Any change with respect to whitespace is ignored. "Minor"
changes are text changes that only affect capitalization and
punctuation. Most other changes are marked as "Major."
Simple schema changes are treated as Minor, such as the change from
AffectedResource to Affected_Resource in Draft 8, or the relationship
name change from "IsRequiredBy" to "RequiredBy" in
Version 1.0. For each mutual relationship between nodes A and B (such
as ParentOf and ChildOf), a relationship change is noted for both A
and B.
The "Version 2.3 Total" lists the total number of relationships
in Version 2.3. The "Shared" value is the total number of
relationships in entries that were in both Version 2.3 and Version 2.2. The
"New" value is the total number of relationships involving
entries that did not exist in Version 2.2. Thus, the total number of
relationships in Version 2.3 would combine stats from Shared entries and
New entries.
A node change is labeled "important" if it is a major field change and
the field is critical to the meaning of the node. The critical fields
are description, name, and relationships.
5 |
J2EE Misconfiguration: Data Transmission Without Encryption |
|
Major |
Potential_Mitigations |
|
Minor |
None |
6 |
J2EE Misconfiguration: Insufficient Session-ID Length |
|
Major |
Potential_Mitigations |
|
Minor |
None |
7 |
J2EE Misconfiguration: Missing Custom Error Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
8 |
J2EE Misconfiguration: Entity Bean Declared Remote |
|
Major |
Potential_Mitigations |
|
Minor |
None |
9 |
J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
|
Major |
Potential_Mitigations |
|
Minor |
None |
12 |
ASP.NET Misconfiguration: Missing Custom Error Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
13 |
ASP.NET Misconfiguration: Password in Configuration File |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
15 |
External Control of System or Configuration Setting |
|
Major |
Potential_Mitigations |
|
Minor |
None |
20 |
Improper Input Validation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
22 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
36 |
Absolute Path Traversal |
|
Major |
Potential_Mitigations |
|
Minor |
None |
41 |
Improper Resolution of Path Equivalence |
|
Major |
Potential_Mitigations |
|
Minor |
None |
42 |
Path Equivalence: 'filename.' (Trailing Dot) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
43 |
Path Equivalence: 'filename....' (Multiple Trailing Dot) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
44 |
Path Equivalence: 'file.name' (Internal Dot) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
45 |
Path Equivalence: 'file...name' (Multiple Internal Dot) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
46 |
Path Equivalence: 'filename ' (Trailing Space) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
47 |
Path Equivalence: ' filename' (Leading Space) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
48 |
Path Equivalence: 'file name' (Internal Whitespace) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
49 |
Path Equivalence: 'filename/' (Trailing Slash) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
50 |
Path Equivalence: '//multiple/leading/slash' |
|
Major |
Potential_Mitigations |
|
Minor |
None |
51 |
Path Equivalence: '/multiple//internal/slash' |
|
Major |
Potential_Mitigations |
|
Minor |
None |
52 |
Path Equivalence: '/multiple/trailing/slash//' |
|
Major |
Potential_Mitigations |
|
Minor |
None |
53 |
Path Equivalence: '\multiple\\internal\backslash' |
|
Major |
Potential_Mitigations |
|
Minor |
None |
54 |
Path Equivalence: 'filedir\' (Trailing Backslash) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
55 |
Path Equivalence: '/./' (Single Dot Directory) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
56 |
Path Equivalence: 'filedir*' (Wildcard) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
57 |
Path Equivalence: 'fakedir/../realdir/filename' |
|
Major |
Potential_Mitigations |
|
Minor |
None |
58 |
Path Equivalence: Windows 8.3 Filename |
|
Major |
Potential_Mitigations |
|
Minor |
None |
59 |
Improper Link Resolution Before File Access ('Link Following') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
61 |
UNIX Symbolic Link (Symlink) Following |
|
Major |
Potential_Mitigations |
|
Minor |
None |
62 |
UNIX Hard Link |
|
Major |
Potential_Mitigations |
|
Minor |
None |
64 |
Windows Shortcut Following (.LNK) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
65 |
Windows Hard Link |
|
Major |
Potential_Mitigations |
|
Minor |
None |
67 |
Improper Handling of Windows Device Names |
|
Major |
Potential_Mitigations |
|
Minor |
None |
69 |
Improper Handling of Windows ::DATA Alternate Data Stream |
|
Major |
Potential_Mitigations |
|
Minor |
None |
73 |
External Control of File Name or Path |
|
Major |
Potential_Mitigations |
|
Minor |
None |
74 |
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
75 |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
76 |
