Session Credential Falsification through Prediction |
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-330
|
Use of Insufficiently Random Values
|
CWE-331
|
Insufficient Entropy
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Fingerprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP SYN Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Timestamp Request |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Port Scanning |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Window Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Passive OS Fingerprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP (ISN) Counter Rate Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Owner Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
File Discovery |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Process Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Reusing Session IDs (aka Session Replay) |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-294
|
Authentication Bypass by Capture-replay
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
Enumerate Mail Exchange (MX) Records |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
ICMP Address Mask Request |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
UDP Ping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP FIN Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP RPC Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Scanning for Vulnerable Software |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
IP (DF) 'Don't Fragment Bit' Echoing Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Initial Window Size Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
ICMP Error Message Quoting Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Shoulder Surfing |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-359
|
Exposure of Private Personal Information to an Unauthorized Actor
|
|
Group Permission Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Timestamp Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Services Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Eavesdropping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Excavation |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-1243
|
Sensitive Non-Volatile Information Not Protected During Debug
|
|
Exploiting Trust in Client |
CWE-20
|
Improper Input Validation
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-287
|
Improper Authentication
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-693
|
Protection Mechanism Failure
|
|
Traceroute Route Enumeration |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
ICMP Information Request |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Null Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
UDP Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
IP ID Sequencing Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP (ISN) Greatest Common Divisor Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Options Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
ICMP Echo Request Ping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Host Discovery |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP SYN Ping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Xmas Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Account Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Subverting Environment Variable Values |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-20
|
Improper Input Validation
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-353
|
Missing Support for Integrity Check
|
|
DNS Zone Transfers |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP ACK Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Active OS Fingerprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Sequence Number Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP (ISN) Sequence Predictability Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Browser Fingerprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Peripheral Footprinting |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Using Slashes in Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-185
|
Incorrect Regular Expression
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Establish Rogue Location |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP ACK Ping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Connect Scan |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Network Topology Mapping |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
IP 'ID' Echoed Byte-Order Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP Congestion Control Flag (ECN) Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
TCP 'RST' Flag Checksum Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
ICMP Error Message Echoing Integrity Probe |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
Identify Shared Files/Directories on System |
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-267
|
Privilege Defined With Unsafe Actions
|
|