None
203	Information Exposure Through Discrepancy
	Major	Common_Consequences
	Minor	None
204	Response Discrepancy Information Exposure
	Major	Common_Consequences
	Minor	None
205	Information Exposure Through Behavioral Discrepancy
	Major	Common_Consequences
	Minor	None
206	Information Exposure of Internal State Through Behavioral Inconsistency
	Major	Common_Consequences
	Minor	None
207	Information Exposure Through an External Behavioral Inconsistency
	Major	Common_Consequences
	Minor	None
208	Information Exposure Through Timing Discrepancy
	Major	Common_Consequences
	Minor	None
209	Information Exposure Through an Error Message
	Major	Relationships, Taxonomy_Mappings
	Minor	None
210	Information Exposure Through Generated Error Message
	Major	Common_Consequences
	Minor	None
211	Information Exposure Through External Error Message
	Major	Common_Consequences
	Minor	None
212	Improper Cross-boundary Removal of Sensitive Data
	Major	Common_Consequences
	Minor	None
213	Intentional Information Exposure
	Major	Common_Consequences
	Minor	None
214	Information Exposure Through Process Environment
	Major	Common_Consequences
	Minor	None
215	Information Exposure Through Debug Information
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
216	Containment Errors (Container Errors)
	Major	Common_Consequences
	Minor	None
219	Sensitive Data Under Web Root
	Major	Common_Consequences
	Minor	None
220	Sensitive Data Under FTP Root
	Major	Common_Consequences
	Minor	None
221	Information Loss or Omission
	Major	Common_Consequences
	Minor	None
222	Truncation of Security-relevant Information
	Major	Common_Consequences
	Minor	None
223	Omission of Security-relevant Information
	Major	Common_Consequences
	Minor	None
224	Obscured Security-relevant Information by Alternate Name
	Major	Common_Consequences
	Minor	None
226	Sensitive Information Uncleared Before Release
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
227	Improper Fulfillment of API Contract ('API Abuse')
	Major	Common_Consequences
	Minor	None
228	Improper Handling of Syntactically Invalid Structure
	Major	Common_Consequences
	Minor	None
229	Improper Handling of Values
	Major	Common_Consequences
	Minor	None
230	Improper Handling of Missing Values
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
231	Improper Handling of Extra Values
	Major	Common_Consequences
	Minor	None
232	Improper Handling of Undefined Values
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
233	Parameter Problems
	Major	Common_Consequences
	Minor	None
234	Failure to Handle Missing Parameter
	Major	Common_Consequences
	Minor	None
235	Improper Handling of Extra Parameters
	Major	Common_Consequences
	Minor	None
236	Improper Handling of Undefined Parameters
	Major	Common_Consequences
	Minor	None
237	Improper Handling of Structural Elements
	Major	Common_Consequences
	Minor	None
238	Improper Handling of Incomplete Structural Elements
	Major	Common_Consequences
	Minor	None
239	Failure to Handle Incomplete Element
	Major	Common_Consequences
	Minor	None
240	Improper Handling of Inconsistent Structural Elements
	Major	Common_Consequences
	Minor	None
241	Improper Handling of Unexpected Data Type
	Major	Common_Consequences
	Minor	None
242	Use of Inherently Dangerous Function
	Major	Common_Consequences
	Minor	None
243	Creation of chroot Jail Without Changing Working Directory
	Major	Common_Consequences
	Minor	None
244	Improper Clearing of Heap Memory Before Release ('Heap Inspection')
	Major	Common_Consequences
	Minor	None
245	J2EE Bad Practices: Direct Management of Connections
	Major	Common_Consequences
	Minor	None
246	J2EE Bad Practices: Direct Use of Sockets
	Major	Common_Consequences
	Minor	None
247	Reliance on DNS Lookups in a Security Decision
	Major	Common_Consequences
	Minor	None
248	Uncaught Exception
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
250	Execution with Unnecessary Privileges
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
252	Unchecked Return Value
	Major	Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
	Minor	None
253	Incorrect Check of Function Return Value
	Major	Common_Consequences
	Minor	None
256	Plaintext Storage of a Password
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
257	Storing Passwords in a Recoverable Format
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
258	Empty Password in Configuration File
	Major	Common_Consequences
	Minor	None
259	Use of Hard-coded Password
	Major	Common_Consequences, Potential_Mitigations, Relationships, Taxonomy_Mappings
	Minor	None
260	Password in Configuration File
	Major	Common_Consequences
	Minor	None
261	Weak Cryptography for Passwords
	Major	Common_Consequences
	Minor	None
262	Not Using Password Aging
	Major	Common_Consequences
	Minor	None
263	Password Aging with Long Expiration
	Major	Common_Consequences
	Minor	None
266	Incorrect Privilege Assignment
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
267	Privilege Defined With Unsafe Actions
	Major	Common_Consequences
	Minor	None
268	Privilege Chaining
	Major	Common_Consequences
	Minor	None
269	Improper Privilege Management
	Major	Common_Consequences
	Minor	None
270	Privilege Context Switching Error
	Major	Common_Consequences
	Minor	None
271	Privilege Dropping / Lowering Errors
	Major	Common_Consequences
	Minor	None
272	Least Privilege Violation
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
273	Improper Check for Dropped Privileges
	Major	Common_Consequences
	Minor	None
274	Improper Handling of Insufficient Privileges
	Major	Common_Consequences
	Minor	None
276	Incorrect Default Permissions
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