Improper Neutralization of Equivalent Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
77 |
Improper Neutralization of Special Elements used in a Command ('Command Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
78 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') |
|
Major |
Observed_Examples, Potential_Mitigations |
|
Minor |
None |
79 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
80 |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
81 |
Improper Neutralization of Script in an Error Message Web Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
82 |
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
83 |
Improper Neutralization of Script in Attributes in a Web Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
84 |
Improper Neutralization of Encoded URI Schemes in a Web Page |
|
Major |
Potential_Mitigations |
|
Minor |
None |
85 |
Doubled Character XSS Manipulations |
|
Major |
Potential_Mitigations |
|
Minor |
None |
86 |
Improper Neutralization of Invalid Characters in Identifiers in Web Pages |
|
Major |
Potential_Mitigations |
|
Minor |
None |
87 |
Improper Neutralization of Alternate XSS Syntax |
|
Major |
Potential_Mitigations |
|
Minor |
None |
88 |
Argument Injection or Modification |
|
Major |
Potential_Mitigations |
|
Minor |
None |
89 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
90 |
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
91 |
XML Injection (aka Blind XPath Injection) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
93 |
Improper Neutralization of CRLF Sequences ('CRLF Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
94 |
Improper Control of Generation of Code ('Code Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
95 |
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
96 |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
98 |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
103 |
Struts: Incomplete validate() Method Definition |
|
Major |
Potential_Mitigations |
|
Minor |
None |
104 |
Struts: Form Bean Does Not Extend Validation Class |
|
Major |
Potential_Mitigations |
|
Minor |
None |
105 |
Struts: Form Field Without Validator |
|
Major |
Potential_Mitigations |
|
Minor |
None |
107 |
Struts: Unused Validation Form |
|
Major |
Potential_Mitigations |
|
Minor |
None |
108 |
Struts: Unvalidated Action Form |
|
Major |
Potential_Mitigations |
|
Minor |
None |
109 |
Struts: Validator Turned Off |
|
Major |
Potential_Mitigations |
|
Minor |
None |
113 |
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
116 |
Improper Encoding or Escaping of Output |
|
Major |
Potential_Mitigations |
|
Minor |
None |
117 |
Improper Output Neutralization for Logs |
|
Major |
Potential_Mitigations |
|
Minor |
None |
119 |
Improper Restriction of Operations within the Bounds of a Memory Buffer |
|
Major |
Potential_Mitigations |
|
Minor |
None |
120 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
121 |
Stack-based Buffer Overflow |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
122 |
Heap-based Buffer Overflow |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
123 |
Write-what-where Condition |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
129 |
Improper Validation of Array Index |
|
Major |
Potential_Mitigations |
|
Minor |
None |
130 |
Improper Handling of Length Parameter Inconsistency |
|
Major |
Potential_Mitigations |
|
Minor |
None |
131 |
Incorrect Calculation of Buffer Size |
|
Major |
Potential_Mitigations |
|
Minor |
None |
135 |
Incorrect Calculation of Multi-Byte String Length |
|
Major |
Potential_Mitigations |
|
Minor |
None |
140 |
Improper Neutralization of Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
141 |
Improper Neutralization of Parameter/Argument Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
142 |
Improper Neutralization of Value Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
143 |
Improper Neutralization of Record Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
144 |
Improper Neutralization of Line Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
145 |
Improper Neutralization of Section Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
146 |
Improper Neutralization of Expression/Command Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
147 |
Improper Neutralization of Input Terminators |
|
Major |
Potential_Mitigations |
|
Minor |
None |
148 |
Improper Neutralization of Input Leaders |
|
Major |
Potential_Mitigations |
|
Minor |
None |
149 |
Improper Neutralization of Quoting Syntax |
|
Major |
Potential_Mitigations |
|
Minor |
None |
150 |
Improper Neutralization of Escape, Meta, or Control Sequences |
|
Major |
Potential_Mitigations |
|
Minor |
None |
151 |
Improper Neutralization of Comment Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
152 |
Improper Neutralization of Macro Symbols |
|
Major |
Potential_Mitigations |
|
Minor |
None |
153 |
Improper Neutralization of Substitution Characters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
154 |
