Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "1.8 Total" lists the total number of relationships
in 1.8. The "Shared" value is the total number of
relationships in entries that were in both 1.8 and 1.7. The
"New" value is the total number of relationships involving
entries that did not exist in 1.7. Thus, the total number of
relationships in 1.8 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
D | N | R |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| | R |
59 |
Improper Link Resolution Before File Access ('Link Following') |
| | R |
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
| | R |
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
| | R |
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
| | R |
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| | R |
88 |
Argument Injection or Modification |
| | R |
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
| | R |
90 |
Failure to Sanitize Data into LDAP Queries ('LDAP Injection') |
| | R |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
| | R |
118 |
Improper Access of Indexable Resource ('Range Error') |
| | R |
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
| | R |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
| | R |
129 |
Improper Validation of Array Index |
D | | R |
130 |
Improper Handling of Length Parameter Inconsistency |
| | R |
131 |
Incorrect Calculation of Buffer Size |
| | R |
134 |
Uncontrolled Format String |
| | R |
183 |
Permissive Whitelist |
| | R |
184 |
Incomplete Blacklist |
| | R |
190 |
Integer Overflow or Wraparound |
| | R |
209 |
Information Exposure Through an Error Message |
D | N | R |
212 |
Improper Cross-boundary Removal of Sensitive Data |
| | R |
216 |
Containment Errors (Container Errors) |
| | R |
227 |
Failure to Fulfill API Contract ('API Abuse') |
| | R |
242 |
Use of Inherently Dangerous Function |
| | R |
247 |
Reliance on DNS Lookups in a Security Decision |
| | R |
254 |
Security Features |
| | R |
255 |
Credentials Management |
| | R |
257 |
Storing Passwords in a Recoverable Format |
D | N | R |
259 |
Use of Hard-coded Password |
| | R |
285 |
Improper Access Control (Authorization) |
| | R |
287 |
Improper Authentication |
D | | |
291 |
Trusting Self-reported IP Address |
| | R |
302 |
Authentication Bypass by Assumed-Immutable Data |
| N | R |
306 |
Missing Authentication for Critical Function |
| N | R |
307 |
Improper Restriction of Excessive Authentication Attempts |
D | | |
308 |
Use of Single-factor Authentication |
D | N | R |
311 |
Missing Encryption of Sensitive Data |
| | R |
321 |
Use of Hard-coded Cryptographic Key |
| | R |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
| | R |
330 |
Use of Insufficiently Random Values |
| | R |
344 |
Use of Invariant Value in Dynamically Changing Context |
| | R |
351 |
Insufficient Type Distinction |
| | R |
352 |
Cross-Site Request Forgery (CSRF) |
D | | |
360 |
Trust of System Event Data |
| | R |
362 |
Race Condition |
| | R |
388 |
Error Handling |
| | R |
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
| | R |
404 |
Improper Resource Shutdown or Release |
| | R |
416 |
Use After Free |
| | R |
425 |
Direct Request ('Forced Browsing') |
| | R |
426 |
Untrusted Search Path |
| N | R |
434 |
Unrestricted Upload of File with Dangerous Type |
| | R |
436 |
Interpretation Conflict |
| | R |
438 |
Behavioral Problems |
D | N | R |
454 |
External Initialization of Trusted Variables or Data Stores |
| | R |
456 |
Missing Initialization |
| | R |
467 |
Use of sizeof() on a Pointer Type |
| | R |
473 |
PHP External Variable Modification |
| | R |
476 |
NULL Pointer Dereference |
| | R |
494 |
Download of Code Without Integrity Check |
| | R |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
| | R |
664 |
Improper Control of a Resource Through its Lifetime |
| | R |
669 |
Incorrect Resource Transfer Between Spheres |
| | R |
671 |
Lack of Administrator Control over Security |
D | N | R |
672 |
Operation on a Resource after Expiration or Release |
| | R |
681 |
Incorrect Conversion between Numeric Types |
| | R |
691 |
Insufficient Control Flow Management |
| | R |
693 |
Protection Mechanism Failure |
| | R |
703 |
Failure to Handle Exceptional Conditions |
| | R |
706 |
Use of Incorrectly-Resolved Name or Reference |
| | R |
724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
| | R |
732 |
Incorrect Permission Assignment for Critical Resource |
| | R |
749 |
Exposed Dangerous Method or Function |
