CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-587 | Assignment of a Fixed Address to a Pointer | Vulnerabilities |
CWE-588 | Attempt to Access Child of a Non-structure Pointer | Vulnerabilities |
CWE-589 | Call to Non-ubiquitous API | Vulnerabilities |
CWE-590 | Free of Memory not on the Heap | Vulnerabilities |
CWE-591 | Sensitive Data Storage in Improperly Locked Memory | Vulnerabilities |
CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | Vulnerabilities |
CWE-594 | J2EE Framework: Saving Unserializable Objects to Disk | Vulnerabilities |
CWE-595 | Comparison of Object References Instead of Object Contents | Vulnerabilities |
CWE-597 | Use of Wrong Operator in String Comparison | Vulnerabilities |
CWE-598 | Use of GET Request Method With Sensitive Query Strings | Vulnerabilities |
CWE-599 | Missing Validation of OpenSSL Certificate | Vulnerabilities |
CWE-600 | Uncaught Exception in Servlet | Vulnerabilities |
CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | Vulnerabilities |
CWE-602 | Client-Side Enforcement of Server-Side Security | Vulnerabilities |
CWE-603 | Use of Client-Side Authentication | Vulnerabilities |
CWE-605 | Multiple Binds to the Same Port | Vulnerabilities |
CWE-606 | Unchecked Input for Loop Condition | Vulnerabilities |
CWE-607 | Public Static Final Field References Mutable Object | Vulnerabilities |
CWE-608 | Struts: Non-private Field in ActionForm Class | Vulnerabilities |
CWE-609 | Double-Checked Locking | Vulnerabilities |
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Vulnerabilities |
CWE-611 | Improper Restriction of XML External Entity Reference | Vulnerabilities |
CWE-612 | Improper Authorization of Index Containing Sensitive Information | Vulnerabilities |
CWE-613 | Insufficient Session Expiration | Vulnerabilities |
CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | Vulnerabilities |
CWE-615 | Inclusion of Sensitive Information in Source Code Comments | Vulnerabilities |
CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Vulnerabilities |
CWE-617 | Reachable Assertion | Vulnerabilities |
CWE-618 | Exposed Unsafe ActiveX Method | Vulnerabilities |
CWE-619 | Dangling Database Cursor ('Cursor Injection') | Vulnerabilities |
CWE-620 | Unverified Password Change | Vulnerabilities |
CWE-621 | Variable Extraction Error | Vulnerabilities |
CWE-622 | Improper Validation of Function Hook Arguments | Vulnerabilities |
CWE-623 | Unsafe ActiveX Control Marked Safe For Scripting | Vulnerabilities |
CWE-624 | Executable Regular Expression Error | Vulnerabilities |
CWE-625 | Permissive Regular Expression | Vulnerabilities |
CWE-626 | Null Byte Interaction Error (Poison Null Byte) | Vulnerabilities |
CWE-627 | Dynamic Variable Evaluation | Vulnerabilities |
CWE-628 | Function Call with Incorrectly Specified Arguments | Vulnerabilities |
CWE-636 | Not Failing Securely ('Failing Open') | Vulnerabilities |
CWE-637 | Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism') | Vulnerabilities |
CWE-638 | Not Using Complete Mediation | Vulnerabilities |
CWE-639 | Authorization Bypass Through User-Controlled Key | Vulnerabilities |
CWE-640 | Weak Password Recovery Mechanism for Forgotten Password | Vulnerabilities |
CWE-641 | Improper Restriction of Names for Files and Other Resources | Vulnerabilities |
CWE-642 | External Control of Critical State Data | Vulnerabilities |
CWE-643 | Improper Neutralization of Data within XPath Expressions ('XPath Injection') | Vulnerabilities |
CWE-644 | Improper Neutralization of HTTP Headers for Scripting Syntax | Vulnerabilities |
CWE-645 | Overly Restrictive Account Lockout Mechanism | Vulnerabilities |
CWE-646 | Reliance on File Name or Extension of Externally-Supplied File | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.