Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Libraries or Frameworks Strategy
ID:BOSS-278
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) displays Libraries or Frameworks strategy weaknesses.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowedV106Struts: Plug-in Framework not in Use
HasMemberDiscouragedC114Process Control
HasMemberAllowed-with-ReviewC116Improper Encoding or Escaping of Output
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowed-with-ReviewB120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
HasMemberAllowedV122Heap-based Buffer Overflow
HasMemberAllowedB1240Use of a Cryptographic Primitive with a Risky Implementation
HasMemberAllowedB131Incorrect Calculation of Buffer Size
HasMemberAllowedB135Incorrect Calculation of Multi-Byte String Length
HasMemberAllowedB190Integer Overflow or Wraparound
HasMemberDiscouragedC20Improper Input Validation
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberDiscouragedC285Improper Authorization
HasMemberDiscouragedC287Improper Authentication
HasMemberAllowedB306Missing Authentication for Critical Function
HasMemberAllowedB307Improper Restriction of Excessive Authentication Attempts
HasMemberDiscouragedC311Missing Encryption of Sensitive Data
HasMemberAllowed-with-ReviewC327Use of a Broken or Risky Cryptographic Algorithm
HasMemberDiscouragedC330Use of Insufficiently Random Values
HasMemberAllowedV332Insufficient Entropy in PRNG
HasMemberAllowedB334Small Space of Random Values
HasMemberAllowedV336Same Seed in Pseudo-Random Number Generator (PRNG)
HasMemberAllowedV337Predictable Seed in Pseudo-Random Number Generator (PRNG)
HasMemberAllowedV339Small Seed Space in PRNG
HasMemberAllowedB341Predictable from Observable State
HasMemberAllowedB342Predictable Exact Value from Previous Values
HasMemberAllowedB343Predictable Value Range from Previous Values
HasMemberAllowedC352Cross-Site Request Forgery (CSRF)
HasMemberAllowedV401Missing Release of Memory after Effective Lifetime
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowedV590Free of Memory not on the Heap
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowed-with-ReviewC667Improper Locking
HasMemberDiscouragedP682Incorrect Calculation
HasMemberAllowedV761Free of Pointer not at Start of Buffer
HasMemberAllowedV762Mismatched Memory Management Routines
HasMemberAllowedB763Release of Invalid Pointer or Reference
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB787Out-of-bounds Write
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB805Buffer Access with Incorrect Length Value
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
HasMemberAllowedB829Inclusion of Functionality from Untrusted Control Sphere
HasMemberAllowedB838Inappropriate Encoding for Output Context
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowedV98Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 106
Name: Struts: Plug-in Framework not in Use
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 114
Name: Process Control
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 116
Name: Improper Encoding or Escaping of Output
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 120
Name: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 122
Name: Heap-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1240
Name: Use of a Cryptographic Primitive with a Risky Implementation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 131
Name: Incorrect Calculation of Buffer Size
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 135
Name: Incorrect Calculation of Multi-Byte String Length
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 190
Name: Integer Overflow or Wraparound
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 20
Name: Improper Input Validation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 306
Name: Missing Authentication for Critical Function
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 307
Name: Improper Restriction of Excessive Authentication Attempts
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 311
Name: Missing Encryption of Sensitive Data
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 327
Name: Use of a Broken or Risky Cryptographic Algorithm
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 332
Name: Insufficient Entropy in PRNG
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 334
Name: Small Space of Random Values
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 336
Name: Same Seed in Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 337
Name: Predictable Seed in Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 339
Name: Small Seed Space in PRNG
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 341
Name: Predictable from Observable State
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 342
Name: Predictable Exact Value from Previous Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 343
Name: Predictable Value Range from Previous Values
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 352
Name: Cross-Site Request Forgery (CSRF)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 401
Name: Missing Release of Memory after Effective Lifetime
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 590
Name: Free of Memory not on the Heap
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 667
Name: Improper Locking
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 682
Name: Incorrect Calculation
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 761
Name: Free of Pointer not at Start of Buffer
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 762
Name: Mismatched Memory Management Routines
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 763
Name: Release of Invalid Pointer or Reference
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 787
Name: Out-of-bounds Write
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 805
Name: Buffer Access with Incorrect Length Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 829
Name: Inclusion of Functionality from Untrusted Control Sphere
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 838
Name: Inappropriate Encoding for Output Context
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 98
Name: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-278 - Libraries or Frameworks Strategy
Details not found