Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Environment Hardening Strategy
ID:BOSS-276
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) displays Environment Hardening strategy weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV121Stack-based Buffer Overflow
HasMemberAllowedV122Heap-based Buffer Overflow
HasMemberAllowedV129Improper Validation of Array Index
HasMemberAllowedB131Incorrect Calculation of Buffer Size
HasMemberAllowedB209Generation of Error Message Containing Sensitive Information
HasMemberAllowedB210Self-generated Error Message Containing Sensitive Information
HasMemberAllowedB211Externally-Generated Error Message Containing Sensitive Information
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB250Execution with Unnecessary Privileges
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB267Privilege Defined With Unsafe Actions
HasMemberAllowedB268Privilege Chaining
HasMemberAllowedB270Privilege Context Switching Error
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB787Out-of-bounds Write
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB805Buffer Access with Incorrect Length Value
HasMemberAllowedV806Buffer Access Using Size of Source Buffer
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
HasMemberAllowedB829Inclusion of Functionality from Untrusted Control Sphere
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
HasMemberAllowedV942Permissive Cross-domain Policy with Untrusted Domains
HasMemberAllowedV98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 121
Name: Stack-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 122
Name: Heap-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 129
Name: Improper Validation of Array Index
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 131
Name: Incorrect Calculation of Buffer Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 209
Name: Generation of Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 210
Name: Self-generated Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 211
Name: Externally-Generated Error Message Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 250
Name: Execution with Unnecessary Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 267
Name: Privilege Defined With Unsafe Actions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 268
Name: Privilege Chaining
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 270
Name: Privilege Context Switching Error
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 787
Name: Out-of-bounds Write
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 805
Name: Buffer Access with Incorrect Length Value
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 806
Name: Buffer Access Using Size of Source Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 829
Name: Inclusion of Functionality from Untrusted Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 942
Name: Permissive Cross-domain Policy with Untrusted Domains
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 98
Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-276 - Environment Hardening Strategy
Details not found