277	Insecure Inherited Permissions
	Major	Common_Consequences
	Minor	None
278	Insecure Preserved Inherited Permissions
	Major	Common_Consequences
	Minor	None
279	Incorrect Execution-Assigned Permissions
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
280	Improper Handling of Insufficient Permissions or Privileges
	Major	Common_Consequences
	Minor	None
281	Improper Preservation of Permissions
	Major	Common_Consequences
	Minor	None
282	Improper Ownership Management
	Major	Common_Consequences
	Minor	None
283	Unverified Ownership
	Major	Common_Consequences
	Minor	None
284	Improper Access Control
	Major	Common_Consequences
	Minor	None
285	Improper Authorization
	Major	Common_Consequences, Observed_Examples, Relationships
	Minor	None
286	Incorrect User Management
	Major	Common_Consequences
	Minor	None
287	Improper Authentication
	Major	Common_Consequences
	Minor	None
288	Authentication Bypass Using an Alternate Path or Channel
	Major	Common_Consequences
	Minor	None
289	Authentication Bypass by Alternate Name
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
290	Authentication Bypass by Spoofing
	Major	Common_Consequences
	Minor	None
291	Trusting Self-reported IP Address
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
292	Trusting Self-reported DNS Name
	Major	Common_Consequences
	Minor	None
293	Using Referer Field for Authentication
	Major	Common_Consequences
	Minor	None
294	Authentication Bypass by Capture-replay
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
296	Improper Following of Chain of Trust for Certificate Validation
	Major	Common_Consequences
	Minor	None
297	Improper Validation of Host-specific Certificate Data
	Major	Common_Consequences
	Minor	None
298	Improper Validation of Certificate Expiration
	Major	Common_Consequences
	Minor	None
299	Improper Check for Certificate Revocation
	Major	Common_Consequences
	Minor	None
300	Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
301	Reflection Attack in an Authentication Protocol
	Major	Common_Consequences
	Minor	None
302	Authentication Bypass by Assumed-Immutable Data
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
303	Incorrect Implementation of Authentication Algorithm
	Major	Common_Consequences
	Minor	None
304	Missing Critical Step in Authentication
	Major	Common_Consequences
	Minor	None
305	Authentication Bypass by Primary Weakness
	Major	Common_Consequences
	Minor	None
306	Missing Authentication for Critical Function
	Major	Common_Consequences
	Minor	None
307	Improper Restriction of Excessive Authentication Attempts
	Major	Common_Consequences
	Minor	None
308	Use of Single-factor Authentication
	Major	Common_Consequences
	Minor	None
309	Use of Password System for Primary Authentication
	Major	Common_Consequences
	Minor	None
311	Missing Encryption of Sensitive Data
	Major	Relationships, Taxonomy_Mappings
	Minor	None
312	Cleartext Storage of Sensitive Information
	Major	Common_Consequences
	Minor	None
313	Plaintext Storage in a File or on Disk
	Major	Common_Consequences
	Minor	None
314	Plaintext Storage in the Registry
	Major	Common_Consequences
	Minor	None
315	Plaintext Storage in a Cookie
	Major	Common_Consequences
	Minor	None
316	Plaintext Storage in Memory
	Major	Common_Consequences
	Minor	None
317	Plaintext Storage in GUI
	Major	Common_Consequences
	Minor	None
318	Plaintext Storage in Executable
	Major	Common_Consequences
	Minor	None
319	Cleartext Transmission of Sensitive Information
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
321	Use of Hard-coded Cryptographic Key
	Major	Common_Consequences
	Minor	None
322	Key Exchange without Entity Authentication
	Major	Common_Consequences
	Minor	None
323	Reusing a Nonce, Key Pair in Encryption
	Major	Common_Consequences
	Minor	None
324	Use of a Key Past its Expiration Date
	Major	Common_Consequences
	Minor	None
325	Missing Required Cryptographic Step
	Major	Common_Consequences
	Minor	None
326	Inadequate Encryption Strength
	Major	Common_Consequences
	Minor	None
327	Use of a Broken or Risky Cryptographic Algorithm
	Major	Relationships, Taxonomy_Mappings
	Minor	None
328	Reversible One-Way Hash
	Major	Common_Consequences
	Minor	None
329	Not Using a Random IV with CBC Mode
	Major	Common_Consequences
	Minor	None
330	Use of Insufficiently Random Values
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
331	Insufficient Entropy
	Major	Common_Consequences
	Minor	None
332	Insufficient Entropy in PRNG
	Major	Common_Consequences, Demonstrative_Examples, Relationships, Taxonomy_Mappings
	Minor	None
333	Improper Handling of Insufficient Entropy in TRNG
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
334	Small Space of Random Values
	Major	Common_Consequences
	Minor	None
335	PRNG Seed Error
	Major	Common_Consequences
	Minor	None
336	Same Seed in PRNG
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
337	Predictable Seed in PRNG
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
338	Use of Cryptographically Weak PRNG
	Major	Common_Consequences
	Minor	None
339	Small Seed Space in PRNG
	Major	Common_Consequences
	Minor	None
340	Predictability Problems
	Major	Common_Consequences
	Minor	None
341	Predictable from Observable State
	Major	Common_Consequences
	Minor	None
342	Predictable Exact Value from Previous Values
	Major	Common_Consequences
	Minor	None
343	Predictable Value Range from Previous Values
	Major	Common_Consequences
	Minor	None
344	Use of Invariant Value in Dynamically Changing Context
	Major	Common_Consequences
	Minor	None
345	Insufficient Verification of Data Authenticity
	Major	Common_Consequences
	Minor	None
346	Origin Validation Error