| N | |
751 |
2009 Top 25 - Insecure Interaction Between Components |
| N | |
752 |
2009 Top 25 - Risky Resource Management |
| N | R |
753 |
2009 Top 25 - Porous Defenses |
D | N | R |
754 |
Improper Check for Unusual or Exceptional Conditions |
| | R |
770 |
Allocation of Resources Without Limits or Throttling |
| | R |
772 |
Missing Release of Resource after Effective Lifetime |
| | R |
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
| | R |
1000 |
Research Concepts |
14 |
Compiler Removal of Code to Clear Buffers |
|
Major |
References |
|
Minor |
None |
16 |
Configuration |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
20 |
Improper Input Validation |
|
Major |
Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Research_Gaps, Taxonomy_Mappings, Terminology_Notes, Time_of_Introduction, Weakness_Ordinalities |
|
Minor |
None |
23 |
Relative Path Traversal |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
36 |
Absolute Path Traversal |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Potential_Mitigations, Relationships |
|
Minor |
None |
73 |
External Control of File Name or Path |
|
Major |
Potential_Mitigations |
|
Minor |
None |
74 |
Failure to Sanitize Data into a Different Plane ('Injection') |
|
Major |
Relationships |
|
Minor |
None |
77 |
Improper Sanitization of Special Elements used in a Command ('Command Injection') |
|
Major |
Potential_Mitigations, Relationships |
|
Minor |
None |
78 |
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
79 |
Failure to Preserve Web Page Structure ('Cross-site Scripting') |
|
Major |
Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
88 |
Argument Injection or Modification |
|
Major |
Potential_Mitigations, Relationships, Taxonomy_Mappings |
|
Minor |
None |
89 |
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
90 |
Failure to Sanitize Data into LDAP Queries ('LDAP Injection') |
|
Major |
Relationships, Taxonomy_Mappings |
|
Minor |
None |
91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
93 |
Failure to Sanitize CRLF Sequences ('CRLF Injection') |
|
Major |
Related_Attack_Patterns, Taxonomy_Mappings |
|
Minor |
None |
94 |
Failure to Control Generation of Code ('Code Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
95 |
Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
97 |
Failure to Sanitize Server-Side Includes (SSI) Within a Web Page |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
|
Major |
Alternate_Terms, Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Type |
|
Minor |
Demonstrative_Examples |
113 |
Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
116 |
Improper Encoding or Escaping of Output |
|
Major |
Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings |
|
Minor |
None |
118 |
Improper Access of Indexable Resource ('Range Error') |
|
Major |
Relationships |
|
Minor |
None |
119 |
Failure to Constrain Operations within the Bounds of a Memory Buffer |
|
Major |
Alternate_Terms, Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction, Type |
|
Minor |
None |
121 |
Stack-based Buffer Overflow |
|
Major |
References |
|
Minor |
None |
122 |
Heap-based Buffer Overflow |
|
Major |
References |
|
Minor |
None |
129 |
Improper Validation of Array Index |
|
Major |
Applicable_Platforms, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
|
Minor |
Common_Consequences |
130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Description, Potential_Mitigations, Relationships |
|
Minor |
None |
131 |
Incorrect Calculation of Buffer Size |
|
Major |
Common_Consequences, Demonstrative_Examples, Detection_Factors, Maintenance_Notes, Potential_Mitigations, Related_Attack_Patterns, Relationships |
|
Minor |
None |
134 |
Uncontrolled Format String |
|
Major |
Detection_Factors, References, Relationships, Taxonomy_Mappings |
|
Minor |
Other_Notes |
135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Demonstrative_Examples, References |
|
Minor |
None |
158 |
Failure to Sanitize Null Byte or NUL Character |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
180 |
Incorrect Behavior Order: Validate Before Canonicalize |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
183 |
Permissive Whitelist |
|
Major |
Relationships |
|
Minor |
None |
184 |
Incomplete Blacklist |
|
Major |
Relationships |
|
Minor |
None |
185 |
Incorrect Regular Expression |
|
Major |
References |
|
Minor |
None |
190 |
Integer Overflow or Wraparound |
|
Major |