Improper Neutralization of Variable Name Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
155 |
Improper Neutralization of Wildcards or Matching Symbols |
|
Major |
Potential_Mitigations |
|
Minor |
None |
156 |
Improper Neutralization of Whitespace |
|
Major |
Potential_Mitigations |
|
Minor |
None |
157 |
Failure to Sanitize Paired Delimiters |
|
Major |
Potential_Mitigations |
|
Minor |
None |
158 |
Improper Neutralization of Null Byte or NUL Character |
|
Major |
Potential_Mitigations |
|
Minor |
None |
159 |
Failure to Sanitize Special Element |
|
Major |
Potential_Mitigations |
|
Minor |
None |
160 |
Improper Neutralization of Leading Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
161 |
Improper Neutralization of Multiple Leading Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
162 |
Improper Neutralization of Trailing Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
163 |
Improper Neutralization of Multiple Trailing Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
164 |
Improper Neutralization of Internal Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
165 |
Improper Neutralization of Multiple Internal Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
166 |
Improper Handling of Missing Special Element |
|
Major |
Potential_Mitigations |
|
Minor |
None |
167 |
Improper Handling of Additional Special Element |
|
Major |
Potential_Mitigations |
|
Minor |
None |
168 |
Improper Handling of Inconsistent Special Elements |
|
Major |
Potential_Mitigations |
|
Minor |
None |
171 |
Cleansing, Canonicalization, and Comparison Errors |
|
Major |
Potential_Mitigations |
|
Minor |
None |
172 |
Encoding Error |
|
Major |
Potential_Mitigations |
|
Minor |
None |
173 |
Improper Handling of Alternate Encoding |
|
Major |
Potential_Mitigations |
|
Minor |
None |
174 |
Double Decoding of the Same Data |
|
Major |
Potential_Mitigations |
|
Minor |
None |
175 |
Improper Handling of Mixed Encoding |
|
Major |
Potential_Mitigations |
|
Minor |
None |
176 |
Improper Handling of Unicode Encoding |
|
Major |
Potential_Mitigations |
|
Minor |
None |
177 |
Improper Handling of URL Encoding (Hex Encoding) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
178 |
Improper Handling of Case Sensitivity |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
181 |
Incorrect Behavior Order: Validate Before Filter |
|
Major |
Potential_Mitigations |
|
Minor |
None |
182 |
Collapse of Data into Unsafe Value |
|
Major |
Potential_Mitigations |
|
Minor |
None |
185 |
Incorrect Regular Expression |
|
Major |
Potential_Mitigations |
|
Minor |
None |
187 |
Partial Comparison |
|
Major |
Potential_Mitigations |
|
Minor |
None |
188 |
Reliance on Data/Memory Layout |
|
Major |
Potential_Mitigations |
|
Minor |
None |
190 |
Integer Overflow or Wraparound |
|
Major |
Potential_Mitigations |
|
Minor |
None |
192 |
Integer Coercion Error |
|
Major |
Potential_Mitigations |
|
Minor |
None |
196 |
Unsigned to Signed Conversion Error |
|
Major |
Potential_Mitigations |
|
Minor |
None |
200 |
Information Exposure |
|
Major |
Potential_Mitigations |
|
Minor |
None |
201 |
Information Exposure Through Sent Data |
|
Major |
Potential_Mitigations |
|
Minor |
None |
203 |
Information Exposure Through Discrepancy |
|
Major |
Potential_Mitigations |
|
Minor |
None |
204 |
Response Discrepancy Information Exposure |
|
Major |
Potential_Mitigations |
|
Minor |
None |
205 |
Information Exposure Through Behavioral Discrepancy |
|
Major |
Potential_Mitigations |
|
Minor |
None |
206 |
Information Exposure of Internal State Through Behavioral Inconsistency |
|
Major |
Potential_Mitigations |
|
Minor |
None |
207 |
Information Exposure Through an External Behavioral Inconsistency |
|
Major |
Potential_Mitigations |
|
Minor |
None |
210 |
Information Exposure Through Self-generated Error Message |
|
Major |
Name, Potential_Mitigations |
|
Minor |
None |
211 |
Information Exposure Through Externally-generated Error Message |
|
Major |
Name |
|
Minor |
None |
212 |
Improper Cross-boundary Removal of Sensitive Data |
|
Major |
Potential_Mitigations |
|
Minor |
None |
213 |
Intentional Information Exposure |
|
Major |
Potential_Mitigations |
|
Minor |
None |
214 |
Information Exposure Through Process Environment |
|
Major |
Potential_Mitigations |
|
Minor |
None |
215 |
Information Exposure Through Debug Information |
|
Major |
Potential_Mitigations |
|
Minor |
None |
216 |
Containment Errors (Container Errors) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
219 |
Sensitive Data Under Web Root |
|
Major |
Potential_Mitigations |
|
Minor |
None |
220 |
Sensitive Data Under FTP Root |
|
Major |
Potential_Mitigations |
|
Minor |
None |
224 |
Obscured Security-relevant Information by Alternate Name |
|
Major |
Potential_Mitigations |
|
Minor |
None |
227 |
Improper Fulfillment of API Contract ('API Abuse') |
|
Major |
Observed_Examples, Potential_Mitigations |
|
Minor |
None |
241 |
Improper Handling of Unexpected Data Type |
|
Major |
Potential_Mitigations |
|
Minor |
None |
242 |
