Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Weaknesses Originally Used by NVD from 2008 to 2016
ID:635
Vulnerability Mapping:Prohibited
Type:Explicit
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.

▼Memberships
NatureMappingTypeIDName
HasMemberProhibitedC16Configuration
HasMemberDiscouragedC20Improper Input Validation
HasMemberAllowedB22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
HasMemberAllowedB59Improper Link Resolution Before File Access ('Link Following')
HasMemberAllowedB78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
HasMemberAllowedB79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMemberAllowedB89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
HasMemberAllowed-with-ReviewB94Improper Control of Generation of Code ('Code Injection')
HasMemberDiscouragedC119Improper Restriction of Operations within the Bounds of a Memory Buffer
HasMemberAllowedB134Use of Externally-Controlled Format String
HasMemberProhibitedC189Numeric Errors
HasMemberDiscouragedC200Exposure of Sensitive Information to an Unauthorized Actor
HasMemberProhibitedC255Credentials Management Errors
HasMemberProhibitedC264Permissions, Privileges, and Access Controls
HasMemberDiscouragedC287Improper Authentication
HasMemberProhibitedC310Cryptographic Issues
HasMemberAllowedC352Cross-Site Request Forgery (CSRF)
HasMemberAllowed-with-ReviewC362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberProhibitedC399Resource Management Errors
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 16
Name: Configuration
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 20
Name: Improper Input Validation
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 22
Name: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 59
Name: Improper Link Resolution Before File Access ('Link Following')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 78
Name: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 79
Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 89
Name: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Nature: HasMember
Mapping: Allowed-with-Review
Type: Base
ID: 94
Name: Improper Control of Generation of Code ('Code Injection')
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 119
Name: Improper Restriction of Operations within the Bounds of a Memory Buffer
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 134
Name: Use of Externally-Controlled Format String
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 189
Name: Numeric Errors
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 200
Name: Exposure of Sensitive Information to an Unauthorized Actor
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 255
Name: Credentials Management Errors
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 264
Name: Permissions, Privileges, and Access Controls
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 287
Name: Improper Authentication
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 310
Name: Cryptographic Issues
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 352
Name: Cross-Site Request Forgery (CSRF)
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 362
Name: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Nature: HasMember
Mapping: Prohibited
Type: Category
ID: 399
Name: Resource Management Errors
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
Maintenance

In Summer 2007, NIST began using this set of CWE elements to classify CVE entries within the National Vulnerability Database (NVD). The data was made publicly available beginning in 2008. In 2016, NIST began using a different list as derived from the "Weaknesses for Simplified Mapping of Published Vulnerabilities" view (CWE-1003).

N/A

▼Audience
StakeholderDescription
▼References
Reference ID: REF-1
Title: CWE - Common Weakness Enumeration
Version: v4.15
Author: NIST
Publication:
Publisher:
Edition:
URL:http://nvd.nist.gov/cwe.cfm
URL Date:
Day:N/A
Month:N/A
Year:N/A
Expand AllCollapse All
635 - Weaknesses Originally Used by NVD from 2008 to 2016
Details not found