Applicable_Platforms, Detection_Factors, Functional_Areas, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Terminology_Notes |
|
Minor |
Demonstrative_Examples |
193 |
Off-by-one Error |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
195 |
Signed to Unsigned Conversion Error |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
200 |
Information Exposure |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
205 |
Information Exposure Through Behavioral Discrepancy |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
209 |
Information Exposure Through an Error Message |
|
Major |
Detection_Factors, References, Relationships |
|
Minor |
None |
212 |
Improper Cross-boundary Removal of Sensitive Data |
|
Major |
Applicable_Platforms, Common_Consequences, Description, Name, Observed_Examples, Potential_Mitigations, Relationship_Notes, Relationships, Terminology_Notes |
|
Minor |
None |
216 |
Containment Errors (Container Errors) |
|
Major |
Relationships |
|
Minor |
None |
226 |
Sensitive Information Uncleared Before Release |
|
Major |
Applicable_Platforms, Maintenance_Notes, Relationship_Notes |
|
Minor |
None |
227 |
Failure to Fulfill API Contract ('API Abuse') |
|
Major |
Relationships, Taxonomy_Mappings |
|
Minor |
None |
242 |
Use of Inherently Dangerous Function |
|
Major |
Demonstrative_Examples, References, Relationships |
|
Minor |
None |
247 |
Reliance on DNS Lookups in a Security Decision |
|
Major |
Relationships |
|
Minor |
None |
250 |
Execution with Unnecessary Privileges |
|
Major |
Detection_Factors, Potential_Mitigations, References |
|
Minor |
None |
252 |
Unchecked Return Value |
|
Major |
Demonstrative_Examples, Potential_Mitigations, References |
|
Minor |
None |
254 |
Security Features |
|
Major |
Relationships |
|
Minor |
None |
255 |
Credentials Management |
|
Major |
Relationships |
|
Minor |
None |
257 |
Storing Passwords in a Recoverable Format |
|
Major |
Relationships |
|
Minor |
None |
259 |
Use of Hard-coded Password |
|
Major |
Demonstrative_Examples, Description, Detection_Factors, Name, Potential_Mitigations, Relationships |
|
Minor |
None |
264 |
Permissions, Privileges, and Access Controls |
|
Major |
References |
|
Minor |
None |
270 |
Privilege Context Switching Error |
|
Major |
References |
|
Minor |
None |
280 |
Improper Handling of Insufficient Permissions or Privileges |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
284 |
Access Control (Authorization) Issues |
|
Major |
References, Taxonomy_Mappings |
|
Minor |
None |
285 |
Improper Access Control (Authorization) |
|
Major |
Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships |
|
Minor |
None |
287 |
Improper Authentication |
|
Major |
Alternate_Terms, Detection_Factors, Potential_Mitigations, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
291 |
Trusting Self-reported IP Address |
|
Major |
Description, Other_Notes |
|
Minor |
None |
300 |
Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
302 |
Authentication Bypass by Assumed-Immutable Data |
|
Major |
Potential_Mitigations, Relationships |
|
Minor |
None |
306 |
Missing Authentication for Critical Function |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
|
Minor |
None |
307 |
Improper Restriction of Excessive Authentication Attempts |
|
Major |
Demonstrative_Examples, Name, Potential_Mitigations, Relationships, Taxonomy_Mappings |
|
Minor |
None |
308 |
Use of Single-factor Authentication |
|
Major |
Description, Other_Notes |
|
Minor |
None |
310 |
Cryptographic Issues |
|
Major |
References |
|
Minor |
None |
311 |
Missing Encryption of Sensitive Data |
|
Major |
Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Likelihood_of_Exploit, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships, Taxonomy_Mappings, Time_of_Introduction |
|
Minor |
None |
312 |
Cleartext Storage of Sensitive Information |
|
Major |
References |
|
Minor |
None |
319 |
Cleartext Transmission of Sensitive Information |
|
Major |
References |
|
Minor |
None |
321 |
Use of Hard-coded Cryptographic Key |
|
Major |
Relationships |
|
Minor |
None |
326 |
Inadequate Encryption Strength |
|
Major |
References |
|
Minor |
None |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Detection_Factors, References, Relationships |
|
Minor |
None |
330 |
Use of Insufficiently Random Values |
|
Major |
References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
331 |
Insufficient Entropy |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
340 |
Predictability Problems |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Relationships |