Use of Inherently Dangerous Function |
|
Major |
Potential_Mitigations |
|
Minor |
None |
246 |
J2EE Bad Practices: Direct Use of Sockets |
|
Major |
Potential_Mitigations |
|
Minor |
None |
250 |
Execution with Unnecessary Privileges |
|
Major |
Potential_Mitigations |
|
Minor |
None |
253 |
Incorrect Check of Function Return Value |
|
Major |
Potential_Mitigations |
|
Minor |
None |
256 |
Plaintext Storage of a Password |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
257 |
Storing Passwords in a Recoverable Format |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
259 |
Use of Hard-coded Password |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
260 |
Password in Configuration File |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
264 |
Permissions, Privileges, and Access Controls |
|
Major |
Potential_Mitigations |
|
Minor |
None |
265 |
Privilege / Sandbox Issues |
|
Major |
Potential_Mitigations |
|
Minor |
None |
266 |
Incorrect Privilege Assignment |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
267 |
Privilege Defined With Unsafe Actions |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
268 |
Privilege Chaining |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
269 |
Improper Privilege Management |
|
Major |
Potential_Mitigations |
|
Minor |
None |
270 |
Privilege Context Switching Error |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
271 |
Privilege Dropping / Lowering Errors |
|
Major |
Potential_Mitigations |
|
Minor |
None |
272 |
Least Privilege Violation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
273 |
Improper Check for Dropped Privileges |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
276 |
Incorrect Default Permissions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
277 |
Insecure Inherited Permissions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
278 |
Insecure Preserved Inherited Permissions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
279 |
Incorrect Execution-Assigned Permissions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
280 |
Improper Handling of Insufficient Permissions or Privileges |
|
Major |
Potential_Mitigations |
|
Minor |
None |
283 |
Unverified Ownership |
|
Major |
Potential_Mitigations |
|
Minor |
None |
284 |
Improper Access Control |
|
Major |
Potential_Mitigations |
|
Minor |
None |
285 |
Improper Authorization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
288 |
Authentication Bypass Using an Alternate Path or Channel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
289 |
Authentication Bypass by Alternate Name |
|
Major |
Potential_Mitigations |
|
Minor |
None |
293 |
Using Referer Field for Authentication |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
300 |
Channel Accessible by Non-Endpoint ('Man-in-the-Middle') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
306 |
Missing Authentication for Critical Function |
|
Major |
Potential_Mitigations |
|
Minor |
None |
308 |
Use of Single-factor Authentication |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
309 |
Use of Password System for Primary Authentication |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
311 |
Missing Encryption of Sensitive Data |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
323 |
Reusing a Nonce, Key Pair in Encryption |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
324 |
Use of a Key Past its Expiration Date |
|
Major |
Potential_Mitigations |
|
Minor |
None |
327 |
Use of a Broken or Risky Cryptographic Algorithm |
|
Major |
Potential_Mitigations |
|
Minor |
None |
328 |
Reversible One-Way Hash |
|
Major |
Demonstrative_Examples, Potential_Mitigations, References |
|
Minor |
None |
329 |
Not Using a Random IV with CBC Mode |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
331 |
Insufficient Entropy |
|
Major |
Potential_Mitigations |
|
Minor |
None |
333 |
Improper Handling of Insufficient Entropy in TRNG |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
334 |
Small Space of Random Values |
|
Major |
Potential_Mitigations |
|
Minor |
None |
337 |
Predictable Seed in PRNG |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
338 |
Use of Cryptographically Weak PRNG |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
339 |
Small Seed Space in PRNG |
|
Major |
Potential_Mitigations |
|
Minor |
None |
341 |
Predictable from Observable State |
|
Major |
Potential_Mitigations |
|
Minor |
None |
342 |
Predictable Exact Value from Previous Values |
|
Major |
Potential_Mitigations |
|
Minor |
None |
343 |
Predictable Value Range from Previous Values |
|
Major |
Potential_Mitigations |
|
Minor |
None |
344 |
Use of Invariant Value in Dynamically Changing Context |
|
Major |
Potential_Mitigations |
|
Minor |
None |
352 |
Cross-Site Request Forgery (CSRF) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
353 |
Missing Support for Integrity Check |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
360 |
Trust of System Event Data |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
