Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:OWASP Top Ten 2004 Category A2 - Broken Access Control
Category ID:723
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2004.

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV711Weaknesses in OWASP Top Ten (2004)
HasMemberAllowedB551Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB268Privilege Chaining
HasMemberAllowedB283Unverified Ownership
HasMemberDiscouragedP284Improper Access Control
HasMemberDiscouragedC285Improper Authorization
HasMemberDiscouragedC330Use of Insufficiently Random Values
HasMemberAllowedB41Improper Resolution of Path Equivalence
HasMemberAllowedB425Direct Request ('Forced Browsing')
HasMemberAllowedV525Use of Web Browser Cache Containing Sensitive Information
HasMemberAllowedV556ASP.NET Misconfiguration: Use of Identity Impersonation
HasMemberAllowedB639Authorization Bypass Through User-Controlled Key
HasMemberAllowedB708Incorrect Ownership Assignment
HasMemberAllowedB73External Control of File Name or Path
HasMemberAllowedV9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
HasMemberProhibitedC275Permission Issues
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 711
Name: Weaknesses in OWASP Top Ten (2004)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 551
Name: Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 283
Name: Unverified Ownership
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 284
Name: Improper Access Control
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 41
Name: Improper Resolution of Path Equivalence
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 425
Name: Direct Request ('Forced Browsing')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 525
Name: Use of Web Browser Cache Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 556
Name: ASP.NET Misconfiguration: Use of Identity Impersonation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 639
Name: Authorization Bypass Through User-Controlled Key
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 708
Name: Incorrect Ownership Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 73
Name: External Control of File Name or Path
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 9
Name: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 275
Name: Permission Issues
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-582
Title: A2 Broken Access Control
Version: v4.15
Author: OWASP
Publication:
Publisher:
Edition:
URL:http://sourceforge.net/project/showfiles.php?group_id=64424&package_id=70827
URL Date:
Day:N/A
Month:N/A
Year:2007
Details not found