ByteOS Network

CWE VIEW:Input Validation Strategy

ID:BOSS-279

Vulnerability Mapping:Prohibited

Type:Implicit

Status:Draft

Details Content History Observed CVE Examples Reports

▼Objective

This view (slice) displays Input Validation strategy weaknesses.

▼Memberships

Nature	Mapping	Type	ID	Name
HasMember	Allowed	V	106	Struts: Plug-in Framework not in Use
HasMember	Allowed	V	108	Struts: Unvalidated Action Form
HasMember	Allowed	B	112	Missing XML Validation
HasMember	Allowed	V	113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
HasMember	Allowed	B	117	Improper Output Neutralization for Logs
HasMember	Allowed-with-Review	B	120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMember	Allowed	B	125	Out-of-bounds Read
HasMember	Allowed	B	1284	Improper Validation of Specified Quantity in Input
HasMember	Allowed	B	1285	Improper Validation of Specified Index, Position, or Offset in Input
HasMember	Allowed	B	1286	Improper Validation of Syntactic Correctness of Input
HasMember	Allowed	B	1287	Improper Validation of Specified Type of Input
HasMember	Allowed	B	1288	Improper Validation of Consistency within Input
HasMember	Allowed	B	1289	Improper Validation of Unsafe Equivalence in Input
HasMember	Allowed	V	129	Improper Validation of Array Index
HasMember	Allowed	B	131	Incorrect Calculation of Buffer Size
HasMember	Allowed	V	1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
HasMember	Allowed	B	135	Incorrect Calculation of Multi-Byte String Length
HasMember	Discouraged	C	138	Improper Neutralization of Special Elements
HasMember	Allowed	B	1389	Incorrect Parsing of Numbers with Different Radices
HasMember	Allowed	B	140	Improper Neutralization of Delimiters
HasMember	Allowed	V	141	Improper Neutralization of Parameter/Argument Delimiters
HasMember	Allowed	V	142	Improper Neutralization of Value Delimiters
HasMember	Allowed	V	143	Improper Neutralization of Record Delimiters
HasMember	Allowed	V	144	Improper Neutralization of Line Delimiters
HasMember	Allowed	V	145	Improper Neutralization of Section Delimiters
HasMember	Allowed	V	146	Improper Neutralization of Expression/Command Delimiters
HasMember	Allowed	V	147	Improper Neutralization of Input Terminators
HasMember	Allowed	V	148	Improper Neutralization of Input Leaders
HasMember	Allowed	V	149	Improper Neutralization of Quoting Syntax
HasMember	Allowed	V	150	Improper Neutralization of Escape, Meta, or Control Sequences
HasMember	Allowed	V	151	Improper Neutralization of Comment Delimiters
HasMember	Allowed	V	152	Improper Neutralization of Macro Symbols
HasMember	Allowed	V	153	Improper Neutralization of Substitution Characters
HasMember	Allowed	V	154	Improper Neutralization of Variable Name Delimiters
HasMember	Allowed	V	155	Improper Neutralization of Wildcards or Matching Symbols
HasMember	Allowed	V	156	Improper Neutralization of Whitespace
HasMember	Allowed	V	157	Failure to Sanitize Paired Delimiters
HasMember	Allowed	V	158	Improper Neutralization of Null Byte or NUL Character
HasMember	Allowed-with-Review	C	159	Improper Handling of Invalid Use of Special Elements
HasMember	Allowed	V	160	Improper Neutralization of Leading Special Elements
HasMember	Allowed	V	161	Improper Neutralization of Multiple Leading Special Elements
HasMember	Allowed	V	162	Improper Neutralization of Trailing Special Elements
HasMember	Allowed	V	163	Improper Neutralization of Multiple Trailing Special Elements
HasMember	Allowed	V	164	Improper Neutralization of Internal Special Elements
HasMember	Allowed	V	165	Improper Neutralization of Multiple Internal Special Elements
HasMember	Allowed	B	166	Improper Handling of Missing Special Element
HasMember	Allowed	B	167	Improper Handling of Additional Special Element
HasMember	Allowed	B	168	Improper Handling of Inconsistent Special Elements
HasMember	Allowed-with-Review	C	172	Encoding Error
HasMember	Allowed	V	173	Improper Handling of Alternate Encoding
HasMember	Allowed	V	174	Double Decoding of the Same Data
HasMember	Allowed	V	175	Improper Handling of Mixed Encoding
HasMember	Allowed	V	176	Improper Handling of Unicode Encoding
HasMember	Allowed	V	177	Improper Handling of URL Encoding (Hex Encoding)
HasMember	Allowed	B	178	Improper Handling of Case Sensitivity
HasMember	Allowed	B	179	Incorrect Behavior Order: Early Validation
HasMember	Allowed	V	180	Incorrect Behavior Order: Validate Before Canonicalize
