Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE VIEW:Weaknesses in Web Server
ID:BOSS-270
Vulnerability Mapping:Prohibited
Type:Implicit
Status:Draft
DetailsContent HistoryObserved CVE ExamplesReports
▼Objective

This view (slice) covers issues that are found in Web Server that are not common to all technologies.

▼Memberships
NatureMappingTypeIDName
HasMemberAllowed-with-ReviewC116Improper Encoding or Escaping of Output
HasMemberAllowedB1327Binding to an Unrestricted IP Address
HasMemberAllowedV1385Missing Origin Validation in WebSockets
HasMemberAllowedV26Path Traversal: '/dir/../filename'
HasMemberDiscouragedC285Improper Authorization
HasMemberAllowedC352Cross-Site Request Forgery (CSRF)
HasMemberAllowedB434Unrestricted Upload of File with Dangerous Type
HasMemberAllowed-with-ReviewC642External Control of Critical State Data
HasMemberAllowedV646Reliance on File Name or Extension of Externally-Supplied File
HasMemberAllowedV647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberAllowedV651Exposure of WSDL File Containing Sensitive Information
HasMemberAllowedB804Guessable CAPTCHA
HasMemberAllowed-with-ReviewC862Missing Authorization
HasMemberAllowed-with-ReviewC863Incorrect Authorization
HasMemberAllowedB918Server-Side Request Forgery (SSRF)
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 116
Name: Improper Encoding or Escaping of Output
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 1327
Name: Binding to an Unrestricted IP Address
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 1385
Name: Missing Origin Validation in WebSockets
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 26
Name: Path Traversal: '/dir/../filename'
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 285
Name: Improper Authorization
Nature: HasMember
Mapping: Allowed
Type: Compound
ID: 352
Name: Cross-Site Request Forgery (CSRF)
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 434
Name: Unrestricted Upload of File with Dangerous Type
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 642
Name: External Control of Critical State Data
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 646
Name: Reliance on File Name or Extension of Externally-Supplied File
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 647
Name: Use of Non-Canonical URL Paths for Authorization Decisions
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 651
Name: Exposure of WSDL File Containing Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 804
Name: Guessable CAPTCHA
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 862
Name: Missing Authorization
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 863
Name: Incorrect Authorization
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 918
Name: Server-Side Request Forgery (SSRF)
▼Vendors
Note: CVE records are filtered based on below selected vendors.
Not available
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:View
Rationale:

This entry is a View. Views are not weaknesses and therefore inappropriate to describe the root causes of vulnerabilities.

Comments:

Use this View or other Views to search and navigate for the appropriate weakness.

▼Notes
▼Audience
StakeholderDescription
▼References
Expand AllCollapse All
BOSS-270 - Weaknesses in Web Server
Details not found