Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:CWE Cross-section
ID:884
Vulnerability Mapping:Prohibited
Type:Explicit
Status:Incomplete
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful to most audiences. It can be used by researchers to determine how broad their theories, models, or tools are. It will also be used by the CWE content team in 2012 to focus quality improvement efforts for individual CWE entries.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowedV14Compiler Removal of Code to Clear Buffers
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB23Relative Path Traversal
HasMemberAllowedB36Absolute Path Traversal
HasMemberAllowedB41Improper Resolution of Path Equivalence
HasMemberAllowedB59Improper Link Resolution Before File Access ('Link Following')
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB88Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedB90Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
HasMemberAllowedV95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMemberAllowedB96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
HasMemberAllowed-with-ReviewC99Improper Control of Resource Identifiers ('Resource Injection')
HasMemberAllowedV113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
HasMemberAllowedB117Improper Output Neutralization for Logs
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV129Improper Validation of Array Index
HasMemberAllowedB131Incorrect Calculation of Buffer Size
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberAllowedB135Incorrect Calculation of Multi-Byte String Length
HasMemberAllowedB170Improper Null Termination
HasMemberAllowedV173Improper Handling of Alternate Encoding
HasMemberAllowedV174Double Decoding of the Same Data
HasMemberAllowedV175Improper Handling of Mixed Encoding
HasMemberAllowedB179Incorrect Behavior Order: Early Validation
HasMemberAllowed-with-ReviewC185Incorrect Regular Expression
HasMemberAllowedB190Integer Overflow or Wraparound
HasMemberAllowedB191Integer Underflow (Wrap or Wraparound)
HasMemberAllowedB193Off-by-one Error
HasMemberAllowedB203Observable Discrepancy
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedB212Improper Removal of Sensitive Information Before Storage or Transfer
HasMemberAllowedB222Truncation of Security-relevant Information
HasMemberAllowedB223Omission of Security-relevant Information
HasMemberAllowed-with-ReviewC228Improper Handling of Syntactically Invalid Structure
HasMemberAllowedV244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberAllowedB248Uncaught Exception
HasMemberAllowedB250Execution with Unnecessary Privileges
HasMemberAllowedB252Unchecked Return Value
HasMemberAllowedB253Incorrect Check of Function Return Value
HasMemberAllowedB262Not Using Password Aging
HasMemberAllowedB263Password Aging with Long Expiration
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB267Privilege Defined With Unsafe Actions
HasMemberAllowedB268Privilege Chaining
HasMemberAllowedB270Privilege Context Switching Error
HasMemberAllowed-with-ReviewC271Privilege Dropping / Lowering Errors
HasMemberAllowedB273Improper Check for Dropped Privileges
HasMemberAllowedB283Unverified Ownership
HasMemberAllowedB290Authentication Bypass by Spoofing
HasMemberAllowedB294Authentication Bypass by Capture-replay
HasMemberAllowedB296Improper Following of a Certificate's Chain of Trust
HasMemberAllowedB299Improper Check for Certificate Revocation
HasMemberDiscouragedC300Channel Accessible by Non-Endpoint
HasMemberAllowedB301Reflection Attack in an Authentication Protocol
HasMemberAllowedB304Missing Critical Step in Authentication
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB307Improper Restriction of Excessive Authentication Attempts
HasMemberAllowedB308Use of Single-factor Authentication
HasMemberAllowedB312Cleartext Storage of Sensitive Information
HasMemberAllowedB319Cleartext Transmission of Sensitive Information
HasMemberAllowedB322Key Exchange without Entity Authentication
HasMemberAllowedB323Reusing a Nonce, Key Pair in Encryption
HasMemberAllowedB325Missing Cryptographic Step
HasMemberAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
HasMemberAllowedB331Insufficient Entropy
HasMemberAllowedB334Small Space of Random Values
HasMemberAllowedB335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
HasMemberAllowedB338Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
HasMemberAllowedB341Predictable from Observable State
HasMemberAllowedB347Improper Verification of Cryptographic Signature
HasMemberAllowedB348Use of Less Trusted Source
HasMemberAllowedB349Acceptance of Extraneous Untrusted Data With Trusted Data
HasMemberAllowedC352Cross-Site Request Forgery (CSRF)
HasMemberAllowedB353Missing Support for Integrity Check
HasMemberAllowedB354Improper Validation of Integrity Check Value
HasMemberAllowedB364Signal Handler Race Condition
HasMemberAllowedB367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberAllowedB369Divide By Zero
HasMemberAllowedB390Detection of Error Condition Without Action
HasMemberAllowedB392Missing Report of Error Condition
HasMemberAllowedB393Return of Wrong Status Code
HasMemberDiscouragedC400Uncontrolled Resource Consumption
HasMemberAllowed-with-ReviewC406Insufficient Control of Network Message Volume (Network Amplification)
HasMemberAllowed-with-ReviewC407Inefficient Algorithmic Complexity
HasMemberAllowedB408Incorrect Behavior Order: Early Amplification
HasMemberAllowedB409Improper Handling of Highly Compressed Data (Data Amplification)
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedB444Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HasMemberAllowed-with-ReviewC451User Interface (UI) Misrepresentation of Critical Information
