CWE

Common Weakness Enumeration

A community-developed list of SW & HW weaknesses that can become vulnerabilities

New to CWE? click here!
CWE Most Important Hardware Weaknesses
CWE Top 25 Most Dangerous Weaknesses
Home > CWE List > Reports > Differences between 1.7 and 1.8  
ID

Differences between 1.7 and 1.8
Differences between 1.7 and 1.8

Summary
Summary
Total (1.8) 810
Total (1.7) 799
Total new 11
Total deprecated 0
Total shared 799
Total important changes 82
Total major changes 162
Total minor changes 7
Total minor changes (no major) 1
Total unchanged 636

Summary of Entry Types

Type 1.7 1.8
Category 105 109
Chain 3 3
Composite 9 6
Deprecated 11 11
View 22 23
Weakness 649 658

Field Change Summary
Field Change Summary

Any change with respect to whitespace is ignored. "Minor" changes are text changes that only affect capitalization and punctuation. Most other changes are marked as "Major." Simple schema changes are treated as Minor, such as the change from AffectedResource to Affected_Resource in Draft 8, or the relationship name change from "IsRequiredBy" to "RequiredBy" in Version 1.0. For each mutual relationship between nodes A and B (such as ParentOf and ChildOf), a relationship change is noted for both A and B.

Field Major Minor
Name 13 0
Description 11 0
Applicable_Platforms 13 1
Time_of_Introduction 3 0
Demonstrative_Examples 33 2
Detection_Factors 33 0
Likelihood_of_Exploit 4 0
Common_Consequences 12 1
Relationships 77 0
References 54 0
Potential_Mitigations 43 2
Observed_Examples 6 0
Terminology_Notes 3 0
Alternate_Terms 6 0
Related_Attack_Patterns 14 0
Relationship_Notes 7 0
Taxonomy_Mappings 51 0
Maintenance_Notes 2 0
Modes_of_Introduction 0 0
Affected_Resources 0 0
Functional_Areas 1 0
Research_Gaps 1 0
Background_Details 1 0
Theoretical_Notes 0 0
Weakness_Ordinalities 2 0
White_Box_Definitions 0 0
Enabling_Factors_for_Exploitation 0 0
Other_Notes 8 1
Relevant_Properties 0 0
View_Type 0 0
View_Structure 0 0
View_Filter 0 0
View_Audience 0 0
Common_Methods_of_Exploitation 0 0
Type 3 0
Causal_Nature 0 0
Source_Taxonomy 0 0
Context_Notes 0 0
Black_Box_Definitions 0 0

Form and Abstraction Changes

From To Total
Unchanged 796
Composite Weakness/Base 3

Status Changes

From To Total
Unchanged 799

Relationship Changes

The "1.8 Total" lists the total number of relationships in 1.8. The "Shared" value is the total number of relationships in entries that were in both 1.8 and 1.7. The "New" value is the total number of relationships involving entries that did not exist in 1.7. Thus, the total number of relationships in 1.8 would combine stats from Shared entries and New entries.

Relationship 1.8 Total 1.7 Total 1.8 Shared Unchanged Added to 1.8 Removed from 1.7 1.8 New
ALL 4819 4676 4667 4630 37 46 152
ChildOf 2078 2008 2008 1997 11 11 70
ParentOf 2078 2008 2008 1997 11 11 70
MemberOf 109 106 105 105 1 4
HasMember 109 106 105 105 1 4
CanPrecede 90 84 89 84 5 1
CanFollow 91 84 90 84 6 1
StartsWith 3 3 3 3
Requires 19 27 19 19 8
RequiredBy 19 27 19 19 8
CanAlsoBe 37 37 37 37
PeerOf 186 186 184 180 4 6 2

Nodes Removed from 1.7

CWE-ID CWE Name
None.

Nodes Added to 1.8

CWE-ID CWE Name
798 Use of Hard-coded Credentials
799 Improper Control of Interaction Frequency
800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
801 2010 Top 25 - Insecure Interaction Between Components
802 2010 Top 25 - Risky Resource Management
803 2010 Top 25 - Porous Defenses
804 Guessable CAPTCHA
805 Buffer Access with Incorrect Length Value
806 Buffer Access Using Size of Source Buffer
807 Reliance on Untrusted Inputs in a Security Decision
808 2010 Top 25 - Weaknesses On the Cusp

Nodes Deprecated in 1.8

CWE-ID CWE Name
None.
Important Changes
Important Changes

A node change is labeled "important" if it is a major field change and the field is critical to the meaning of the node. The critical fields are description, name, and relationships.