	Major	Common_Consequences
	Minor	None
347	Improper Verification of Cryptographic Signature
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
348	Use of Less Trusted Source
	Major	Common_Consequences
	Minor	None
349	Acceptance of Extraneous Untrusted Data With Trusted Data
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
350	Improperly Trusted Reverse DNS
	Major	Common_Consequences
	Minor	None
351	Insufficient Type Distinction
	Major	Common_Consequences
	Minor	None
352	Cross-Site Request Forgery (CSRF)
	Major	Common_Consequences
	Minor	None
353	Missing Support for Integrity Check
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
354	Improper Validation of Integrity Check Value
	Major	Common_Consequences
	Minor	None
356	Product UI does not Warn User of Unsafe Actions
	Major	Common_Consequences
	Minor	None
357	Insufficient UI Warning of Dangerous Operations
	Major	Common_Consequences
	Minor	None
358	Improperly Implemented Security Check for Standard
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
359	Privacy Violation
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
360	Trust of System Event Data
	Major	Common_Consequences
	Minor	None
362	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
363	Race Condition Enabling Link Following
	Major	Common_Consequences
	Minor	None
364	Signal Handler Race Condition
	Major	Common_Consequences
	Minor	None
365	Race Condition in Switch
	Major	Common_Consequences
	Minor	None
366	Race Condition within a Thread
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
367	Time-of-check Time-of-use (TOCTOU) Race Condition
	Major	Common_Consequences
	Minor	None
368	Context Switching Race Condition
	Major	Common_Consequences
	Minor	None
369	Divide By Zero
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
370	Missing Check for Certificate Revocation after Initial Check
	Major	Common_Consequences
	Minor	None
372	Incomplete Internal State Distinction
	Major	Common_Consequences
	Minor	None
374	Passing Mutable Objects to an Untrusted Method
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
375	Returning a Mutable Object to an Untrusted Caller
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
377	Insecure Temporary File
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
378	Creation of Temporary File With Insecure Permissions
	Major	Common_Consequences
	Minor	None
379	Creation of Temporary File in Directory with Incorrect Permissions
	Major	Common_Consequences
	Minor	None
382	J2EE Bad Practices: Use of System.exit()
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
383	J2EE Bad Practices: Direct Use of Threads
	Major	Common_Consequences
	Minor	None
384	Session Fixation
	Major	Common_Consequences
	Minor	None
385	Covert Timing Channel
	Major	Common_Consequences
	Minor	None
386	Symbolic Name not Mapping to Correct Object
	Major	Common_Consequences
	Minor	None
388	Error Handling
	Major	Common_Consequences
	Minor	None
390	Detection of Error Condition Without Action
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
391	Unchecked Error Condition
	Major	Common_Consequences
	Minor	None
392	Missing Report of Error Condition
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
393	Return of Wrong Status Code
	Major	Common_Consequences
	Minor	None
394	Unexpected Status Code or Return Value
	Major	Common_Consequences
	Minor	None
395	Use of NullPointerException Catch to Detect NULL Pointer Dereference
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
396	Declaration of Catch for Generic Exception
	Major	Common_Consequences
	Minor	None
397	Declaration of Throws for Generic Exception
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
398	Indicator of Poor Code Quality
	Major	Common_Consequences
	Minor	None
400	Uncontrolled Resource Consumption ('Resource Exhaustion')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
401	Improper Release of Memory Before Removing Last Reference ('Memory Leak')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
402	Transmission of Private Resources into a New Sphere ('Resource Leak')
	Major	Common_Consequences
	Minor	None
403	Exposure of File Descriptor to Unintended Control Sphere
	Major	Common_Consequences
	Minor	None
404	Improper Resource Shutdown or Release
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
405	Asymmetric Resource Consumption (Amplification)
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
406	Insufficient Control of Network Message Volume (Network Amplification)
	Major	Common_Consequences
	Minor	None
407	Algorithmic Complexity
	Major	Common_Consequences
	Minor	None
408	Incorrect Behavior Order: Early Amplification
	Major	Common_Consequences
	Minor	None
409	Improper Handling of Highly Compressed Data (Data Amplification)
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
410	Insufficient Resource Pool
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
412	Unrestricted Externally Accessible Lock
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
413	Improper Resource Locking
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
414	Missing Lock Check
	Major	Common_Consequences
	Minor	None
415	Double Free
	Major	Common_Consequences
	Minor	None
416	Use After Free
	Major	Common_Consequences
	Minor	None
419	Unprotected Primary Channel
	Major	Common_Consequences
	Minor	None
420	Unprotected Alternate Channel
	Major	Common_Consequences
	Minor	None
421	Race Condition During Access to Alternate Channel
	Major	Common_Consequences
	Minor	None
422	Unprotected Windows Messaging Channel ('Shatter')
	Major	Common_Consequences
	Minor	None
424	Improper Protection of Alternate Path