367 |
Time-of-check Time-of-use (TOCTOU) Race Condition |
|
Major |
Potential_Mitigations |
|
Minor |
None |
375 |
Returning a Mutable Object to an Untrusted Caller |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
378 |
Creation of Temporary File With Insecure Permissions |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
379 |
Creation of Temporary File in Directory with Incorrect Permissions |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
383 |
J2EE Bad Practices: Direct Use of Threads |
|
Major |
Potential_Mitigations |
|
Minor |
None |
384 |
Session Fixation |
|
Major |
Potential_Mitigations |
|
Minor |
Description |
391 |
Unchecked Error Condition |
|
Major |
Potential_Mitigations |
|
Minor |
None |
395 |
Use of NullPointerException Catch to Detect NULL Pointer Dereference |
|
Major |
Potential_Mitigations |
|
Minor |
None |
401 |
Improper Release of Memory Before Removing Last Reference ('Memory Leak') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
405 |
Asymmetric Resource Consumption (Amplification) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
406 |
Insufficient Control of Network Message Volume (Network Amplification) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
410 |
Insufficient Resource Pool |
|
Major |
Potential_Mitigations |
|
Minor |
None |
413 |
Improper Resource Locking |
|
Major |
Potential_Mitigations |
|
Minor |
None |
414 |
Missing Lock Check |
|
Major |
Potential_Mitigations |
|
Minor |
None |
419 |
Unprotected Primary Channel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
420 |
Unprotected Alternate Channel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
421 |
Race Condition During Access to Alternate Channel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
422 |
Unprotected Windows Messaging Channel ('Shatter') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
424 |
Improper Protection of Alternate Path |
|
Major |
Potential_Mitigations |
|
Minor |
None |
425 |
Direct Request ('Forced Browsing') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
428 |
Unquoted Search Path or Element |
|
Major |
Potential_Mitigations |
|
Minor |
None |
430 |
Deployment of Wrong Handler |
|
Major |
Potential_Mitigations |
|
Minor |
None |
433 |
Unparsed Raw Web Content Delivery |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
434 |
Unrestricted Upload of File with Dangerous Type |
|
Major |
Potential_Mitigations |
|
Minor |
None |
441 |
Unintended Proxy/Intermediary |
|
Major |
Potential_Mitigations |
|
Minor |
None |
444 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
447 |
Unimplemented or Unsupported Feature in UI |
|
Major |
Potential_Mitigations |
|
Minor |
None |
448 |
Obsolete Feature in UI |
|
Major |
Potential_Mitigations |
|
Minor |
None |
449 |
The UI Performs the Wrong Action |
|
Major |
Potential_Mitigations |
|
Minor |
None |
451 |
UI Misrepresentation of Critical Information |
|
Major |
Potential_Mitigations |
|
Minor |
None |
453 |
Insecure Default Variable Initialization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
454 |
External Initialization of Trusted Variables or Data Stores |
|
Major |
Potential_Mitigations |
|
Minor |
None |
455 |
Non-exit on Failed Initialization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
456 |
Missing Initialization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
457 |
Use of Uninitialized Variable |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
459 |
Incomplete Cleanup |
|
Major |
Potential_Mitigations |
|
Minor |
None |
463 |
Deletion of Data Structure Sentinel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
464 |
Addition of Data Structure Sentinel |
|
Major |
Potential_Mitigations |
|
Minor |
None |
466 |
Return of Pointer Value Outside of Expected Range |
|
Major |
Potential_Mitigations |
|
Minor |
None |
468 |
Incorrect Pointer Scaling |
|
Major |
Potential_Mitigations |
|
Minor |
None |
469 |
Use of Pointer Subtraction to Determine Size |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
473 |
PHP External Variable Modification |
|
Major |
Potential_Mitigations |
|
Minor |
None |
474 |
Use of Function with Inconsistent Implementations |
|
Major |
Potential_Mitigations |
|
Minor |
None |
477 |
Use of Obsolete Functions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
479 |
Signal Handler Use of a Non-reentrant Function |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
480 |
Use of Incorrect Operator |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
481 |
Assigning instead of Comparing |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
482 |
Comparing instead of Assigning |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
484 |
Omitted Break Statement in Switch |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
485 |
Insufficient Encapsulation |
|
Major |
Potential_Mitigations, Terminology_Notes |
|
Minor |
None |
487 |
Reliance on Package-level Scope |
|
Major |
Potential_Mitigations |
|
Minor |
None |
488 |
Exposure of Data Element to Wrong Session |