HasMember	Allowed	B	182	Collapse of Data into Unsafe Value
HasMember	Allowed	B	184	Incomplete List of Disallowed Inputs
HasMember	Allowed	B	190	Integer Overflow or Wraparound
HasMember	Discouraged	C	20	Improper Input Validation
HasMember	Allowed	B	22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMember	Allowed	B	23	Relative Path Traversal
HasMember	Allowed	V	24	Path Traversal: '../filedir'
HasMember	Allowed	B	241	Improper Handling of Unexpected Data Type
HasMember	Allowed	V	25	Path Traversal: '/../filedir'
HasMember	Allowed	V	26	Path Traversal: '/dir/../filename'
HasMember	Allowed	V	27	Path Traversal: 'dir/../../filename'
HasMember	Allowed	V	28	Path Traversal: '..\filedir'
HasMember	Allowed	B	289	Authentication Bypass by Alternate Name
HasMember	Allowed	V	29	Path Traversal: '\..\filename'
HasMember	Allowed	V	30	Path Traversal: '\dir\..\filename'
HasMember	Allowed	V	31	Path Traversal: 'dir\..\..\filename'
HasMember	Allowed	V	32	Path Traversal: '...' (Triple Dot)
HasMember	Allowed	V	33	Path Traversal: '....' (Multiple Dot)
HasMember	Allowed	V	34	Path Traversal: '....//'
HasMember	Allowed	V	35	Path Traversal: '.../...//'
HasMember	Allowed	V	37	Path Traversal: '/absolute/pathname/here'
HasMember	Allowed	V	38	Path Traversal: '\absolute\pathname\here'
HasMember	Allowed	V	39	Path Traversal: 'C:dirname'
HasMember	Allowed	V	40	Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
HasMember	Allowed	B	41	Improper Resolution of Path Equivalence
HasMember	Allowed	B	428	Unquoted Search Path or Element
HasMember	Allowed	B	434	Unrestricted Upload of File with Dangerous Type
HasMember	Allowed	B	450	Multiple Interpretations of UI Input
HasMember	Allowed-with-Review	C	451	User Interface (UI) Misrepresentation of Critical Information
HasMember	Allowed	B	454	External Initialization of Trusted Variables or Data Stores
HasMember	Allowed	B	472	External Control of Assumed-Immutable Web Parameter
HasMember	Allowed	V	51	Path Equivalence: '/multiple//internal/slash'
HasMember	Allowed	V	52	Path Equivalence: '/multiple/trailing/slash//'
HasMember	Allowed	V	53	Path Equivalence: '\multiple\\internal\backslash'
HasMember	Allowed	V	54	Path Equivalence: 'filedir\' (Trailing Backslash)
HasMember	Allowed	V	55	Path Equivalence: '/./' (Single Dot Directory)
HasMember	Allowed	V	56	Path Equivalence: 'filedir*' (Wildcard)
HasMember	Allowed	V	57	Path Equivalence: 'fakedir/../realdir/filename'
HasMember	Allowed	B	601	URL Redirection to Untrusted Site ('Open Redirect')
HasMember	Allowed	B	617	Reachable Assertion
HasMember	Allowed	V	621	Variable Extraction Error
HasMember	Allowed	V	627	Dynamic Variable Evaluation
HasMember	Discouraged	P	682	Incorrect Calculation
HasMember	Allowed	B	73	External Control of File Name or Path
HasMember	Allowed-with-Review	C	754	Improper Check for Unusual or Exceptional Conditions
HasMember	Allowed-with-Review	C	77	Improper Neutralization of Special Elements used in a Command ('Command Injection')
HasMember	Allowed	B	770	Allocation of Resources Without Limits or Throttling
HasMember	Allowed	B	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMember	Allowed	B	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMember	Allowed	B	829	Inclusion of Functionality from Untrusted Control Sphere
HasMember	Allowed	B	839	Numeric Range Comparison Without Minimum Check
HasMember	Allowed	V	84	Improper Neutralization of Encoded URI Schemes in a Web Page
HasMember	Allowed	B	88	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
HasMember	Allowed	B	89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMember	Allowed	B	90	Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
HasMember	Allowed	B	91	XML Injection (aka Blind XPath Injection)
HasMember	Allowed-with-Review	C	913	Improper Control of Dynamically-Managed Code Resources
HasMember	Allowed	B	914	Improper Control of Dynamically-Identified Variables
HasMember	Allowed	B	915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
HasMember	Allowed-with-Review	B	94	Improper Control of Generation of Code ('Code Injection')
HasMember	Allowed	V	95	Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMember	Allowed	B	96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
HasMember	Allowed	V	98	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
HasMember	Allowed-with-Review	C	99	Improper Control of Resource Identifiers ('Resource Injection')