	Major	Common_Consequences
	Minor	None
425	Direct Request ('Forced Browsing')
	Major	Common_Consequences, Relationships
	Minor	None
426	Untrusted Search Path
	Major	Common_Consequences
	Minor	None
427	Uncontrolled Search Path Element
	Major	Common_Consequences
	Minor	None
428	Unquoted Search Path or Element
	Major	Common_Consequences
	Minor	None
430	Deployment of Wrong Handler
	Major	Common_Consequences
	Minor	None
431	Missing Handler
	Major	Common_Consequences
	Minor	None
432	Dangerous Signal Handler not Disabled During Sensitive Operations
	Major	Common_Consequences
	Minor	None
433	Unparsed Raw Web Content Delivery
	Major	Common_Consequences
	Minor	None
435	Interaction Error
	Major	Common_Consequences
	Minor	None
436	Interpretation Conflict
	Major	Common_Consequences
	Minor	None
437	Incomplete Model of Endpoint Features
	Major	Common_Consequences
	Minor	None
439	Behavioral Change in New Version or Environment
	Major	Common_Consequences
	Minor	None
440	Expected Behavior Violation
	Major	Common_Consequences
	Minor	None
441	Unintended Proxy/Intermediary
	Major	Common_Consequences
	Minor	None
444	Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
	Major	Common_Consequences
	Minor	None
446	UI Discrepancy for Security Feature
	Major	Common_Consequences
	Minor	None
447	Unimplemented or Unsupported Feature in UI
	Major	Common_Consequences
	Minor	None
448	Obsolete Feature in UI
	Major	Common_Consequences
	Minor	None
449	The UI Performs the Wrong Action
	Major	Common_Consequences
	Minor	None
450	Multiple Interpretations of UI Input
	Major	Common_Consequences
	Minor	None
451	UI Misrepresentation of Critical Information
	Major	Common_Consequences
	Minor	None
453	Insecure Default Variable Initialization
	Major	Common_Consequences
	Minor	None
454	External Initialization of Trusted Variables or Data Stores
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
455	Non-exit on Failed Initialization
	Major	Common_Consequences
	Minor	None
456	Missing Initialization
	Major	Common_Consequences
	Minor	None
457	Use of Uninitialized Variable
	Major	Common_Consequences
	Minor	None
459	Incomplete Cleanup
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
460	Improper Cleanup on Thrown Exception
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
462	Duplicate Key in Associative List (Alist)
	Major	Common_Consequences
	Minor	None
463	Deletion of Data Structure Sentinel
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
464	Addition of Data Structure Sentinel
	Major	Common_Consequences
	Minor	None
466	Return of Pointer Value Outside of Expected Range
	Major	Common_Consequences
	Minor	None
467	Use of sizeof() on a Pointer Type
	Major	Common_Consequences
	Minor	None
468	Incorrect Pointer Scaling
	Major	Common_Consequences
	Minor	None
469	Use of Pointer Subtraction to Determine Size
	Major	Common_Consequences
	Minor	None
470	Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
471	Modification of Assumed-Immutable Data (MAID)
	Major	Common_Consequences
	Minor	None
472	External Control of Assumed-Immutable Web Parameter
	Major	Common_Consequences
	Minor	None
473	PHP External Variable Modification
	Major	Common_Consequences
	Minor	None
474	Use of Function with Inconsistent Implementations
	Major	Common_Consequences, Other_Notes
	Minor	None
475	Undefined Behavior for Input to API
	Major	Common_Consequences
	Minor	None
476	NULL Pointer Dereference
	Major	Common_Consequences
	Minor	None
477	Use of Obsolete Functions
	Major	Common_Consequences
	Minor	None
478	Missing Default Case in Switch Statement
	Major	Common_Consequences
	Minor	None
479	Signal Handler Use of a Non-reentrant Function
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
480	Use of Incorrect Operator
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
481	Assigning instead of Comparing
	Major	Common_Consequences
	Minor	None
482	Comparing instead of Assigning
	Major	Common_Consequences
	Minor	None
483	Incorrect Block Delimitation
	Major	Common_Consequences
	Minor	None
484	Omitted Break Statement in Switch
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
485	Insufficient Encapsulation
	Major	Common_Consequences
	Minor	None
486	Comparison of Classes by Name
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
487	Reliance on Package-level Scope
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
488	Exposure of Data Element to Wrong Session
	Major	Common_Consequences
	Minor	None
489	Leftover Debug Code
	Major	Common_Consequences
	Minor	None
491	Public cloneable() Method Without Final ('Object Hijack')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
492	Use of Inner Class Containing Sensitive Data
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
493	Critical Public Variable Without Final Modifier
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
494	Download of Code Without Integrity Check
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
495	Private Array-Typed Field Returned From A Public Method
	Major	Common_Consequences
	Minor	None
496	Public Data Assigned to Private Array-Typed Field
	Major	Common_Consequences
	Minor	None
497	Exposure of System Data to an Unauthorized Control Sphere
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
498	Cloneable Class Containing Sensitive Information
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
499	Serializable Class Containing Sensitive Data
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
500	Public Static Field Not Marked Final
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
501	Trust Boundary Violation
	Major	Common_Consequences
	Minor	None