|
Major |
Potential_Mitigations |
|
Minor |
None |
489 |
Leftover Debug Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
491 |
Public cloneable() Method Without Final ('Object Hijack') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
494 |
Download of Code Without Integrity Check |
|
Major |
Potential_Mitigations |
|
Minor |
None |
495 |
Private Array-Typed Field Returned From A Public Method |
|
Major |
Potential_Mitigations |
|
Minor |
None |
496 |
Public Data Assigned to Private Array-Typed Field |
|
Major |
Potential_Mitigations |
|
Minor |
None |
497 |
Exposure of System Data to an Unauthorized Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
499 |
Serializable Class Containing Sensitive Data |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
500 |
Public Static Field Not Marked Final |
|
Major |
Demonstrative_Examples, Description, Potential_Mitigations |
|
Minor |
None |
502 |
Deserialization of Untrusted Data |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
506 |
Embedded Malicious Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
507 |
Trojan Horse |
|
Major |
Potential_Mitigations |
|
Minor |
None |
508 |
Non-Replicating Malicious Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
509 |
Replicating Malicious Code (Virus or Worm) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
510 |
Trapdoor |
|
Major |
Potential_Mitigations |
|
Minor |
None |
511 |
Logic/Time Bomb |
|
Major |
Potential_Mitigations |
|
Minor |
None |
512 |
Spyware |
|
Major |
Potential_Mitigations |
|
Minor |
None |
520 |
.NET Misconfiguration: Use of Impersonation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
522 |
Insufficiently Protected Credentials |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
523 |
Unprotected Transport of Credentials |
|
Major |
Potential_Mitigations |
|
Minor |
None |
524 |
Information Exposure Through Caching |
|
Major |
Potential_Mitigations |
|
Minor |
None |
525 |
Information Exposure Through Browser Caching |
|
Major |
Potential_Mitigations |
|
Minor |
None |
526 |
Information Exposure Through Environmental Variables |
|
Major |
Potential_Mitigations |
|
Minor |
None |
527 |
Exposure of CVS Repository to an Unauthorized Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
528 |
Exposure of Core Dump File to an Unauthorized Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
529 |
Exposure of Access Control List Files to an Unauthorized Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
530 |
Exposure of Backup File to an Unauthorized Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
531 |
Information Exposure Through Test Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
533 |
Information Exposure Through Server Log Files |
|
Major |
Potential_Mitigations |
|
Minor |
None |
534 |
Information Exposure Through Debug Log Files |
|
Major |
Potential_Mitigations |
|
Minor |
None |
535 |
Information Exposure Through Shell Error Message |
|
Major |
Potential_Mitigations |
|
Minor |
None |
536 |
Information Exposure Through Servlet Runtime Error Message |
|
Major |
Potential_Mitigations |
|
Minor |
None |
538 |
File and Directory Information Exposure |
|
Major |
Potential_Mitigations |
|
Minor |
None |
539 |
Information Exposure Through Persistent Cookies |
|
Major |
Potential_Mitigations |
|
Minor |
None |
540 |
Information Exposure Through Source Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
541 |
Information Exposure Through Include Source Code |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
542 |
Information Exposure Through Cleanup Log Files |
|
Major |
Potential_Mitigations |
|
Minor |
None |
545 |
Use of Dynamic Class Loading |
|
Major |
Potential_Mitigations |
|
Minor |
None |
546 |
Suspicious Comment |
|
Major |
Potential_Mitigations |
|
Minor |
None |
547 |
Use of Hard-coded, Security-relevant Constants |
|
Major |
Potential_Mitigations |
|
Minor |
None |
548 |
Information Exposure Through Directory Listing |
|
Major |
Potential_Mitigations |
|
Minor |
None |
549 |
Missing Password Field Masking |
|
Major |
Potential_Mitigations |
|
Minor |
None |
550 |
Information Exposure Through Server Error Message |
|
Major |
Potential_Mitigations |
|
Minor |
None |
551 |
Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
553 |
Command Shell in Externally Accessible Directory |
|
Major |
Potential_Mitigations |
|
Minor |
None |
554 |
ASP.NET Misconfiguration: Not Using Input Validation Framework |
|
Major |
Potential_Mitigations |
|
Minor |
None |
555 |
J2EE Misconfiguration: Plaintext Password in Configuration File |
|
Major |
Potential_Mitigations |
|
Minor |
None |
556 |
ASP.NET Misconfiguration: Use of Identity Impersonation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
558 |
Use of getlogin() in Multithreaded Application |
|
Major |
Potential_Mitigations |
|
Minor |
None |
560 |
Use of umask() with chmod-style Argument |
|
Major |
Potential_Mitigations |
|
Minor |
None |
561 |
Dead Code |
|
Major |
Potential_Mitigations |
|