|
Minor |
None |
345 |
Insufficient Verification of Data Authenticity |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
351 |
Insufficient Type Distinction |
|
Major |
Relationships |
|
Minor |
None |
352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Applicable_Platforms, Detection_Factors, References, Relationships, Taxonomy_Mappings |
|
Minor |
None |
359 |
Privacy Violation |
|
Major |
Other_Notes, References |
|
Minor |
None |
360 |
Trust of System Event Data |
|
Major |
Description, Other_Notes |
|
Minor |
None |
362 |
Race Condition |
|
Major |
Detection_Factors, References, Relationships |
|
Minor |
None |
377 |
Insecure Temporary File |
|
Major |
References |
|
Minor |
None |
384 |
Session Fixation |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
388 |
Error Handling |
|
Major |
Relationships |
|
Minor |
None |
393 |
Return of Wrong Status Code |
|
Major |
Other_Notes, Relationship_Notes |
|
Minor |
None |
400 |
Uncontrolled Resource Consumption ('Resource Exhaustion') |
|
Major |
Detection_Factors, Potential_Mitigations, References, Taxonomy_Mappings |
|
Minor |
None |
401 |
Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
|
Major |
Relationships |
|
Minor |
None |
404 |
Improper Resource Shutdown or Release |
|
Major |
Potential_Mitigations, Relationships |
|
Minor |
None |
405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
410 |
Insufficient Resource Pool |
|
Major |
References |
|
Minor |
None |
416 |
Use After Free |
|
Major |
Relationships |
|
Minor |
None |
425 |
Direct Request ('Forced Browsing') |
|
Major |
Relationships, Taxonomy_Mappings |
|
Minor |
None |
426 |
Untrusted Search Path |
|
Major |
References, Relationships |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Alternate_Terms, Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Name, Other_Notes, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships, Type, Weakness_Ordinalities |
|
Minor |
None |
436 |
Interpretation Conflict |
|
Major |
Relationships, Taxonomy_Mappings |
|
Minor |
None |
438 |
Behavioral Problems |
|
Major |
Relationships |
|
Minor |
None |
441 |
Unintended Proxy/Intermediary |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
454 |
External Initialization of Trusted Variables or Data Stores |
|
Major |
Description, Name, Relationships |
|
Minor |
None |
456 |
Missing Initialization |
|
Major |
Relationships |
|
Minor |
None |
467 |
Use of sizeof() on a Pointer Type |
|
Major |
Relationships |
|
Minor |
Potential_Mitigations |
471 |
Modification of Assumed-Immutable Data (MAID) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
473 |
PHP External Variable Modification |
|
Major |
Relationships |
|
Minor |
None |
476 |
NULL Pointer Dereference |
|
Major |
Potential_Mitigations, Relationships |
|
Minor |
None |
494 |
Download of Code Without Integrity Check |
|
Major |
Detection_Factors, References, Relationships |
|
Minor |
None |
507 |
Trojan Horse |
|
Major |
References |
|
Minor |
None |
537 |
Information Leak Through Java Runtime Error Message |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
548 |
Information Leak Through Directory Listing |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
594 |
J2EE Framework: Saving Unserializable Objects to Disk |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
596 |
Incorrect Semantic Object Comparison |
|
Major |
Detection_Factors |
|
Minor |
None |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Applicable_Platforms, Common_Consequences, Detection_Factors, Potential_Mitigations, Related_Attack_Patterns, Relationships, Taxonomy_Mappings |
|
Minor |
None |
602 |
Client-Side Enforcement of Server-Side Security |
|
Major |
References |
|
Minor |
None |
611 |
Information Leak Through XML External Entity File Disclosure |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
612 |
Information Leak Through Indexing of Private Data |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
613 |
Insufficient Session Expiration |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
623 |
Unsafe ActiveX Control Marked Safe For Scripting |
|
Major |
References |
|
Minor |
None |
628 |
Function Call with Incorrectly Specified Arguments |
|
Major |
Detection_Factors |
|
Minor |
None |
639 |
Access Control Bypass Through User-Controlled Key |
|
Major |
None |
|
Minor |
Potential_Mitigations |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
642 |
External Control of Critical State Data |
|