502	Deserialization of Untrusted Data
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
506	Embedded Malicious Code
	Major	Common_Consequences
	Minor	None
507	Trojan Horse
	Major	Common_Consequences
	Minor	None
508	Non-Replicating Malicious Code
	Major	Common_Consequences
	Minor	None
509	Replicating Malicious Code (Virus or Worm)
	Major	Common_Consequences
	Minor	None
510	Trapdoor
	Major	Common_Consequences
	Minor	None
511	Logic/Time Bomb
	Major	Common_Consequences
	Minor	None
512	Spyware
	Major	Common_Consequences
	Minor	None
514	Covert Channel
	Major	Common_Consequences
	Minor	None
515	Covert Storage Channel
	Major	Common_Consequences
	Minor	None
520	.NET Misconfiguration: Use of Impersonation
	Major	Common_Consequences
	Minor	None
521	Weak Password Requirements
	Major	Common_Consequences
	Minor	None
522	Insufficiently Protected Credentials
	Major	Common_Consequences
	Minor	None
523	Unprotected Transport of Credentials
	Major	Common_Consequences
	Minor	None
524	Information Exposure Through Caching
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
525	Information Exposure Through Browser Caching
	Major	Common_Consequences
	Minor	None
526	Information Exposure Through Environmental Variables
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
527	Exposure of CVS Repository to an Unauthorized Control Sphere
	Major	Common_Consequences
	Minor	None
528	Exposure of Core Dump File to an Unauthorized Control Sphere
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
529	Exposure of Access Control List Files to an Unauthorized Control Sphere
	Major	Common_Consequences
	Minor	None
530	Exposure of Backup File to an Unauthorized Control Sphere
	Major	Common_Consequences
	Minor	None
531	Information Exposure Through Test Code
	Major	Common_Consequences
	Minor	None
532	Information Exposure Through Log Files
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
533	Information Exposure Through Server Log Files
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
534	Information Exposure Through Debug Log Files
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
535	Information Exposure Through Shell Error Message
	Major	Common_Consequences
	Minor	None
536	Information Exposure Through Servlet Runtime Error Message
	Major	Common_Consequences, Other_Notes
	Minor	None
537	Information Exposure Through Java Runtime Error Message
	Major	Common_Consequences
	Minor	None
538	File and Directory Information Exposure
	Major	Common_Consequences
	Minor	None
539	Information Exposure Through Persistent Cookies
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
540	Information Exposure Through Source Code
	Major	Common_Consequences
	Minor	None
541	Information Exposure Through Include Source Code
	Major	Common_Consequences
	Minor	None
542	Information Exposure Through Cleanup Log Files
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
543	Use of Singleton Pattern Without Synchronization in a Multithreaded Context
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
544	Missing Standardized Error Handling Mechanism
	Major	Common_Consequences
	Minor	None
545	Use of Dynamic Class Loading
	Major	Common_Consequences
	Minor	None
546	Suspicious Comment
	Major	Common_Consequences
	Minor	None
547	Use of Hard-coded, Security-relevant Constants
	Major	Common_Consequences
	Minor	None
548	Information Exposure Through Directory Listing
	Major	Common_Consequences
	Minor	None
549	Missing Password Field Masking
	Major	Common_Consequences
	Minor	None
550	Information Exposure Through Server Error Message
	Major	Common_Consequences
	Minor	None
551	Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
	Major	Common_Consequences, Demonstrative_Examples, Description, Relationships
	Minor	None
552	Files or Directories Accessible to External Parties
	Major	Common_Consequences
	Minor	None
553	Command Shell in Externally Accessible Directory
	Major	Common_Consequences
	Minor	None
554	ASP.NET Misconfiguration: Not Using Input Validation Framework
	Major	Common_Consequences
	Minor	None
555	J2EE Misconfiguration: Plaintext Password in Configuration File
	Major	Common_Consequences
	Minor	None
556	ASP.NET Misconfiguration: Use of Identity Impersonation
	Major	Common_Consequences
	Minor	None
558	Use of getlogin() in Multithreaded Application
	Major	Common_Consequences
	Minor	None
560	Use of umask() with chmod-style Argument
	Major	Common_Consequences
	Minor	None
561	Dead Code
	Major	Common_Consequences
	Minor	None
562	Return of Stack Variable Address
	Major	Common_Consequences
	Minor	None
563	Unused Variable
	Major	Common_Consequences
	Minor	None
564	SQL Injection: Hibernate
	Major	Common_Consequences
	Minor	None
565	Reliance on Cookies without Validation and Integrity Checking
	Major	Common_Consequences
	Minor	None
566	Authorization Bypass Through User-Controlled SQL Primary Key
	Major	Common_Consequences
	Minor	None
567	Unsynchronized Access to Shared Data in a Multithreaded Context
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
568	finalize() Method Without super.finalize()
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
570	Expression is Always False
	Major	Common_Consequences
	Minor	None
571	Expression is Always True
	Major	Common_Consequences
	Minor	None
572	Call to Thread run() instead of start()
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
573	Improper Following of Specification by Caller
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
574	EJB Bad Practices: Use of Synchronization Primitives
	Major	Common_Consequences
	Minor	None
575	EJB Bad Practices: Use of AWT Swing
	Major	Common_Consequences
