Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:Comprehensive Categorization: Exposed Resource
Category ID:1403
Vulnerability Mapping:Prohibited
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to exposed resource.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV1400Comprehensive Categorization for Software Assurance Trends
HasMemberDiscouragedC114Process Control
HasMemberAllowedB1282Assumed-Immutable Data is Stored in Writable Memory
HasMemberAllowedB1327Binding to an Unrestricted IP Address
HasMemberAllowedB15External Control of System or Configuration Setting
HasMemberAllowedV219Storage of File with Sensitive Data Under Web Root
HasMemberAllowedV220Storage of File With Sensitive Data Under FTP Root
HasMemberAllowedB374Passing Mutable Objects to an Untrusted Method
HasMemberAllowedB375Returning a Mutable Object to an Untrusted Caller
HasMemberAllowed-with-ReviewC377Insecure Temporary File
HasMemberAllowedB378Creation of Temporary File With Insecure Permissions
HasMemberAllowedB379Creation of Temporary File in Directory with Insecure Permissions
HasMemberAllowed-with-ReviewC402Transmission of Private Resources into a New Sphere ('Resource Leak')
HasMemberAllowedB403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
HasMemberAllowed-with-ReviewB426Untrusted Search Path
HasMemberAllowed-with-ReviewB427Uncontrolled Search Path Element
HasMemberAllowedB428Unquoted Search Path or Element
HasMemberAllowedV433Unparsed Raw Web Content Delivery
HasMemberAllowedB472External Control of Assumed-Immutable Web Parameter
HasMemberAllowedB488Exposure of Data Element to Wrong Session
HasMemberAllowedV491Public cloneable() Method Without Final ('Object Hijack')
HasMemberAllowedV492Use of Inner Class Containing Sensitive Data
HasMemberAllowedV493Critical Public Variable Without Final Modifier
HasMemberAllowedV498Cloneable Class Containing Sensitive Information
HasMemberAllowedV499Serializable Class Containing Sensitive Data
HasMemberAllowedV500Public Static Field Not Marked Final
HasMemberAllowedB524Use of Cache Containing Sensitive Information
HasMemberAllowedV525Use of Web Browser Cache Containing Sensitive Information
HasMemberAllowedV527Exposure of Version-Control Repository to an Unauthorized Control Sphere
HasMemberAllowedV528Exposure of Core Dump File to an Unauthorized Control Sphere
HasMemberAllowedV529Exposure of Access Control List Files to an Unauthorized Control Sphere
HasMemberAllowedV530Exposure of Backup File to an Unauthorized Control Sphere
HasMemberAllowedV539Use of Persistent Cookies Containing Sensitive Information
HasMemberAllowedB552Files or Directories Accessible to External Parties
HasMemberAllowedV553Command Shell in Externally Accessible Directory
HasMemberAllowedB565Reliance on Cookies without Validation and Integrity Checking
HasMemberAllowedV582Array Declared Public, Final, and Static
HasMemberAllowedV583finalize() Method Declared Public
HasMemberAllowedV608Struts: Non-private Field in ActionForm Class
HasMemberAllowedB619Dangling Database Cursor ('Cursor Injection')
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberDiscouragedC668Exposure of Resource to Wrong Sphere
HasMemberAllowedB73External Control of File Name or Path
HasMemberAllowedB767Access to Critical Private Variable via Public Method
HasMemberAllowedV784Reliance on Cookies without Validation and Integrity Checking in a Security Decision
HasMemberAllowedV8J2EE Misconfiguration: Entity Bean Declared Remote
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 1400
Name: Comprehensive Categorization for Software Assurance Trends
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 114
Name: Process Control
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1282
Name: Assumed-Immutable Data is Stored in Writable Memory
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1327
Name: Binding to an Unrestricted IP Address
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 15
Name: External Control of System or Configuration Setting
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 219
Name: Storage of File with Sensitive Data Under Web Root
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 220
Name: Storage of File With Sensitive Data Under FTP Root
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 374
Name: Passing Mutable Objects to an Untrusted Method
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 375
Name: Returning a Mutable Object to an Untrusted Caller
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 377
Name: Insecure Temporary File
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 378
Name: Creation of Temporary File With Insecure Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 379
Name: Creation of Temporary File in Directory with Insecure Permissions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 402
Name: Transmission of Private Resources into a New Sphere ('Resource Leak')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 403
Name: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 426
Name: Untrusted Search Path
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 427
Name: Uncontrolled Search Path Element
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 428
Name: Unquoted Search Path or Element
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 433
Name: Unparsed Raw Web Content Delivery
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 472
Name: External Control of Assumed-Immutable Web Parameter
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 488
Name: Exposure of Data Element to Wrong Session
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 491
Name: Public cloneable() Method Without Final ('Object Hijack')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 492
Name: Use of Inner Class Containing Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 493
Name: Critical Public Variable Without Final Modifier
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 498
Name: Cloneable Class Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 499
Name: Serializable Class Containing Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 500
Name: Public Static Field Not Marked Final
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 524
Name: Use of Cache Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 525
Name: Use of Web Browser Cache Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 527
Name: Exposure of Version-Control Repository to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 528
Name: Exposure of Core Dump File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 529
Name: Exposure of Access Control List Files to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 530
Name: Exposure of Backup File to an Unauthorized Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 539
Name: Use of Persistent Cookies Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 552
Name: Files or Directories Accessible to External Parties
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 553
Name: Command Shell in Externally Accessible Directory
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 565
Name: Reliance on Cookies without Validation and Integrity Checking
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 582
Name: Array Declared Public, Final, and Static
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 583
Name: finalize() Method Declared Public
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 608
Name: Struts: Non-private Field in ActionForm Class
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 619
Name: Dangling Database Cursor ('Cursor Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 668
Name: Exposure of Resource to Wrong Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 73
Name: External Control of File Name or Path
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 767
Name: Access to Critical Private Variable via Public Method
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 784
Name: Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 8
Name: J2EE Misconfiguration: Entity Bean Declared Remote
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-1330
Title: CVE --> CWE Mapping Guidance - Quick Tips
Version: v4.15
Author: MITRE
Publication:
Publisher:
Edition:
URL:https://cwe.mitre.org/documents/cwe_usage/quick_tips.html
URL Date:
Day:25
Month:03
Year:2021
Details not found