Key
D Description
N Name
R Relationships

DNR 22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
R 59 Improper Link Resolution Before File Access ('Link Following')
R 74 Failure to Sanitize Data into a Different Plane ('Injection')
R 77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
R 78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
R 79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
R 88 Argument Injection or Modification
R 89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
R 90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
R 98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
R 118 Improper Access of Indexable Resource ('Range Error')
R 119 Failure to Constrain Operations within the Bounds of a Memory Buffer
R 120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
R 129 Improper Validation of Array Index
D R 130 Improper Handling of Length Parameter Inconsistency
R 131 Incorrect Calculation of Buffer Size
R 134 Uncontrolled Format String
R 183 Permissive Whitelist
R 184 Incomplete Blacklist
R 190 Integer Overflow or Wraparound
R 209 Information Exposure Through an Error Message
DNR 212 Improper Cross-boundary Removal of Sensitive Data
R 216 Containment Errors (Container Errors)
R 227 Failure to Fulfill API Contract ('API Abuse')
R 242 Use of Inherently Dangerous Function
R 247 Reliance on DNS Lookups in a Security Decision
R 254 Security Features
R 255 Credentials Management
R 257 Storing Passwords in a Recoverable Format
DNR 259 Use of Hard-coded Password
R 285 Improper Access Control (Authorization)
R 287 Improper Authentication
D 291 Trusting Self-reported IP Address
R 302 Authentication Bypass by Assumed-Immutable Data
NR 306 Missing Authentication for Critical Function
NR 307 Improper Restriction of Excessive Authentication Attempts
D 308 Use of Single-factor Authentication
DNR 311 Missing Encryption of Sensitive Data
R 321 Use of Hard-coded Cryptographic Key
R 327 Use of a Broken or Risky Cryptographic Algorithm
R 330 Use of Insufficiently Random Values
R 344 Use of Invariant Value in Dynamically Changing Context
R 351 Insufficient Type Distinction
R 352 Cross-Site Request Forgery (CSRF)
D 360 Trust of System Event Data
R 362 Race Condition
R 388 Error Handling
R 401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
R 404 Improper Resource Shutdown or Release
R 416 Use After Free
R 425 Direct Request ('Forced Browsing')
R 426 Untrusted Search Path
NR 434 Unrestricted Upload of File with Dangerous Type
R 436 Interpretation Conflict
R 438 Behavioral Problems
DNR 454 External Initialization of Trusted Variables or Data Stores
R 456 Missing Initialization
R 467 Use of sizeof() on a Pointer Type
R 473 PHP External Variable Modification
R 476 NULL Pointer Dereference
R 494 Download of Code Without Integrity Check
R 601 URL Redirection to Untrusted Site ('Open Redirect')
R 664 Improper Control of a Resource Through its Lifetime
R 669 Incorrect Resource Transfer Between Spheres
R 671 Lack of Administrator Control over Security
DNR 672 Operation on a Resource after Expiration or Release
R 681 Incorrect Conversion between Numeric Types
R 691 Insufficient Control Flow Management
R 693 Protection Mechanism Failure
R 703 Failure to Handle Exceptional Conditions
R 706 Use of Incorrectly-Resolved Name or Reference
R 724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
R 732 Incorrect Permission Assignment for Critical Resource
R 749 Exposed Dangerous Method or Function
N 751 2009 Top 25 - Insecure Interaction Between Components
N 752 2009 Top 25 - Risky Resource Management
NR 753 2009 Top 25 - Porous Defenses
DNR 754 Improper Check for Unusual or Exceptional Conditions
R 770 Allocation of Resources Without Limits or Throttling
R 772 Missing Release of Resource after Effective Lifetime
R 784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
R 1000 Research Concepts
Detailed Difference Report
Detailed Difference Report
14 Compiler Removal of Code to Clear Buffers
Major References
Minor None
16 Configuration
Major Taxonomy_Mappings
Minor None
20 Improper Input Validation
Major Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
Minor None
22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Major Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities
Minor None
23 Relative Path Traversal
Major Demonstrative_Examples
Minor None
36 Absolute Path Traversal
Major Demonstrative_Examples
Minor None
59 Improper Link Resolution Before File Access ('Link Following')
Major Potential_Mitigations, Relationships
Minor None
73 External Control of File Name or Path
Major Potential_Mitigations
Minor None
74 Failure to Sanitize Data into a Different Plane ('Injection')