	Minor	None
576	EJB Bad Practices: Use of Java I/O
	Major	Common_Consequences
	Minor	None
577	EJB Bad Practices: Use of Sockets
	Major	Common_Consequences
	Minor	None
578	EJB Bad Practices: Use of Class Loader
	Major	Common_Consequences
	Minor	None
579	J2EE Bad Practices: Non-serializable Object Stored in Session
	Major	Common_Consequences
	Minor	None
580	clone() Method Without super.clone()
	Major	Common_Consequences
	Minor	None
581	Object Model Violation: Just One of Equals and Hashcode Defined
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
582	Array Declared Public, Final, and Static
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
583	finalize() Method Declared Public
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
584	Return Inside Finally Block
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
585	Empty Synchronized Block
	Major	Common_Consequences
	Minor	None
586	Explicit Call to Finalize()
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
587	Assignment of a Fixed Address to a Pointer
	Major	Common_Consequences
	Minor	None
588	Attempt to Access Child of a Non-structure Pointer
	Major	Common_Consequences
	Minor	None
589	Call to Non-ubiquitous API
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
590	Free of Memory not on the Heap
	Major	Common_Consequences
	Minor	None
591	Sensitive Data Storage in Improperly Locked Memory
	Major	Common_Consequences
	Minor	None
592	Authentication Bypass Issues
	Major	Common_Consequences
	Minor	None
593	Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
	Major	Common_Consequences
	Minor	None
594	J2EE Framework: Saving Unserializable Objects to Disk
	Major	Common_Consequences
	Minor	None
595	Comparison of Object References Instead of Object Contents
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
596	Incorrect Semantic Object Comparison
	Major	Common_Consequences
	Minor	None
597	Use of Wrong Operator in String Comparison
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
598	Information Exposure Through Query Strings in GET Request
	Major	Common_Consequences, Other_Notes
	Minor	None
599	Trust of OpenSSL Certificate Without Validation
	Major	Common_Consequences, Other_Notes
	Minor	None
600	Uncaught Exception in Servlet
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
601	URL Redirection to Untrusted Site ('Open Redirect')
	Major	Common_Consequences
	Minor	None
602	Client-Side Enforcement of Server-Side Security
	Major	Common_Consequences
	Minor	None
603	Use of Client-Side Authentication
	Major	Common_Consequences, Maintenance_Notes, Other_Notes
	Minor	None
605	Multiple Binds to the Same Port
	Major	Common_Consequences, Demonstrative_Examples
	Minor	None
606	Unchecked Input for Loop Condition
	Major	Common_Consequences
	Minor	None
607	Public Static Final Field References Mutable Object
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
608	Struts: Non-private Field in ActionForm Class
	Major	Common_Consequences
	Minor	None
609	Double-Checked Locking
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
610	Externally Controlled Reference to a Resource in Another Sphere
	Major	Common_Consequences
	Minor	None
611	Information Exposure Through XML External Entity Reference
	Major	Common_Consequences
	Minor	None
612	Information Exposure Through Indexing of Private Data
	Major	Common_Consequences
	Minor	None
613	Insufficient Session Expiration
	Major	Common_Consequences
	Minor	None
614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
	Major	Common_Consequences
	Minor	None
615	Information Exposure Through Comments
	Major	Common_Consequences
	Minor	None
616	Incomplete Identification of Uploaded File Variables (PHP)
	Major	Common_Consequences
	Minor	Description
617	Reachable Assertion
	Major	Common_Consequences
	Minor	None
618	Exposed Unsafe ActiveX Method
	Major	Common_Consequences
	Minor	None
619	Dangling Database Cursor ('Cursor Injection')
	Major	Common_Consequences
	Minor	None
620	Unverified Password Change
	Major	Common_Consequences
	Minor	None
621	Variable Extraction Error
	Major	Common_Consequences
	Minor	None
622	Unvalidated Function Hook Arguments
	Major	Common_Consequences
	Minor	None
623	Unsafe ActiveX Control Marked Safe For Scripting
	Major	Common_Consequences
	Minor	None
624	Executable Regular Expression Error
	Major	Common_Consequences
	Minor	None
625	Permissive Regular Expression
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
626	Null Byte Interaction Error (Poison Null Byte)
	Major	Common_Consequences
	Minor	None
627	Dynamic Variable Evaluation
	Major	Common_Consequences
	Minor	None
628	Function Call with Incorrectly Specified Arguments
	Major	Common_Consequences
	Minor	None
636	Not Failing Securely ('Failing Open')
	Major	Common_Consequences
	Minor	None
637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
	Major	Common_Consequences
	Minor	None
638	Not Using Complete Mediation
	Major	Common_Consequences, Relationships
	Minor	None
639	Authorization Bypass Through User-Controlled Key
	Major	Common_Consequences, Relationships
	Minor	None
640	Weak Password Recovery Mechanism for Forgotten Password
	Major	Common_Consequences
	Minor	None
641	Improper Restriction of Names for Files and Other Resources
	Major	Common_Consequences
	Minor	None
642	External Control of Critical State Data
	Major	Common_Consequences
	Minor	None
643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')
	Major	Common_Consequences
	Minor	None
644	Improper Neutralization of HTTP Headers for Scripting Syntax
	Major	Common_Consequences
	Minor	None
645	Overly Restrictive Account Lockout Mechanism
	Major	Common_Consequences
