Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Other (impact)
ID:BOSS-312
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view categorizes and displays weaknesses based on the 'Other' consequence impact.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowedB1007Insufficient Visual Distinction of Homoglyphs Presented to User
HasMemberAllowedV103Struts: Incomplete validate() Method Definition
HasMemberAllowedV104Struts: Form Bean Does Not Extend Validation Class
HasMemberAllowedV108Struts: Unvalidated Action Form
HasMemberAllowedV110Struts: Validator Without Form Field
HasMemberAllowedV121Stack-based Buffer Overflow
HasMemberAllowedV122Heap-based Buffer Overflow
HasMemberAllowedB1220Insufficient Granularity of Access Control
HasMemberAllowedV1222Insufficient Granularity of Address Regions Protected by Register Locks
HasMemberAllowedB123Write-what-where Condition
HasMemberAllowedB124Buffer Underwrite ('Buffer Underflow')
HasMemberAllowedB1269Product Released in Non-Release Configuration
HasMemberAllowedB1328Security Version Number Mutable to Older Versions
HasMemberAllowedB1331Improper Isolation of Shared Resources in Network On Chip (NoC)
HasMemberAllowedV192Integer Coercion Error
HasMemberAllowedV194Unexpected Sign Extension
HasMemberAllowedV244Improper Clearing of Heap Memory Before Release ('Heap Inspection')
HasMemberDiscouragedB274Improper Handling of Insufficient Privileges
HasMemberAllowedB280Improper Handling of Insufficient Permissions or Privileges
HasMemberAllowedV297Improper Validation of Certificate with Host Mismatch
HasMemberAllowedV298Improper Validation of Certificate Expiration
HasMemberAllowedB299Improper Check for Certificate Revocation
HasMemberAllowedB319Cleartext Transmission of Sensitive Information
HasMemberDiscouragedC330Use of Insufficiently Random Values
HasMemberAllowedB331Insufficient Entropy
HasMemberAllowedV332Insufficient Entropy in PRNG
HasMemberAllowedB334Small Space of Random Values
HasMemberAllowedB335Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
HasMemberAllowedV336Same Seed in Pseudo-Random Number Generator (PRNG)
HasMemberAllowedB351Insufficient Type Distinction
HasMemberAllowedB353Missing Support for Integrity Check
HasMemberAllowedB354Improper Validation of Integrity Check Value
HasMemberAllowedB367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberAllowedB378Creation of Temporary File With Insecure Permissions
HasMemberAllowedB385Covert Timing Channel
HasMemberAllowedB386Symbolic Name not Mapping to Correct Object
HasMemberDiscouragedC400Uncontrolled Resource Consumption
HasMemberAllowedC410Insufficient Resource Pool
HasMemberAllowedV457Use of Uninitialized Variable
HasMemberAllowedB459Incomplete Cleanup
HasMemberAllowedB463Deletion of Data Structure Sentinel
HasMemberAllowedB470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowedV543Use of Singleton Pattern Without Synchronization in a Multithreaded Context
HasMemberAllowedV558Use of getlogin() in Multithreaded Application
HasMemberAllowedV581Object Model Violation: Just One of Equals and Hashcode Defined
HasMemberAllowedV585Empty Synchronized Block
HasMemberAllowedV597Use of Wrong Operator in String Comparison
HasMemberAllowedB601URL Redirection to Untrusted Site ('Open Redirect')
HasMemberAllowedV618Exposed Unsafe ActiveX Method
HasMemberAllowed-with-ReviewC637Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
HasMemberAllowed-with-ReviewC638Not Using Complete Mediation
HasMemberAllowed-with-ReviewB640Weak Password Recovery Mechanism for Forgotten Password
HasMemberAllowed-with-ReviewC656Reliance on Security Through Obscurity
HasMemberDiscouragedC657Violation of Secure Design Principles
HasMemberAllowedB66Improper Handling of File Names that Identify Virtual Resources
HasMemberDiscouragedP664Improper Control of a Resource Through its Lifetime
HasMemberDiscouragedC666Operation on Resource in Wrong Phase of Lifetime
HasMemberAllowedV67Improper Handling of Windows Device Names
HasMemberAllowed-with-ReviewC670Always-Incorrect Control Flow Implementation
HasMemberAllowed-with-ReviewC672Operation on a Resource after Expiration or Release
HasMemberAllowed-with-ReviewC673External Influence of Sphere Definition
HasMemberAllowed-with-ReviewC675Multiple Operations on Resource in Single-Operation Context
HasMemberAllowedV69Improper Handling of Windows ::DATA Alternate Data Stream
HasMemberAllowedB695Use of Low-Level Functionality
HasMemberAllowed-with-ReviewC704Incorrect Type Conversion or Cast
HasMemberAllowed-with-ReviewC705Incorrect Control Flow Scoping
HasMemberDiscouragedP707Improper Neutralization
HasMemberDiscouragedP710Improper Adherence to Coding Standards
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB733Compiler Optimization Removal or Modification of Security-critical Code
HasMemberDiscouragedC74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
HasMemberAllowedB749Exposed Dangerous Method or Function
HasMemberDiscouragedC755Improper Handling of Exceptional Conditions
HasMemberAllowed-with-ReviewC758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
HasMemberAllowedB76Improper Neutralization of Equivalent Special Elements
HasMemberAllowedB767Access to Critical Private Variable via Public Method
HasMemberAllowedB798Use of Hard-coded Credentials
HasMemberAllowed-with-ReviewC799Improper Control of Interaction Frequency
HasMemberAllowedB804Guessable CAPTCHA
HasMemberAllowedB832Unlock of a Resource that is not Locked
HasMemberAllowedV9J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1007
Name: Insufficient Visual Distinction of Homoglyphs Presented to User
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 103
Name: Struts: Incomplete validate() Method Definition
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 104
Name: Struts: Form Bean Does Not Extend Validation Class
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 108
Name: Struts: Unvalidated Action Form
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 110
Name: Struts: Validator Without Form Field
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 121
Name: Stack-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 122
Name: Heap-based Buffer Overflow
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1220
Name: Insufficient Granularity of Access Control
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1222
Name: Insufficient Granularity of Address Regions Protected by Register Locks
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 123
Name: Write-what-where Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 124
Name: Buffer Underwrite ('Buffer Underflow')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1269
Name: Product Released in Non-Release Configuration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1328
Name: Security Version Number Mutable to Older Versions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1331