HasMemberAllowedV453Insecure Default Variable Initialization
HasMemberAllowedB454External Initialization of Trusted Variables or Data Stores
HasMemberAllowedB455Non-exit on Failed Initialization
HasMemberAllowedV456Missing Initialization of a Variable
HasMemberAllowedV467Use of sizeof() on a Pointer Type
HasMemberAllowedB468Incorrect Pointer Scaling
HasMemberAllowedB469Use of Pointer Subtraction to Determine Size
HasMemberAllowedB470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberAllowedB476NULL Pointer Dereference
HasMemberAllowedB478Missing Default Case in Multiple Condition Expression
HasMemberAllowedB480Use of Incorrect Operator
HasMemberAllowedB483Incorrect Block Delimitation
HasMemberAllowedB484Omitted Break Statement in Switch
HasMemberAllowedV486Comparison of Classes by Name
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowedV495Private Data Structure Returned From A Public Method
HasMemberAllowedV496Public Data Assigned to Private Array-Typed Field
HasMemberAllowedV498Cloneable Class Containing Sensitive Information
HasMemberAllowedV499Serializable Class Containing Sensitive Data
HasMemberAllowedB502Deserialization of Untrusted Data
HasMemberAllowedB521Weak Password Requirements
HasMemberAllowed-with-ReviewC522Insufficiently Protected Credentials
HasMemberAllowedV546Suspicious Comment
HasMemberAllowedB547Use of Hard-coded, Security-relevant Constants
HasMemberAllowedB561Dead Code
HasMemberAllowedB563Assignment to Variable without Use
HasMemberAllowedB567Unsynchronized Access to Shared Data in a Multithreaded Context
HasMemberAllowedV587Assignment of a Fixed Address to a Pointer
HasMemberAllowedV595Comparison of Object References Instead of Object Contents
HasMemberAllowedB601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberAllowed-with-ReviewC602Client-Side Enforcement of Server-Side Security
HasMemberAllowedV605Multiple Binds to the Same Port
HasMemberAllowedB617Reachable Assertion
HasMemberAllowedV621Variable Extraction Error
HasMemberAllowedV627Dynamic Variable Evaluation
HasMemberAllowedB628Function Call with Incorrectly Specified Arguments
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowedB648Incorrect Use of Privileged APIs
HasMemberAllowed-with-ReviewC667Improper Locking
HasMemberAllowed-with-ReviewC672Operation on a Resource after Expiration or Release
HasMemberAllowed-with-ReviewC674Uncontrolled Recursion
HasMemberAllowedB676Use of Potentially Dangerous Function
HasMemberAllowedB681Incorrect Conversion between Numeric Types
HasMemberAllowedB698Execution After Redirect (EAR)
HasMemberAllowedB708Incorrect Ownership Assignment
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB756Missing Custom Error Page
HasMemberAllowedB763Release of Invalid Pointer or Reference
HasMemberAllowedB770Allocation of Resources Without Limits or Throttling
HasMemberAllowedB772Missing Release of Resource after Effective Lifetime
HasMemberAllowedB783Operator Precedence Logic Error
HasMemberDiscouragedB786Access of Memory Location Before Start of Buffer
HasMemberDiscouragedB788Access of Memory Location After End of Buffer
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowedB805Buffer Access with Incorrect Length Value
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
HasMemberAllowedB822Untrusted Pointer Dereference
HasMemberAllowedB825Expired Pointer Dereference
HasMemberAllowedB829Inclusion of Functionality from Untrusted Control Sphere
HasMemberAllowedB835Loop with Unreachable Exit Condition ('Infinite Loop')
HasMemberAllowedB838Inappropriate Encoding for Output Context
HasMemberAllowedB839Numeric Range Comparison Without Minimum Check
HasMemberAllowedB841Improper Enforcement of Behavioral Workflow
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 14
Name: Compiler Removal of Code to Clear Buffers
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 23
Name: Relative Path Traversal
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 36
Name: Absolute Path Traversal
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 41
Name: Improper Resolution of Path Equivalence
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 59
Name: Improper Link Resolution Before File Access ('Link Following')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 88
Name: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 90
Name: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 95
Name: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 96
Name: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 99
Name: Improper Control of Resource Identifiers ('Resource Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 113
Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 117
Name: Improper Output Neutralization for Logs
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 129
Name: Improper Validation of Array Index
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 131
Name: Incorrect Calculation of Buffer Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 135
Name: Incorrect Calculation of Multi-Byte String Length
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 170
Name: Improper Null Termination
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 173
Name: Improper Handling of Alternate Encoding
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 174
Name: Double Decoding of the Same Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 175
Name: Improper Handling of Mixed Encoding
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 179
Name: Incorrect Behavior Order: Early Validation
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 185
Name: Incorrect Regular Expression