	Minor	None
646	Reliance on File Name or Extension of Externally-Supplied File
	Major	Common_Consequences
	Minor	None
647	Use of Non-Canonical URL Paths for Authorization Decisions
	Major	Applicable_Platforms, Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
648	Incorrect Use of Privileged APIs
	Major	Common_Consequences
	Minor	None
649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
	Major	Common_Consequences
	Minor	None
650	Trusting HTTP Permission Methods on the Server Side
	Major	Common_Consequences
	Minor	None
651	Information Exposure Through WSDL File
	Major	Common_Consequences
	Minor	None
652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
	Major	Common_Consequences
	Minor	None
653	Insufficient Compartmentalization
	Major	Common_Consequences
	Minor	None
654	Reliance on a Single Factor in a Security Decision
	Major	Common_Consequences, Maintenance_Notes, Other_Notes
	Minor	None
655	Insufficient Psychological Acceptability
	Major	Common_Consequences
	Minor	None
656	Reliance on Security Through Obscurity
	Major	Common_Consequences
	Minor	None
657	Violation of Secure Design Principles
	Major	Common_Consequences
	Minor	None
662	Improper Synchronization
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
663	Use of a Non-reentrant Function in a Concurrent Context
	Major	Common_Consequences
	Minor	None
664	Improper Control of a Resource Through its Lifetime
	Major	Common_Consequences, Relationships
	Minor	None
665	Improper Initialization
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
666	Operation on Resource in Wrong Phase of Lifetime
	Major	Common_Consequences
	Minor	None
667	Improper Locking
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
668	Exposure of Resource to Wrong Sphere
	Major	Common_Consequences
	Minor	None
669	Incorrect Resource Transfer Between Spheres
	Major	Common_Consequences
	Minor	None
670	Always-Incorrect Control Flow Implementation
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
671	Lack of Administrator Control over Security
	Major	Common_Consequences
	Minor	None
672	Operation on a Resource after Expiration or Release
	Major	Common_Consequences
	Minor	None
673	External Influence of Sphere Definition
	Major	Common_Consequences
	Minor	None
674	Uncontrolled Recursion
	Major	Common_Consequences
	Minor	None
675	Duplicate Operations on Resource
	Major	Common_Consequences
	Minor	None
676	Use of Potentially Dangerous Function
	Major	Common_Consequences
	Minor	None
680	Integer Overflow to Buffer Overflow
	Major	Common_Consequences
	Minor	None
681	Incorrect Conversion between Numeric Types
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
682	Incorrect Calculation
	Major	Common_Consequences
	Minor	None
683	Function Call With Incorrect Order of Arguments
	Major	Common_Consequences
	Minor	None
684	Incorrect Provision of Specified Functionality
	Major	Common_Consequences
	Minor	None
685	Function Call With Incorrect Number of Arguments
	Major	Common_Consequences
	Minor	None
686	Function Call With Incorrect Argument Type
	Major	Common_Consequences
	Minor	None
687	Function Call With Incorrectly Specified Argument Value
	Major	Common_Consequences
	Minor	None
688	Function Call With Incorrect Variable or Reference as Argument
	Major	Common_Consequences
	Minor	None
689	Permission Race Condition During Resource Copy
	Major	Common_Consequences
	Minor	None
690	Unchecked Return Value to NULL Pointer Dereference
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
691	Insufficient Control Flow Management
	Major	Common_Consequences
	Minor	None
692	Incomplete Blacklist to Cross-Site Scripting
	Major	Common_Consequences
	Minor	None
693	Protection Mechanism Failure
	Major	Common_Consequences
	Minor	None
694	Use of Multiple Resources with Duplicate Identifier
	Major	Common_Consequences
	Minor	None
695	Use of Low-Level Functionality
	Major	Common_Consequences
	Minor	None
696	Incorrect Behavior Order
	Major	Common_Consequences
	Minor	None
697	Insufficient Comparison
	Major	Common_Consequences
	Minor	None
698	Redirect Without Exit
	Major	Common_Consequences
	Minor	None
703	Improper Check or Handling of Exceptional Conditions
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
704	Incorrect Type Conversion or Cast
	Major	Common_Consequences, Relationships
	Minor	None
705	Incorrect Control Flow Scoping
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
706	Use of Incorrectly-Resolved Name or Reference
	Major	Common_Consequences
	Minor	None
707	Improper Enforcement of Message or Data Structure
	Major	Common_Consequences
	Minor	None
708	Incorrect Ownership Assignment
	Major	Common_Consequences, Maintenance_Notes, Other_Notes
	Minor	None
710	Coding Standards Violation
	Major	Common_Consequences
	Minor	None
732	Incorrect Permission Assignment for Critical Resource
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
733	Compiler Optimization Removal or Modification of Security-critical Code
	Major	Common_Consequences
	Minor	None
749	Exposed Dangerous Method or Function
	Major	Common_Consequences
	Minor	None
754	Improper Check for Unusual or Exceptional Conditions
	Major	Common_Consequences
	Minor	None
755	Improper Handling of Exceptional Conditions
	Major	Common_Consequences
	Minor	None
756	Missing Custom Error Page
	Major	Common_Consequences
	Minor	None
757	Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
	Major	Common_Consequences
	Minor	None
758	Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
	Major	Common_Consequences
	Minor	None
759	Use of a One-Way Hash without a Salt
	Major	Common_Consequences
	Minor	None
760	Use of a One-Way Hash with a Predictable Salt
