Spoofing of UDDI/ebXML Messages |
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
Application API Message Manipulation via Man-in-the-Middle |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Cache Poisoning |
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-348
|
Use of Less Trusted Source
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CWE-441
|
Unintended Proxy or Intermediary ('Confused Deputy')
|
|
Application API Button Hijacking |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Application API Navigation Remapping |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
JSON Hijacking (aka JavaScript Hijacking) |
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
Transaction or Event Tampering via Application API Manipulation |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
Navigation Remapping To Propagate Malicious Content |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
DNS Cache Poisoning |
CWE-345
|
Insufficient Verification of Data Authenticity
|
CWE-346
|
Origin Validation Error
|
CWE-348
|
Use of Less Trusted Source
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
CWE-441
|
Unintended Proxy or Intermediary ('Confused Deputy')
|
|
Content Spoofing |
CWE-345
|
Insufficient Verification of Data Authenticity
|
|