Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.
| Nature | Mapping | Type | ID | Name |
|---|---|---|---|---|
| MemberOf | Prohibited | V | 699 | Software Development |
| HasMember | Allowed | B | 1327 | Binding to an Unrestricted IP Address |
| HasMember | Allowed | B | 322 | Key Exchange without Entity Authentication |
| HasMember | Allowed-with-Review | C | 346 | Origin Validation Error |
| HasMember | Allowed | B | 385 | Covert Timing Channel |
| HasMember | Allowed | B | 419 | Unprotected Primary Channel |
| HasMember | Allowed | B | 420 | Unprotected Alternate Channel |
| HasMember | Allowed | B | 425 | Direct Request ('Forced Browsing') |
| HasMember | Allowed | B | 515 | Covert Storage Channel |
| HasMember | Allowed | B | 918 | Server-Side Request Forgery (SSRF) |
| HasMember | Allowed | B | 924 | Improper Enforcement of Message Integrity During Transmission in a Communication Channel |
| HasMember | Allowed | B | 940 | Improper Verification of Source of a Communication Channel |
| HasMember | Allowed | B | 941 | Incorrectly Specified Destination in a Communication Channel |
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
See member weaknesses of this category.
Most of these issues are probably under-studied. Only a handful of public reports exist.
N/A
| Taxonomy Name | Entry ID | Fit | Entry Name |
|---|---|---|---|
| PLOVER | CHAP.VIRTFILE | N/A | Channel and Path Errors |