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 106

Name: Struts: Plug-in Framework not in Use

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 108

Name: Struts: Unvalidated Action Form

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 112

Name: Missing XML Validation

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 113

Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 117

Name: Improper Output Neutralization for Logs

Nature: HasMember

Mapping: Allowed-with-Review

Type: Base

ID: 120

Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 125

Name: Out-of-bounds Read

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1284

Name: Improper Validation of Specified Quantity in Input

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1285

Name: Improper Validation of Specified Index, Position, or Offset in Input

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1286

Name: Improper Validation of Syntactic Correctness of Input

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1287

Name: Improper Validation of Specified Type of Input

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1288

Name: Improper Validation of Consistency within Input

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1289

Name: Improper Validation of Unsafe Equivalence in Input

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 129

Name: Improper Validation of Array Index

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 131

Name: Incorrect Calculation of Buffer Size

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 1321

Name: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 135

Name: Incorrect Calculation of Multi-Byte String Length

Nature: HasMember

Mapping: Discouraged

Type: Class

ID: 138

Name: Improper Neutralization of Special Elements

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1389

Name: Incorrect Parsing of Numbers with Different Radices

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 140

Name: Improper Neutralization of Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 141

Name: Improper Neutralization of Parameter/Argument Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 142

Name: Improper Neutralization of Value Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 143

Name: Improper Neutralization of Record Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 144

Name: Improper Neutralization of Line Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 145

Name: Improper Neutralization of Section Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 146

Name: Improper Neutralization of Expression/Command Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 147

Name: Improper Neutralization of Input Terminators

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 148

Name: Improper Neutralization of Input Leaders

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 149

Name: Improper Neutralization of Quoting Syntax

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 150

Name: Improper Neutralization of Escape, Meta, or Control Sequences

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 151

Name: Improper Neutralization of Comment Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 152

Name: Improper Neutralization of Macro Symbols

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 153

Name: Improper Neutralization of Substitution Characters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 154

Name: Improper Neutralization of Variable Name Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 155

Name: Improper Neutralization of Wildcards or Matching Symbols

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 156

Name: Improper Neutralization of Whitespace

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 157

Name: Failure to Sanitize Paired Delimiters

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 158

Name: Improper Neutralization of Null Byte or NUL Character

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 159

Name: Improper Handling of Invalid Use of Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 160

Name: Improper Neutralization of Leading Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 161

Name: Improper Neutralization of Multiple Leading Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 162

Name: Improper Neutralization of Trailing Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 163

Name: Improper Neutralization of Multiple Trailing Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 164

Name: Improper Neutralization of Internal Special Elements

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 165

Name: Improper Neutralization of Multiple Internal Special Elements

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 166

Name: Improper Handling of Missing Special Element

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 167

Name: Improper Handling of Additional Special Element

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 168

Name: Improper Handling of Inconsistent Special Elements

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 172

Name: Encoding Error

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 173

Name: Improper Handling of Alternate Encoding

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 174

Name: Double Decoding of the Same Data

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 175

Name: Improper Handling of Mixed Encoding

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 176

Name: Improper Handling of Unicode Encoding

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 177

Name: Improper Handling of URL Encoding (Hex Encoding)

