web-based-(technology-class)-weaknesses | ByteOS Network

CWE VIEW:Web Based (technology class) Weaknesses

ID:BOSS-309

Vulnerability Mapping:Prohibited

Type:Implicit

Status:Draft

Details Content History Observed CVE Examples Reports

▼Objective

This view categorizes and displays weaknesses by technology class Web Based.

▼Memberships

Nature	Mapping	Type	ID	Name
HasMember	Allowed	V	1004	Sensitive Cookie Without 'HttpOnly' Flag
HasMember	Allowed	B	1007	Insufficient Visual Distinction of Homoglyphs Presented to User
HasMember	Allowed	B	1021	Improper Restriction of Rendered UI Layers or Frames
HasMember	Allowed	V	1022	Use of Web Link to Untrusted Target with window.opener Access
HasMember	Allowed	V	113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
HasMember	Allowed	B	1249	Application-Level Admin Tool with Inconsistent View of Underlying Operating System
HasMember	Allowed	V	1275	Sensitive Cookie with Improper SameSite Attribute
HasMember	Allowed	B	425	Direct Request ('Forced Browsing')
HasMember	Allowed	B	444	Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
HasMember	Allowed	B	601	URL Redirection to Untrusted Site ('Open Redirect')
HasMember	Allowed	B	611	Improper Restriction of XML External Entity Reference
HasMember	Allowed	V	614	Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
HasMember	Allowed	V	644	Improper Neutralization of HTTP Headers for Scripting Syntax
HasMember	Allowed	V	784	Reliance on Cookies without Validation and Integrity Checking in a Security Decision
HasMember	Allowed	B	79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
HasMember	Allowed	V	942	Permissive Cross-domain Policy with Untrusted Domains

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 1004

Name: Sensitive Cookie Without 'HttpOnly' Flag

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1007

Name: Insufficient Visual Distinction of Homoglyphs Presented to User

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1021

Name: Improper Restriction of Rendered UI Layers or Frames

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 1022

Name: Use of Web Link to Untrusted Target with window.opener Access

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 113

Name: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 1249

Name: Application-Level Admin Tool with Inconsistent View of Underlying Operating System

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 1275

Name: Sensitive Cookie with Improper SameSite Attribute

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 425

Name: Direct Request ('Forced Browsing')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 444

Name: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 601

Name: URL Redirection to Untrusted Site ('Open Redirect')

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 611

Name: Improper Restriction of XML External Entity Reference

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 614

Name: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 644

Name: Improper Neutralization of HTTP Headers for Scripting Syntax

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 784

Name: Reliance on Cookies without Validation and Integrity Checking in a Security Decision

Nature: HasMember

Mapping: Allowed

Type: Base

ID: 79

Name: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Nature: HasMember

Mapping: Allowed

Type: Variant

ID: 942

Name: Permissive Cross-domain Policy with Untrusted Domains

▼Vulnerability Mapping Notes

Usage:Prohibited

Reason:View

Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.