	Major	Common_Consequences
	Minor	None
761	Free of Pointer not at Start of Buffer
	Major	Common_Consequences
	Minor	None
762	Mismatched Memory Management Routines
	Major	Common_Consequences
	Minor	None
763	Release of Invalid Pointer or Reference
	Major	Common_Consequences
	Minor	None
764	Multiple Locks of a Critical Resource
	Major	Common_Consequences
	Minor	None
765	Multiple Unlocks of a Critical Resource
	Major	Common_Consequences
	Minor	None
766	Critical Variable Declared Public
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
767	Access to Critical Private Variable via Public Method
	Major	Common_Consequences
	Minor	None
770	Allocation of Resources Without Limits or Throttling
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
771	Missing Reference to Active Allocated Resource
	Major	Common_Consequences
	Minor	None
772	Missing Release of Resource after Effective Lifetime
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
773	Missing Reference to Active File Descriptor or Handle
	Major	Common_Consequences
	Minor	None
774	Allocation of File Descriptors or Handles Without Limits or Throttling
	Major	Common_Consequences
	Minor	None
775	Missing Release of File Descriptor or Handle after Effective Lifetime
	Major	Common_Consequences
	Minor	None
776	Unrestricted Recursive Entity References in DTDs ('XML Bomb')
	Major	Common_Consequences
	Minor	None
777	Regular Expression without Anchors
	Major	Common_Consequences
	Minor	None
778	Insufficient Logging
	Major	Common_Consequences
	Minor	None
779	Logging of Excessive Data
	Major	Common_Consequences
	Minor	None
780	Use of RSA Algorithm without OAEP
	Major	Common_Consequences
	Minor	None
781	Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
	Major	Common_Consequences
	Minor	None
784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
	Major	Common_Consequences
	Minor	None
785	Use of Path Manipulation Function without Maximum-sized Buffer
	Major	Common_Consequences
	Minor	None
786	Access of Memory Location Before Start of Buffer
	Major	Common_Consequences
	Minor	None
787	Out-of-bounds Write
	Major	Common_Consequences
	Minor	None
788	Access of Memory Location After End of Buffer
	Major	Common_Consequences
	Minor	None
789	Uncontrolled Memory Allocation
	Major	Common_Consequences
	Minor	None
790	Improper Filtering of Special Elements
	Major	Common_Consequences
	Minor	None
791	Incomplete Filtering of Special Elements
	Major	Common_Consequences
	Minor	None
792	Incomplete Filtering of One or More Instances of Special Elements
	Major	Common_Consequences
	Minor	None
793	Only Filtering One Instance of a Special Element
	Major	Common_Consequences
	Minor	None
794	Incomplete Filtering of Multiple Instances of Special Elements
	Major	Common_Consequences
	Minor	None
795	Only Filtering Special Elements at a Specified Location
	Major	Common_Consequences
	Minor	Description
796	Only Filtering Special Elements Relative to a Marker
	Major	Common_Consequences
	Minor	None
797	Only Filtering Special Elements at an Absolute Position
	Major	Common_Consequences
	Minor	None
798	Use of Hard-coded Credentials
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
799	Improper Control of Interaction Frequency
	Major	Common_Consequences
	Minor	None
804	Guessable CAPTCHA
	Major	Common_Consequences, Relationships
	Minor	None
805	Buffer Access with Incorrect Length Value
	Major	Common_Consequences
	Minor	None
806	Buffer Access Using Size of Source Buffer
	Major	Common_Consequences
	Minor	None
807	Reliance on Untrusted Inputs in a Security Decision
	Major	Common_Consequences
	Minor	None
820	Missing Synchronization
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
821	Incorrect Synchronization
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
822	Untrusted Pointer Dereference
	Major	Common_Consequences
	Minor	None
823	Use of Out-of-range Pointer Offset
	Major	Common_Consequences
	Minor	None
826	Premature Release of Resource During Expected Lifetime
	Major	Common_Consequences
	Minor	None
827	Improper Control of Document Type Definition
	Major	Common_Consequences
	Minor	None
828	Signal Handler with Functionality that is not Asynchronous-Safe
	Major	Common_Consequences
	Minor	None
829	Inclusion of Functionality from Untrusted Control Sphere
	Major	Common_Consequences
	Minor	None
830	Inclusion of Web Functionality from an Untrusted Source
	Major	Common_Consequences
	Minor	None
831	Signal Handler Function Associated with Multiple Signals
	Major	Common_Consequences
	Minor	None
832	Unlock of a Resource that is not Locked
	Major	Common_Consequences
	Minor	None
833	Deadlock
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
834	Excessive Iteration
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
835	Loop with Unreachable Exit Condition ('Infinite Loop')
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
836	Use of Password Hash Instead of Password for Authentication
	Major	Common_Consequences
	Minor	None
838	Inappropriate Encoding for Output Context
	Major	Common_Consequences, Relationships, Taxonomy_Mappings
	Minor	None
839	Numeric Range Comparison Without Minimum Check
	Major	Common_Consequences
	Minor	None
841	Improper Enforcement of Behavioral Workflow
	Major	Common_Consequences
	Minor	None
842	Placement of User into Incorrect Group
	Major	Common_Consequences
	Minor	None

Page Last Updated: January 05, 2017


	Site Map \| Terms of Use \| Manage Cookies \| Cookie Notice \| Privacy Policy \| Contact Us \| Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2024, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.

Common Weakness Enumeration