Name: Improper Isolation of Shared Resources in Network On Chip (NoC)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 192
Name: Integer Coercion Error
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 194
Name: Unexpected Sign Extension
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 244
Name: Improper Clearing of Heap Memory Before Release ('Heap Inspection')
Nature: HasMember
Mapping: Discouraged
Type: Base
ID: 274
Name: Improper Handling of Insufficient Privileges
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 280
Name: Improper Handling of Insufficient Permissions or Privileges
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 297
Name: Improper Validation of Certificate with Host Mismatch
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 298
Name: Improper Validation of Certificate Expiration
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 299
Name: Improper Check for Certificate Revocation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 319
Name: Cleartext Transmission of Sensitive Information
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 330
Name: Use of Insufficiently Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 331
Name: Insufficient Entropy
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 332
Name: Insufficient Entropy in PRNG
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 334
Name: Small Space of Random Values
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 335
Name: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 336
Name: Same Seed in Pseudo-Random Number Generator (PRNG)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 351
Name: Insufficient Type Distinction
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 353
Name: Missing Support for Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 354
Name: Improper Validation of Integrity Check Value
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 367
Name: Time-of-check Time-of-use (TOCTOU) Race Condition
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 378
Name: Creation of Temporary File With Insecure Permissions
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 385
Name: Covert Timing Channel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 386
Name: Symbolic Name not Mapping to Correct Object
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 400
Name: Uncontrolled Resource Consumption
Nature: HasMember
Mapping: Allowed
Type: Class
ID: 410
Name: Insufficient Resource Pool
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 457
Name: Use of Uninitialized Variable
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 459
Name: Incomplete Cleanup
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 463
Name: Deletion of Data Structure Sentinel
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 470
Name: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 543
Name: Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 558
Name: Use of getlogin() in Multithreaded Application
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 581
Name: Object Model Violation: Just One of Equals and Hashcode Defined
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 585
Name: Empty Synchronized Block
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 597
Name: Use of Wrong Operator in String Comparison
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 601
Name: URL Redirection to Untrusted Site ('Open Redirect')
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 618
Name: Exposed Unsafe ActiveX Method
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 637
Name: Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 638
Name: Not Using Complete Mediation
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 640
Name: Weak Password Recovery Mechanism for Forgotten Password
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 656
Name: Reliance on Security Through Obscurity
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 657
Name: Violation of Secure Design Principles
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 66
Name: Improper Handling of File Names that Identify Virtual Resources
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 664
Name: Improper Control of a Resource Through its Lifetime
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 666
Name: Operation on Resource in Wrong Phase of Lifetime
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 67
Name: Improper Handling of Windows Device Names
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 670
Name: Always-Incorrect Control Flow Implementation
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 672
Name: Operation on a Resource after Expiration or Release
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 673
Name: External Influence of Sphere Definition
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 675
Name: Multiple Operations on Resource in Single-Operation Context
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 69
Name: Improper Handling of Windows ::DATA Alternate Data Stream
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 695
Name: Use of Low-Level Functionality
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 704
Name: Incorrect Type Conversion or Cast
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 705
Name: Incorrect Control Flow Scoping
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 707
Name: Improper Neutralization
Nature: HasMember
Mapping: Discouraged
Type: Pillar
ID: 710
Name: Improper Adherence to Coding Standards
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 733
Name: Compiler Optimization Removal or Modification of Security-critical Code
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 74
Name: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 749
Name: Exposed Dangerous Method or Function
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 755
Name: Improper Handling of Exceptional Conditions
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 758
Name: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 76
Name: Improper Neutralization of Equivalent Special Elements
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 767
Name: Access to Critical Private Variable via Public Method
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 798
Name: Use of Hard-coded Credentials
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 799
Name: Improper Control of Interaction Frequency
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 804
Name: Guessable CAPTCHA
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 832
Name: Unlock of a Resource that is not Locked
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 9
Name: J2EE Misconfiguration: Weak Access Permissions for EJB Methods
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-312 - Other (impact)
Details not found