CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-530 | Exposure of Backup File to an Unauthorized Control Sphere | Vulnerabilities |
CWE-531 | Inclusion of Sensitive Information in Test Code | Vulnerabilities |
CWE-532 | Insertion of Sensitive Information into Log File | Vulnerabilities |
CWE-535 | Exposure of Information Through Shell Error Message | Vulnerabilities |
CWE-536 | Servlet Runtime Error Message Containing Sensitive Information | Vulnerabilities |
CWE-537 | Java Runtime Error Message Containing Sensitive Information | Vulnerabilities |
CWE-538 | Insertion of Sensitive Information into Externally-Accessible File or Directory | Vulnerabilities |
CWE-539 | Use of Persistent Cookies Containing Sensitive Information | Vulnerabilities |
CWE-540 | Inclusion of Sensitive Information in Source Code | Vulnerabilities |
CWE-541 | Inclusion of Sensitive Information in an Include File | Vulnerabilities |
CWE-543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | Vulnerabilities |
CWE-544 | Missing Standardized Error Handling Mechanism | Vulnerabilities |
CWE-546 | Suspicious Comment | Vulnerabilities |
CWE-547 | Use of Hard-coded, Security-relevant Constants | Vulnerabilities |
CWE-548 | Exposure of Information Through Directory Listing | Vulnerabilities |
CWE-549 | Missing Password Field Masking | Vulnerabilities |
CWE-550 | Server-generated Error Message Containing Sensitive Information | Vulnerabilities |
CWE-551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization | Vulnerabilities |
CWE-552 | Files or Directories Accessible to External Parties | Vulnerabilities |
CWE-553 | Command Shell in Externally Accessible Directory | Vulnerabilities |
CWE-554 | ASP.NET Misconfiguration: Not Using Input Validation Framework | Vulnerabilities |
CWE-555 | J2EE Misconfiguration: Plaintext Password in Configuration File | Vulnerabilities |
CWE-556 | ASP.NET Misconfiguration: Use of Identity Impersonation | Vulnerabilities |
CWE-558 | Use of getlogin() in Multithreaded Application | Vulnerabilities |
CWE-560 | Use of umask() with chmod-style Argument | Vulnerabilities |
CWE-561 | Dead Code | Vulnerabilities |
CWE-562 | Return of Stack Variable Address | Vulnerabilities |
CWE-563 | Assignment to Variable without Use | Vulnerabilities |
CWE-564 | SQL Injection: Hibernate | Vulnerabilities |
CWE-565 | Reliance on Cookies without Validation and Integrity Checking | Vulnerabilities |
CWE-566 | Authorization Bypass Through User-Controlled SQL Primary Key | Vulnerabilities |
CWE-567 | Unsynchronized Access to Shared Data in a Multithreaded Context | Vulnerabilities |
CWE-568 | finalize() Method Without super.finalize() | Vulnerabilities |
CWE-570 | Expression is Always False | Vulnerabilities |
CWE-571 | Expression is Always True | Vulnerabilities |
CWE-572 | Call to Thread run() instead of start() | Vulnerabilities |
CWE-573 | Improper Following of Specification by Caller | Vulnerabilities |
CWE-574 | EJB Bad Practices: Use of Synchronization Primitives | Vulnerabilities |
CWE-575 | EJB Bad Practices: Use of AWT Swing | Vulnerabilities |
CWE-576 | EJB Bad Practices: Use of Java I/O | Vulnerabilities |
CWE-577 | EJB Bad Practices: Use of Sockets | Vulnerabilities |
CWE-578 | EJB Bad Practices: Use of Class Loader | Vulnerabilities |
CWE-579 | J2EE Bad Practices: Non-serializable Object Stored in Session | Vulnerabilities |
CWE-580 | clone() Method Without super.clone() | Vulnerabilities |
CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | Vulnerabilities |
CWE-582 | Array Declared Public, Final, and Static | Vulnerabilities |
CWE-583 | finalize() Method Declared Public | Vulnerabilities |
CWE-584 | Return Inside Finally Block | Vulnerabilities |
CWE-585 | Empty Synchronized Block | Vulnerabilities |
CWE-586 | Explicit Call to Finalize() | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.