Session Credential Falsification through Prediction |
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-330
|
Use of Insufficiently Random Values
|
CWE-331
|
Insufficient Entropy
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Encryption Brute Forcing |
CWE-326
|
Inadequate Encryption Strength
|
CWE-327
|
Use of a Broken or Risky Cryptographic Algorithm
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Using Unpublished Interfaces |
CWE-306
|
Missing Authentication for Critical Function
|
CWE-693
|
Protection Mechanism Failure
|
CWE-695
|
Use of Low-Level Functionality
|
CWE-1242
|
Inclusion of Undocumented Features or Chicken Bits
|
|
Signature Spoofing by Mixing Signed and Unsigned Content |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
|
Utilizing REST's Trust in the System Resource to Obtain Sensitive Data |
CWE-287
|
Improper Authentication
|
CWE-300
|
Channel Accessible by Non-Endpoint
|
CWE-693
|
Protection Mechanism Failure
|
CWE-724
|
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
|
|
Forceful Browsing |
CWE-285
|
Improper Authorization
|
CWE-425
|
Direct Request ('Forced Browsing')
|
CWE-693
|
Protection Mechanism Failure
|
|
Using Malicious Files |
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
CWE-264
|
Permissions, Privileges, and Access Controls
|
CWE-270
|
Privilege Context Switching Error
|
CWE-272
|
Least Privilege Violation
|
CWE-275
|
Permission Issues
|
CWE-282
|
Improper Ownership Management
|
CWE-285
|
Improper Authorization
|
CWE-693
|
Protection Mechanism Failure
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
Exploiting Trust in Client |
CWE-20
|
Improper Input Validation
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-287
|
Improper Authentication
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-693
|
Protection Mechanism Failure
|
|
Escaping a Sandbox by Calling Code in Another Language |
CWE-693
|
Protection Mechanism Failure
|
|
Escaping Virtualization |
CWE-693
|
Protection Mechanism Failure
|
|
Directory Indexing |
CWE-276
|
Incorrect Default Permissions
|
CWE-285
|
Improper Authorization
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel
|
CWE-424
|
Improper Protection of Alternate Path
|
CWE-425
|
Direct Request ('Forced Browsing')
|
CWE-693
|
Protection Mechanism Failure
|
CWE-721
|
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
Poison Web Service Registry |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-285
|
Improper Authorization
|
CWE-693
|
Protection Mechanism Failure
|
|
Sniff Application Code |
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-318
|
Cleartext Storage of Sensitive Information in Executable
|
CWE-319
|
Cleartext Transmission of Sensitive Information
|
CWE-693
|
Protection Mechanism Failure
|
CWE-719
|
OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
|
|
Accessing Functionality Not Properly Constrained by ACLs |
CWE-276
|
Incorrect Default Permissions
|
CWE-285
|
Improper Authorization
|
CWE-434
|
Unrestricted Upload of File with Dangerous Type
|
CWE-693
|
Protection Mechanism Failure
|
CWE-721
|
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
CWE-1191
|
Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
|
CWE-1193
|
Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
|
CWE-1220
|
Insufficient Granularity of Access Control
|
CWE-1224
|
Improper Restriction of Write-Once Bit Fields
|
CWE-1244
|
Improper Access to Sensitive Information Using Debug and Test Interfaces
|
CWE-1252
|
CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
|
CWE-1257
|
Improper Access Control Applied to Mirrored or Aliased Memory Regions
|
CWE-1262
|
Register Interface Allows Software Access to Sensitive Data or Security Settings
|
CWE-1268
|
Policy Privileges are not Assigned Consistently Between Control and Data Agents
|
CWE-1283
|
Mutable Attestation or Measurement Reporting Data
|
CWE-1311
|
Improper Translation of Security Attributes by Fabric Bridge
|
CWE-1312
|
Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
|
CWE-1313
|
Hardware Allows Activation of Test or Debug Logic at Runtime
|
CWE-1314
|
Missing Write Protection for Parametric Data Values
|
CWE-1315
|
Improper Setting of Bus Controlling Capability in Fabric End-point
|
CWE-1318
|
Missing Support for Security Features in On-chip Fabrics or Buses
|
CWE-1320
|
Improper Protection for Out of Bounds Signal Level Alerts
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CWE-1326
|
Missing Immutable Root of Trust in Hardware
|
CWE-1327
|
Binding to an Unrestricted IP Address
|
|
Cross Site Tracing |
CWE-648
|
Incorrect Use of Privileged APIs
|
CWE-693
|
Protection Mechanism Failure
|
|
Manipulating State |
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-371
|
State Issues
|
CWE-372
|
Incomplete Internal State Distinction
|
CWE-693
|
Protection Mechanism Failure
|
CWE-1245
|
Improper Finite State Machines (FSMs) in Hardware Logic
|
CWE-1265
|
Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls
|
CWE-1271
|
Uninitialized Value on Reset for Registers Holding Security Settings
|
|