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 178

Name: Improper Handling of Case Sensitivity

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 179

Name: Incorrect Behavior Order: Early Validation

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 180

Name: Incorrect Behavior Order: Validate Before Canonicalize

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 182

Name: Collapse of Data into Unsafe Value

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 184

Name: Incomplete List of Disallowed Inputs

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 190

Name: Integer Overflow or Wraparound

Nature: HasMember

Mapping: Discouraged

Type: Class

ID: 20

Name: Improper Input Validation

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 22

Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 23

Name: Relative Path Traversal

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 24

Name: Path Traversal: '../filedir'

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 241

Name: Improper Handling of Unexpected Data Type

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 25

Name: Path Traversal: '/../filedir'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 26

Name: Path Traversal: '/dir/../filename'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 27

Name: Path Traversal: 'dir/../../filename'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 28

Name: Path Traversal: '..\filedir'

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 289

Name: Authentication Bypass by Alternate Name

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 29

Name: Path Traversal: '\..\filename'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 30

Name: Path Traversal: '\dir\..\filename'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 31

Name: Path Traversal: 'dir\..\..\filename'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 32

Name: Path Traversal: '...' (Triple Dot)

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 33

Name: Path Traversal: '....' (Multiple Dot)

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 34

Name: Path Traversal: '....//'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 35

Name: Path Traversal: '.../...//'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 37

Name: Path Traversal: '/absolute/pathname/here'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 38

Name: Path Traversal: '\absolute\pathname\here'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 39

Name: Path Traversal: 'C:dirname'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 40

Name: Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 41

Name: Improper Resolution of Path Equivalence

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 428

Name: Unquoted Search Path or Element

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 434

Name: Unrestricted Upload of File with Dangerous Type

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 450

Name: Multiple Interpretations of UI Input

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 451

Name: User Interface (UI) Misrepresentation of Critical Information

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 454

Name: External Initialization of Trusted Variables or Data Stores

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 472

Name: External Control of Assumed-Immutable Web Parameter

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 51

Name: Path Equivalence: '/multiple//internal/slash'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 52

Name: Path Equivalence: '/multiple/trailing/slash//'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 53

Name: Path Equivalence: '\multiple\\internal\backslash'

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 54

Name: Path Equivalence: 'filedir\' (Trailing Backslash)

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 55

Name: Path Equivalence: '/./' (Single Dot Directory)

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 56

Name: Path Equivalence: 'filedir*' (Wildcard)

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 57

Name: Path Equivalence: 'fakedir/../realdir/filename'

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 601

Name: URL Redirection to Untrusted Site ('Open Redirect')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 617

Name: Reachable Assertion

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 621

Name: Variable Extraction Error

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 627

Name: Dynamic Variable Evaluation

Nature: HasMember

Mapping: Discouraged

Type: Pillar

ID: 682

Name: Incorrect Calculation

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 73

Name: External Control of File Name or Path

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 754

Name: Improper Check for Unusual or Exceptional Conditions

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 77

Name: Improper Neutralization of Special Elements used in a Command ('Command Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 770

Name: Allocation of Resources Without Limits or Throttling

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 78

Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 79

Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 829

Name: Inclusion of Functionality from Untrusted Control Sphere

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 839

Name: Numeric Range Comparison Without Minimum Check

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 84

Name: Improper Neutralization of Encoded URI Schemes in a Web Page

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 88

Name: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 89

Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 90

Name: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 91

Name: XML Injection (aka Blind XPath Injection)

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 913

Name: Improper Control of Dynamically-Managed Code Resources

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 914

Name: Improper Control of Dynamically-Identified Variables

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 915

Name: Improperly Controlled Modification of Dynamically-Determined Object Attributes

Nature: HasMember

Mapping: Allowed-with-Review

Type: Base

ID: 94

Name: Improper Control of Generation of Code ('Code Injection')

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 95

Name: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 96

Name: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 98

Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Nature: HasMember

Mapping: Allowed-with-Review

Type: Class

ID: 99

Name: Improper Control of Resource Identifiers ('Resource Injection')

▼Vulnerability Mapping Notes

Usage:Prohibited

Reason:View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.