Major |
Potential_Mitigations |
|
Minor |
None |
643 |
Failure to Sanitize Data within XPath Expressions ('XPath injection') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
652 |
Failure to Sanitize Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
664 |
Improper Control of a Resource Through its Lifetime |
|
Major |
Relationships |
|
Minor |
None |
665 |
Improper Initialization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
669 |
Incorrect Resource Transfer Between Spheres |
|
Major |
Relationships |
|
Minor |
None |
671 |
Lack of Administrator Control over Security |
|
Major |
Relationships |
|
Minor |
None |
672 |
Operation on a Resource after Expiration or Release |
|
Major |
Demonstrative_Examples, Description, Name, Relationships |
|
Minor |
None |
676 |
Use of Potentially Dangerous Function |
|
Major |
Demonstrative_Examples, Other_Notes, References, Relationship_Notes |
|
Minor |
None |
681 |
Incorrect Conversion between Numeric Types |
|
Major |
Relationships |
|
Minor |
None |
682 |
Incorrect Calculation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
685 |
Function Call With Incorrect Number of Arguments |
|
Major |
Detection_Factors |
|
Minor |
None |
687 |
Function Call With Incorrectly Specified Argument Value |
|
Major |
Detection_Factors |
|
Minor |
None |
688 |
Function Call With Incorrect Variable or Reference as Argument |
|
Major |
Detection_Factors |
|
Minor |
None |
691 |
Insufficient Control Flow Management |
|
Major |
Relationships, Taxonomy_Mappings |
|
Minor |
None |
693 |
Protection Mechanism Failure |
|
Major |
Relationships |
|
Minor |
None |
703 |
Failure to Handle Exceptional Conditions |
|
Major |
Relationships |
|
Minor |
None |
706 |
Use of Incorrectly-Resolved Name or Reference |
|
Major |
Relationships |
|
Minor |
None |
724 |
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management |
|
Major |
Relationships |
|
Minor |
None |
732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Relationships |
|
Minor |
None |
733 |
Compiler Optimization Removal or Modification of Security-critical Code |
|
Major |
References |
|
Minor |
None |
749 |
Exposed Dangerous Method or Function |
|
Major |
Common_Consequences, Demonstrative_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
|
Minor |
None |
751 |
2009 Top 25 - Insecure Interaction Between Components |
|
Major |
Name |
|
Minor |
None |
752 |
2009 Top 25 - Risky Resource Management |
|
Major |
Name |
|
Minor |
None |
753 |
2009 Top 25 - Porous Defenses |
|
Major |
Name, Relationships |
|
Minor |
None |
754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Background_Details, Common_Consequences, Demonstrative_Examples, Description, Detection_Factors, Name, Observed_Examples, Potential_Mitigations, References, Related_Attack_Patterns, Relationship_Notes, Relationships |
|
Minor |
Applicable_Platforms |
759 |
Use of a One-Way Hash without a Salt |
|
Major |
References |
|
Minor |
None |
760 |
Use of a One-Way Hash with a Predictable Salt |
|
Major |
References |
|
Minor |
None |
770 |
Allocation of Resources Without Limits or Throttling |
|
Major |
Common_Consequences, Detection_Factors, Potential_Mitigations, References, Related_Attack_Patterns, Relationships |
|
Minor |
None |
772 |
Missing Release of Resource after Effective Lifetime |
|
Major |
Demonstrative_Examples, Potential_Mitigations, Relationships |
|
Minor |
None |
776 |
Unrestricted Recursive Entity References in DTDs ('XML Bomb') |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
784 |
Reliance on Cookies without Validation and Integrity Checking in a Security Decision |
|
Major |
Demonstrative_Examples, References, Relationships |
|
Minor |
None |
787 |
Out-of-bounds Write |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
789 |
Uncontrolled Memory Allocation |
|
Major |
Taxonomy_Mappings |
|
Minor |
None |
790 |
Improper Filtering of Special Elements |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
791 |
Incomplete Filtering of Special Elements |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
792 |
Incomplete Filtering of One or More Instances of Special Elements |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
793 |
Only Filtering One Instance of a Special Element |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
794 |
Incomplete Filtering of Multiple Instances of Special Elements |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
1000 |
Research Concepts |
|
Major |
Relationships |
|
Minor |
None |