Major Relationships
Minor None
77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
Major Potential_Mitigations, Relationships
Minor None
78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
Major Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
Minor None
79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
Major Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
Minor None
88 Argument Injection or Modification
Major Potential_Mitigations, Relationships, Taxonomy_Mappings
Minor None
89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
Major Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
Minor None
90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
Major Relationships, Taxonomy_Mappings
Minor None
91 XML Injection (aka Blind XPath Injection)
Major Taxonomy_Mappings
Minor None
93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
Major Related_Attack_Patterns, Taxonomy_Mappings
Minor None
94 Failure to Control Generation of Code ('Code Injection')
Major Potential_Mitigations
Minor None
95 Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')
Major Potential_Mitigations
Minor None
97 Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
Major Taxonomy_Mappings
Minor None
98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
Major Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type
Minor Demonstrative_Examples
113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Major Taxonomy_Mappings
Minor None
116 Improper Encoding or Escaping of Output
Major Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
Minor None
118 Improper Access of Indexable Resource ('Range Error')
Major Relationships
Minor None
119 Failure to Constrain Operations within the Bounds of a Memory Buffer
Major Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
Minor None
120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Major Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type
Minor None
121 Stack-based Buffer Overflow
Major References
Minor None
122 Heap-based Buffer Overflow
Major References
Minor None
129 Improper Validation of Array Index
Major Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
Minor Common_Consequences
130 Improper Handling of Length Parameter Inconsistency
Major Description, Potential_Mitigations, Relationships
Minor None
131 Incorrect Calculation of Buffer Size
Major Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships
Minor None
134 Uncontrolled Format String
Major Detection_Factors, References, Relationships, Taxonomy_Mappings
Minor Other_Notes
135 Incorrect Calculation of Multi-Byte String Length
Major Demonstrative_Examples, References
Minor None
158 Failure to Sanitize Null Byte or NUL Character
Major Taxonomy_Mappings
Minor None
180 Incorrect Behavior Order: Validate Before Canonicalize
Major Demonstrative_Examples
Minor None
183 Permissive Whitelist
Major Relationships
Minor None
184 Incomplete Blacklist
Major Relationships
Minor None
185 Incorrect Regular Expression
Major References
Minor None
190 Integer Overflow or Wraparound
Major Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes
Minor Demonstrative_Examples
193 Off-by-one Error
Major Demonstrative_Examples
Minor None
195 Signed to Unsigned Conversion Error
Major Demonstrative_Examples
Minor None
200 Information Exposure
Major Taxonomy_Mappings
Minor None
205 Information Exposure Through Behavioral Discrepancy
Major Taxonomy_Mappings
Minor None
209 Information Exposure Through an Error Message
Major Detection_Factors, References, Relationships
Minor None
212 Improper Cross-boundary Removal of Sensitive Data
Major Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes
Minor None
216 Containment Errors (Container Errors)
Major Relationships
Minor None
226 Sensitive Information Uncleared Before Release
Major Applicable_Platforms, Maintenance_Notes, Relationship_Notes
Minor None
227 Failure to Fulfill API Contract ('API Abuse')
Major Relationships, Taxonomy_Mappings
Minor None
242 Use of Inherently Dangerous Function
Major Demonstrative_Examples, References, Relationships
Minor None
247 Reliance on DNS Lookups in a Security Decision
Major Relationships
Minor None
250 Execution with Unnecessary Privileges
Major Detection_Factors, Potential_Mitigations, References
Minor None
252 Unchecked Return Value
Major Demonstrative_Examples, Potential_Mitigations, References
Minor None
254 Security Features
Major Relationships
Minor None
255 Credentials Management
Major Relationships
Minor None
257 Storing Passwords in a Recoverable Format
Major Relationships
Minor None
259 Use of Hard-coded Password
Major Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships
Minor None
264 Permissions, Privileges, and Access Controls
