Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Attack Surface Reduction Strategy
ID:BOSS-286
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) displays Attack Surface Reduction strategy weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberDiscouragedC20Improper Input Validation
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedB212Improper Removal of Sensitive Information Before Storage or Transfer
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB250Execution with Unnecessary Privileges
HasMemberDiscouragedC311Missing Encryption of Sensitive Data
HasMemberAllowedV416Use After Free
HasMemberAllowed-with-ReviewB426Untrusted Search Path
HasMemberAllowed-with-ReviewB427Uncontrolled Search Path Element
HasMemberAllowedV457Use of Uninitialized Variable
HasMemberAllowedB601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowedB749Exposed Dangerous Method or Function
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedV80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
HasMemberAllowedV81Improper Neutralization of Script in an Error Message Web Page
HasMemberAllowedV82Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
HasMemberAllowedB829Inclusion of Functionality from Untrusted Control Sphere
HasMemberAllowedV83Improper Neutralization of Script in Attributes in a Web Page
HasMemberAllowedV84Improper Neutralization of Encoded URI Schemes in a Web Page
HasMemberAllowedV85Doubled Character XSS Manipulations
HasMemberAllowedV86Improper Neutralization of Invalid Characters in Identifiers in Web Pages
HasMemberAllowedV87Improper Neutralization of Alternate XSS Syntax
HasMemberAllowedV926Improper Export of Android Application Components
HasMemberAllowedV942Permissive Cross-domain Policy with Untrusted Domains
HasMemberAllowedV98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 20
Name: Improper Input Validation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 212
Name: Improper Removal of Sensitive Information Before Storage or Transfer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 250
Name: Execution with Unnecessary Privileges
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 311
Name: Missing Encryption of Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 416
Name: Use After Free
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 426
Name: Untrusted Search Path
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 427
Name: Uncontrolled Search Path Element
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 457
Name: Use of Uninitialized Variable
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 601
Name: URL Redirection to Untrusted Site ('Open Redirect')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 749
Name: Exposed Dangerous Method or Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 80
Name: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 81
Name: Improper Neutralization of Script in an Error Message Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 82
Name: Improper Neutralization of Script in Attributes of IMG Tags in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 829
Name: Inclusion of Functionality from Untrusted Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 83
Name: Improper Neutralization of Script in Attributes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 84
Name: Improper Neutralization of Encoded URI Schemes in a Web Page
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 85
Name: Doubled Character XSS Manipulations
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 86
Name: Improper Neutralization of Invalid Characters in Identifiers in Web Pages
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 87
Name: Improper Neutralization of Alternate XSS Syntax
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 926
Name: Improper Export of Android Application Components
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 942
Name: Permissive Cross-domain Policy with Untrusted Domains
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 98
Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-286 - Attack Surface Reduction Strategy
Details not found