CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-647 | Use of Non-Canonical URL Paths for Authorization Decisions | Vulnerabilities |
CWE-648 | Incorrect Use of Privileged APIs | Vulnerabilities |
CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking | Vulnerabilities |
CWE-650 | Trusting HTTP Permission Methods on the Server Side | Vulnerabilities |
CWE-651 | Exposure of WSDL File Containing Sensitive Information | Vulnerabilities |
CWE-652 | Improper Neutralization of Data within XQuery Expressions ('XQuery Injection') | Vulnerabilities |
CWE-653 | Improper Isolation or Compartmentalization | Vulnerabilities |
CWE-654 | Reliance on a Single Factor in a Security Decision | Vulnerabilities |
CWE-655 | Insufficient Psychological Acceptability | Vulnerabilities |
CWE-656 | Reliance on Security Through Obscurity | Vulnerabilities |
CWE-657 | Violation of Secure Design Principles | Vulnerabilities |
CWE-662 | Improper Synchronization | Vulnerabilities |
CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | Vulnerabilities |
CWE-664 | Improper Control of a Resource Through its Lifetime | Vulnerabilities |
CWE-665 | Improper Initialization | Vulnerabilities |
CWE-666 | Operation on Resource in Wrong Phase of Lifetime | Vulnerabilities |
CWE-667 | Improper Locking | Vulnerabilities |
CWE-668 | Exposure of Resource to Wrong Sphere | Vulnerabilities |
CWE-669 | Incorrect Resource Transfer Between Spheres | Vulnerabilities |
CWE-670 | Always-Incorrect Control Flow Implementation | Vulnerabilities |
CWE-671 | Lack of Administrator Control over Security | Vulnerabilities |
CWE-672 | Operation on a Resource after Expiration or Release | Vulnerabilities |
CWE-673 | External Influence of Sphere Definition | Vulnerabilities |
CWE-674 | Uncontrolled Recursion | Vulnerabilities |
CWE-675 | Multiple Operations on Resource in Single-Operation Context | Vulnerabilities |
CWE-676 | Use of Potentially Dangerous Function | Vulnerabilities |
CWE-680 | Integer Overflow to Buffer Overflow | Vulnerabilities |
CWE-681 | Incorrect Conversion between Numeric Types | Vulnerabilities |
CWE-682 | Incorrect Calculation | Vulnerabilities |
CWE-683 | Function Call With Incorrect Order of Arguments | Vulnerabilities |
CWE-684 | Incorrect Provision of Specified Functionality | Vulnerabilities |
CWE-685 | Function Call With Incorrect Number of Arguments | Vulnerabilities |
CWE-686 | Function Call With Incorrect Argument Type | Vulnerabilities |
CWE-687 | Function Call With Incorrectly Specified Argument Value | Vulnerabilities |
CWE-688 | Function Call With Incorrect Variable or Reference as Argument | Vulnerabilities |
CWE-689 | Permission Race Condition During Resource Copy | Vulnerabilities |
CWE-690 | Unchecked Return Value to NULL Pointer Dereference | Vulnerabilities |
CWE-691 | Insufficient Control Flow Management | Vulnerabilities |
CWE-692 | Incomplete Denylist to Cross-Site Scripting | Vulnerabilities |
CWE-693 | Protection Mechanism Failure | Vulnerabilities |
CWE-694 | Use of Multiple Resources with Duplicate Identifier | Vulnerabilities |
CWE-695 | Use of Low-Level Functionality | Vulnerabilities |
CWE-696 | Incorrect Behavior Order | Vulnerabilities |
CWE-697 | Incorrect Comparison | Vulnerabilities |
CWE-698 | Execution After Redirect (EAR) | Vulnerabilities |
CWE-703 | Improper Check or Handling of Exceptional Conditions | Vulnerabilities |
CWE-704 | Incorrect Type Conversion or Cast | Vulnerabilities |
CWE-705 | Incorrect Control Flow Scoping | Vulnerabilities |
CWE-706 | Use of Incorrectly-Resolved Name or Reference | Vulnerabilities |
CWE-707 | Improper Neutralization | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.