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 190
Name: Integer Overflow or Wraparound
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 191
Name: Integer Underflow (Wrap or Wraparound)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 193
Name: Off-by-one Error
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 203
Name: Observable Discrepancy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 212
Name: Improper Removal of Sensitive Information Before Storage or Transfer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 222
Name: Truncation of Security-relevant Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 223
Name: Omission of Security-relevant Information
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 228
Name: Improper Handling of Syntactically Invalid Structure
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 244
Name: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 248
Name: Uncaught Exception
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 250
Name: Execution with Unnecessary Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 252
Name: Unchecked Return Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 253
Name: Incorrect Check of Function Return Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 262
Name: Not Using Password Aging
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 263
Name: Password Aging with Long Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 267
Name: Privilege Defined With Unsafe Actions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 270
Name: Privilege Context Switching Error
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 271
Name: Privilege Dropping / Lowering Errors
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 273
Name: Improper Check for Dropped Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 283
Name: Unverified Ownership
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 290
Name: Authentication Bypass by Spoofing
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 294
Name: Authentication Bypass by Capture-replay
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 296
Name: Improper Following of a Certificate's Chain of Trust
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 299
Name: Improper Check for Certificate Revocation
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 300
Name: Channel Accessible by Non-Endpoint
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 301
Name: Reflection Attack in an Authentication Protocol
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 304
Name: Missing Critical Step in Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 307
Name: Improper Restriction of Excessive Authentication Attempts
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 308
Name: Use of Single-factor Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 312
Name: Cleartext Storage of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 319
Name: Cleartext Transmission of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 322
Name: Key Exchange without Entity Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 323
Name: Reusing a Nonce, Key Pair in Encryption
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 325
Name: Missing Cryptographic Step
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 331
Name: Insufficient Entropy
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 334
Name: Small Space of Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 335
Name: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 338
Name: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 341
Name: Predictable from Observable State
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 347
Name: Improper Verification of Cryptographic Signature
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 348
Name: Use of Less Trusted Source
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 349
Name: Acceptance of Extraneous Untrusted Data With Trusted Data
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 352
Name: Cross-Site Request Forgery (CSRF)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 353
Name: Missing Support for Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 354
Name: Improper Validation of Integrity Check Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 364
Name: Signal Handler Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 367
Name: Time-of-check Time-of-use (TOCTOU) Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 369
Name: Divide By Zero
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 390
Name: Detection of Error Condition Without Action
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 392
Name: Missing Report of Error Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 393
Name: Return of Wrong Status Code
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 400
Name: Uncontrolled Resource Consumption
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 406
Name: Insufficient Control of Network Message Volume (Network Amplification)
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 407
Name: Inefficient Algorithmic Complexity
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 408
Name: Incorrect Behavior Order: Early Amplification
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 409
Name: Improper Handling of Highly Compressed Data (Data Amplification)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 444
Name: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 451
Name: User Interface (UI) Misrepresentation of Critical Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 453
Name: Insecure Default Variable Initialization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 454