Major References
Minor None
270 Privilege Context Switching Error
Major References
Minor None
280 Improper Handling of Insufficient Permissions or Privileges
Major Taxonomy_Mappings
Minor None
284 Access Control (Authorization) Issues
Major References, Taxonomy_Mappings
Minor None
285 Improper Access Control (Authorization)
Major Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships
Minor None
287 Improper Authentication
Major Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings
Minor None
291 Trusting Self-reported IP Address
Major Description, Other_Notes
Minor None
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Major Taxonomy_Mappings
Minor None
302 Authentication Bypass by Assumed-Immutable Data
Major Potential_Mitigations, Relationships
Minor None
306 Missing Authentication for Critical Function
Major Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
Minor None
307 Improper Restriction of Excessive Authentication Attempts
Major Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings
Minor None
308 Use of Single-factor Authentication
Major Description, Other_Notes
Minor None
310 Cryptographic Issues
Major References
Minor None
311 Missing Encryption of Sensitive Data
Major Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction
Minor None
312 Cleartext Storage of Sensitive Information
Major References
Minor None
319 Cleartext Transmission of Sensitive Information
Major References
Minor None
321 Use of Hard-coded Cryptographic Key
Major Relationships
Minor None
326 Inadequate Encryption Strength
Major References
Minor None
327 Use of a Broken or Risky Cryptographic Algorithm
Major Detection_Factors, References, Relationships
Minor None
330 Use of Insufficiently Random Values
Major References, Relationships, Taxonomy_Mappings
Minor None
331 Insufficient Entropy
Major Taxonomy_Mappings
Minor None
340 Predictability Problems
Major Taxonomy_Mappings
Minor None
344 Use of Invariant Value in Dynamically Changing Context
Major Relationships
Minor None
345 Insufficient Verification of Data Authenticity
Major Taxonomy_Mappings
Minor None
351 Insufficient Type Distinction
Major Relationships
Minor None
352 Cross-Site Request Forgery (CSRF)
Major Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings
Minor None
359 Privacy Violation
Major Other_Notes, References
Minor None
360 Trust of System Event Data
Major Description, Other_Notes
Minor None
362 Race Condition
Major Detection_Factors, References, Relationships
Minor None
377 Insecure Temporary File
Major References
Minor None
384 Session Fixation
Major Taxonomy_Mappings
Minor None
388 Error Handling
Major Relationships
Minor None
393 Return of Wrong Status Code
Major Other_Notes, Relationship_Notes
Minor None
400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Major Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings
Minor None
401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
Major Relationships
Minor None
404 Improper Resource Shutdown or Release
Major Potential_Mitigations, Relationships
Minor None
405 Asymmetric Resource Consumption (Amplification)
Major Taxonomy_Mappings
Minor None
410 Insufficient Resource Pool
Major References
Minor None
416 Use After Free
Major Relationships
Minor None
425 Direct Request ('Forced Browsing')
Major Relationships, Taxonomy_Mappings
Minor None
426 Untrusted Search Path
Major References, Relationships
Minor None
434 Unrestricted Upload of File with Dangerous Type
Major Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities
Minor None
436 Interpretation Conflict
Major Relationships, Taxonomy_Mappings
Minor None
438 Behavioral Problems
Major Relationships
Minor None
441 Unintended Proxy/Intermediary
Major Taxonomy_Mappings
Minor None
444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Major Taxonomy_Mappings
Minor None
454 External Initialization of Trusted Variables or Data Stores
Major Description, Name, Relationships
Minor None
456 Missing Initialization
Major Relationships
Minor None
467 Use of sizeof() on a Pointer Type
Major Relationships
Minor Potential_Mitigations
471 Modification of Assumed-Immutable Data (MAID)
Major Potential_Mitigations
Minor None
473 PHP External Variable Modification
Major Relationships
Minor None
476 NULL Pointer Dereference
Major Potential_Mitigations, Relationships
Minor None
494 Download of Code Without Integrity Check
Major Detection_Factors, References, Relationships
Minor None
507 Trojan Horse
Major References
Minor None
537 Information Leak Through Java Runtime Error Message
Major Demonstrative_Examples, Potential_Mitigations
Minor None
548 Information Leak Through Directory Listing
Major Taxonomy_Mappings
Minor None