Minor |
None |
562 |
Return of Stack Variable Address |
|
Major |
Potential_Mitigations |
|
Minor |
None |
563 |
Unused Variable |
|
Major |
Potential_Mitigations |
|
Minor |
None |
564 |
SQL Injection: Hibernate |
|
Major |
Potential_Mitigations |
|
Minor |
None |
567 |
Unsynchronized Access to Shared Data in a Multithreaded Context |
|
Major |
Potential_Mitigations |
|
Minor |
None |
568 |
finalize() Method Without super.finalize() |
|
Major |
Potential_Mitigations |
|
Minor |
None |
572 |
Call to Thread run() instead of start() |
|
Major |
Potential_Mitigations |
|
Minor |
None |
574 |
EJB Bad Practices: Use of Synchronization Primitives |
|
Major |
Potential_Mitigations |
|
Minor |
None |
576 |
EJB Bad Practices: Use of Java I/O |
|
Major |
Potential_Mitigations |
|
Minor |
None |
579 |
J2EE Bad Practices: Non-serializable Object Stored in Session |
|
Major |
Potential_Mitigations |
|
Minor |
None |
581 |
Object Model Violation: Just One of Equals and Hashcode Defined |
|
Major |
Potential_Mitigations |
|
Minor |
None |
582 |
Array Declared Public, Final, and Static |
|
Major |
Potential_Mitigations |
|
Minor |
None |
583 |
finalize() Method Declared Public |
|
Major |
Potential_Mitigations |
|
Minor |
None |
584 |
Return Inside Finally Block |
|
Major |
Potential_Mitigations |
|
Minor |
None |
586 |
Explicit Call to Finalize() |
|
Major |
Potential_Mitigations |
|
Minor |
None |
588 |
Attempt to Access Child of a Non-structure Pointer |
|
Major |
Potential_Mitigations |
|
Minor |
None |
589 |
Call to Non-ubiquitous API |
|
Major |
Potential_Mitigations |
|
Minor |
None |
590 |
Free of Memory not on the Heap |
|
Major |
Potential_Mitigations |
|
Minor |
None |
594 |
J2EE Framework: Saving Unserializable Objects to Disk |
|
Major |
Potential_Mitigations |
|
Minor |
None |
595 |
Comparison of Object References Instead of Object Contents |
|
Major |
Potential_Mitigations |
|
Minor |
None |
598 |
Information Exposure Through Query Strings in GET Request |
|
Major |
Potential_Mitigations |
|
Minor |
None |
600 |
Uncaught Exception in Servlet |
|
Major |
Potential_Mitigations |
|
Minor |
None |
601 |
URL Redirection to Untrusted Site ('Open Redirect') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
603 |
Use of Client-Side Authentication |
|
Major |
Potential_Mitigations |
|
Minor |
None |
605 |
Multiple Binds to the Same Port |
|
Major |
Potential_Mitigations |
|
Minor |
None |
606 |
Unchecked Input for Loop Condition |
|
Major |
Potential_Mitigations |
|
Minor |
None |
607 |
Public Static Final Field References Mutable Object |
|
Major |
Potential_Mitigations |
|
Minor |
None |
608 |
Struts: Non-private Field in ActionForm Class |
|
Major |
Potential_Mitigations |
|
Minor |
None |
609 |
Double-Checked Locking |
|
Major |
Potential_Mitigations |
|
Minor |
None |
613 |
Insufficient Session Expiration |
|
Major |
Potential_Mitigations |
|
Minor |
None |
614 |
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute |
|
Major |
Potential_Mitigations |
|
Minor |
None |
615 |
Information Exposure Through Comments |
|
Major |
Potential_Mitigations |
|
Minor |
None |
616 |
Incomplete Identification of Uploaded File Variables (PHP) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
617 |
Reachable Assertion |
|
Major |
Potential_Mitigations |
|
Minor |
None |
618 |
Exposed Unsafe ActiveX Method |
|
Major |
Potential_Mitigations |
|
Minor |
None |
619 |
Dangling Database Cursor ('Cursor Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
620 |
Unverified Password Change |
|
Major |
Potential_Mitigations |
|
Minor |
None |
621 |
Variable Extraction Error |
|
Major |
Potential_Mitigations |
|
Minor |
None |
622 |
Improper Validation of Function Hook Arguments |
|
Major |
Name, Potential_Mitigations |
|
Minor |
None |
623 |
Unsafe ActiveX Control Marked Safe For Scripting |
|
Major |
Potential_Mitigations |
|
Minor |
None |
624 |
Executable Regular Expression Error |
|
Major |
Potential_Mitigations |
|
Minor |
None |
625 |
Permissive Regular Expression |
|
Major |
Potential_Mitigations |
|
Minor |
None |
626 |
Null Byte Interaction Error (Poison Null Byte) |
|
Major |
Potential_Mitigations |
|
Minor |
None |
627 |
Dynamic Variable Evaluation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
628 |
Function Call with Incorrectly Specified Arguments |
|
Major |
Potential_Mitigations |
|
Minor |
None |
636 |
Not Failing Securely ('Failing Open') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
637 |
Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
638 |
Not Using Complete Mediation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
640 |
Weak Password Recovery Mechanism for Forgotten Password |
|
Major |
Potential_Mitigations |
|
Minor |
None |
641 |
Improper Restriction of Names for Files and Other Resources |
|
Major |
Potential_Mitigations |
|
Minor |
None |
642 |
External Control of Critical State Data |
|
Major |
Potential_Mitigations |
|
Minor |
None |
643 |
Improper Neutralization of Data within XPath Expressions ('XPath Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