Name: External Initialization of Trusted Variables or Data Stores
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 455
Name: Non-exit on Failed Initialization
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 456
Name: Missing Initialization of a Variable
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 467
Name: Use of sizeof() on a Pointer Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 468
Name: Incorrect Pointer Scaling
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 469
Name: Use of Pointer Subtraction to Determine Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 470
Name: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 476
Name: NULL Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 478
Name: Missing Default Case in Multiple Condition Expression
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 480
Name: Use of Incorrect Operator
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 483
Name: Incorrect Block Delimitation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 484
Name: Omitted Break Statement in Switch
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 486
Name: Comparison of Classes by Name
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 495
Name: Private Data Structure Returned From A Public Method
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 496
Name: Public Data Assigned to Private Array-Typed Field
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 498
Name: Cloneable Class Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 499
Name: Serializable Class Containing Sensitive Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 502
Name: Deserialization of Untrusted Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 521
Name: Weak Password Requirements
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 522
Name: Insufficiently Protected Credentials
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 546
Name: Suspicious Comment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 547
Name: Use of Hard-coded, Security-relevant Constants
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 561
Name: Dead Code
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 563
Name: Assignment to Variable without Use
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 567
Name: Unsynchronized Access to Shared Data in a Multithreaded Context
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 587
Name: Assignment of a Fixed Address to a Pointer
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 595
Name: Comparison of Object References Instead of Object Contents
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 601
Name: URL Redirection to Untrusted Site ('Open Redirect')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 602
Name: Client-Side Enforcement of Server-Side Security
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 605
Name: Multiple Binds to the Same Port
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 617
Name: Reachable Assertion
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 621
Name: Variable Extraction Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 627
Name: Dynamic Variable Evaluation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 628
Name: Function Call with Incorrectly Specified Arguments
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 648
Name: Incorrect Use of Privileged APIs
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 667
Name: Improper Locking
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 672
Name: Operation on a Resource after Expiration or Release
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 674
Name: Uncontrolled Recursion
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 676
Name: Use of Potentially Dangerous Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 681
Name: Incorrect Conversion between Numeric Types
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 698
Name: Execution After Redirect (EAR)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 708
Name: Incorrect Ownership Assignment
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 756
Name: Missing Custom Error Page
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 763
Name: Release of Invalid Pointer or Reference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 770
Name: Allocation of Resources Without Limits or Throttling
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 772
Name: Missing Release of Resource after Effective Lifetime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 783
Name: Operator Precedence Logic Error
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 786
Name: Access of Memory Location Before Start of Buffer
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 788
Name: Access of Memory Location After End of Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 805
Name: Buffer Access with Incorrect Length Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 822
Name: Untrusted Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 825
Name: Expired Pointer Dereference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 829
Name: Inclusion of Functionality from Untrusted Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 835
Name: Loop with Unreachable Exit Condition ('Infinite Loop')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 838
Name: Inappropriate Encoding for Output Context
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 839
Name: Numeric Range Comparison Without Minimum Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 841
Name: Improper Enforcement of Behavioral Workflow
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
884 - CWE Cross-section
Details not found