594 J2EE Framework: Saving Unserializable Objects to Disk
Major Demonstrative_Examples
Minor None
596 Incorrect Semantic Object Comparison
Major Detection_Factors
Minor None
601 URL Redirection to Untrusted Site ('Open Redirect')
Major Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings
Minor None
602 Client-Side Enforcement of Server-Side Security
Major References
Minor None
611 Information Leak Through XML External Entity File Disclosure
Major Taxonomy_Mappings
Minor None
612 Information Leak Through Indexing of Private Data
Major Taxonomy_Mappings
Minor None
613 Insufficient Session Expiration
Major Taxonomy_Mappings
Minor None
623 Unsafe ActiveX Control Marked Safe For Scripting
Major References
Minor None
628 Function Call with Incorrectly Specified Arguments
Major Detection_Factors
Minor None
639 Access Control Bypass Through User-Controlled Key
Major None
Minor Potential_Mitigations
640 Weak Password Recovery Mechanism for Forgotten Password
Major Taxonomy_Mappings
Minor None
642 External Control of Critical State Data
Major Potential_Mitigations
Minor None
643 Failure to Sanitize Data within XPath Expressions ('XPath injection')
Major Taxonomy_Mappings
Minor None
652 Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')
Major Taxonomy_Mappings
Minor None
664 Improper Control of a Resource Through its Lifetime
Major Relationships
Minor None
665 Improper Initialization
Major Potential_Mitigations
Minor None
669 Incorrect Resource Transfer Between Spheres
Major Relationships
Minor None
671 Lack of Administrator Control over Security
Major Relationships
Minor None
672 Operation on a Resource after Expiration or Release
Major Demonstrative_Examples, Description, Name, Relationships
Minor None
676 Use of Potentially Dangerous Function
Major Demonstrative_Examples, Other_Notes, References, Relationship_Notes
Minor None
681 Incorrect Conversion between Numeric Types
Major Relationships
Minor None
682 Incorrect Calculation
Major Potential_Mitigations
Minor None
685 Function Call With Incorrect Number of Arguments
Major Detection_Factors
Minor None
687 Function Call With Incorrectly Specified Argument Value
Major Detection_Factors
Minor None
688 Function Call With Incorrect Variable or Reference as Argument
Major Detection_Factors
Minor None
691 Insufficient Control Flow Management
Major Relationships, Taxonomy_Mappings
Minor None
693 Protection Mechanism Failure
Major Relationships
Minor None
703 Failure to Handle Exceptional Conditions
Major Relationships
Minor None
706 Use of Incorrectly-Resolved Name or Reference
Major Relationships
Minor None
724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
Major Relationships
Minor None
732 Incorrect Permission Assignment for Critical Resource
Major Relationships
Minor None
733 Compiler Optimization Removal or Modification of Security-critical Code
Major References
Minor None
749 Exposed Dangerous Method or Function
Major Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
Minor None
751 2009 Top 25 - Insecure Interaction Between Components
Major Name
Minor None
752 2009 Top 25 - Risky Resource Management
Major Name
Minor None
753 2009 Top 25 - Porous Defenses
Major Name, Relationships
Minor None
754 Improper Check for Unusual or Exceptional Conditions
Major Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships
Minor Applicable_Platforms
759 Use of a One-Way Hash without a Salt
Major References
Minor None
760 Use of a One-Way Hash with a Predictable Salt
Major References
Minor None
770 Allocation of Resources Without Limits or Throttling
Major Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships
Minor None
772 Missing Release of Resource after Effective Lifetime
Major Demonstrative_Examples, Potential_Mitigations, Relationships
Minor None
776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
Major Taxonomy_Mappings
Minor None
784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Major Demonstrative_Examples, References, Relationships
Minor None
787 Out-of-bounds Write
Major Demonstrative_Examples
Minor None
789 Uncontrolled Memory Allocation
Major Taxonomy_Mappings
Minor None
790 Improper Filtering of Special Elements
Major Demonstrative_Examples
Minor None
791 Incomplete Filtering of Special Elements
Major Demonstrative_Examples
Minor None
792 Incomplete Filtering of One or More Instances of Special Elements
Major Demonstrative_Examples
Minor None
793 Only Filtering One Instance of a Special Element
Major Demonstrative_Examples
Minor None
794 Incomplete Filtering of Multiple Instances of Special Elements
Major Demonstrative_Examples
Minor None
1000 Research Concepts
Major Relationships
Minor None
Page Last Updated: January 05, 2017