644 |
Improper Neutralization of HTTP Headers for Scripting Syntax |
|
Major |
Potential_Mitigations |
|
Minor |
None |
645 |
Overly Restrictive Account Lockout Mechanism |
|
Major |
Potential_Mitigations |
|
Minor |
None |
646 |
Reliance on File Name or Extension of Externally-Supplied File |
|
Major |
Potential_Mitigations |
|
Minor |
None |
648 |
Incorrect Use of Privileged APIs |
|
Major |
Potential_Mitigations |
|
Minor |
None |
649 |
Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
|
Major |
Potential_Mitigations |
|
Minor |
None |
650 |
Trusting HTTP Permission Methods on the Server Side |
|
Major |
Potential_Mitigations |
|
Minor |
None |
652 |
Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') |
|
Major |
Potential_Mitigations |
|
Minor |
None |
653 |
Insufficient Compartmentalization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
654 |
Reliance on a Single Factor in a Security Decision |
|
Major |
Potential_Mitigations |
|
Minor |
None |
655 |
Insufficient Psychological Acceptability |
|
Major |
Potential_Mitigations |
|
Minor |
None |
656 |
Reliance on Security Through Obscurity |
|
Major |
Potential_Mitigations |
|
Minor |
None |
662 |
Improper Synchronization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
664 |
Improper Control of a Resource Through its Lifetime |
|
Major |
Potential_Mitigations |
|
Minor |
None |
666 |
Operation on Resource in Wrong Phase of Lifetime |
|
Major |
Potential_Mitigations |
|
Minor |
None |
667 |
Improper Locking |
|
Major |
Potential_Mitigations |
|
Minor |
None |
674 |
Uncontrolled Recursion |
|
Major |
Potential_Mitigations |
|
Minor |
None |
683 |
Function Call With Incorrect Order of Arguments |
|
Major |
Potential_Mitigations |
|
Minor |
None |
685 |
Function Call With Incorrect Number of Arguments |
|
Major |
Potential_Mitigations |
|
Minor |
None |
686 |
Function Call With Incorrect Argument Type |
|
Major |
Potential_Mitigations |
|
Minor |
None |
687 |
Function Call With Incorrectly Specified Argument Value |
|
Major |
Potential_Mitigations |
|
Minor |
None |
688 |
Function Call With Incorrect Variable or Reference as Argument |
|
Major |
Potential_Mitigations |
|
Minor |
None |
694 |
Use of Multiple Resources with Duplicate Identifier |
|
Major |
Potential_Mitigations |
|
Minor |
None |
695 |
Use of Low-Level Functionality |
|
Major |
Potential_Mitigations |
|
Minor |
None |
698 |
Redirect Without Exit |
|
Major |
Demonstrative_Examples |
|
Minor |
None |
708 |
Incorrect Ownership Assignment |
|
Major |
Observed_Examples, Potential_Mitigations |
|
Minor |
None |
710 |
Coding Standards Violation |
|
Major |
Potential_Mitigations |
|
Minor |
None |
732 |
Incorrect Permission Assignment for Critical Resource |
|
Major |
Potential_Mitigations |
|
Minor |
None |
754 |
Improper Check for Unusual or Exceptional Conditions |
|
Major |
Potential_Mitigations |
|
Minor |
None |
759 |
Use of a One-Way Hash without a Salt |
|
Major |
Demonstrative_Examples, Potential_Mitigations, References |
|
Minor |
None |
760 |
Use of a One-Way Hash with a Predictable Salt |
|
Major |
Potential_Mitigations, References |
|
Minor |
None |
761 |
Free of Pointer not at Start of Buffer |
|
Major |
Potential_Mitigations |
|
Minor |
None |
762 |
Mismatched Memory Management Routines |
|
Major |
Potential_Mitigations |
|
Minor |
None |
763 |
Release of Invalid Pointer or Reference |
|
Major |
Potential_Mitigations |
|
Minor |
None |
770 |
Allocation of Resources Without Limits or Throttling |
|
Major |
Potential_Mitigations |
|
Minor |
None |
771 |
Missing Reference to Active Allocated Resource |
|
Major |
Potential_Mitigations |
|
Minor |
None |
772 |
Missing Release of Resource after Effective Lifetime |
|
Major |
Potential_Mitigations |
|
Minor |
None |
773 |
Missing Reference to Active File Descriptor or Handle |
|
Major |
Potential_Mitigations |
|
Minor |
None |
774 |
Allocation of File Descriptors or Handles Without Limits or Throttling |
|
Major |
Potential_Mitigations |
|
Minor |
None |
775 |
Missing Release of File Descriptor or Handle after Effective Lifetime |
|
Major |
Potential_Mitigations |
|
Minor |
None |
798 |
Use of Hard-coded Credentials |
|
Major |
Demonstrative_Examples, Potential_Mitigations |
|
Minor |
None |
805 |
Buffer Access with Incorrect Length Value |
|
Major |
Potential_Mitigations |
|
Minor |
None |
806 |
Buffer Access Using Size of Source Buffer |
|
Major |
None |
|
Minor |
Potential_Mitigations |
807 |
Reliance on Untrusted Inputs in a Security Decision |
|
Major |
Potential_Mitigations |
|
Minor |
None |
829 |
Inclusion of Functionality from Untrusted Control Sphere |
|
Major |
Potential_Mitigations |
|
Minor |
None |
836 |
Use of Password Hash Instead of Password for Authentication |
|
Major |
Observed_Examples |
|
Minor |
None |
862 |
Missing Authorization |
|
Major |
Potential_Mitigations |
|
Minor |
None |
863 |
Incorrect Authorization |
|
Major |
Potential_Mitigations |
|
Minor |
None |