CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-62 | UNIX Hard Link | Vulnerabilities |
CWE-64 | Windows Shortcut Following (.LNK) | Vulnerabilities |
CWE-65 | Windows Hard Link | Vulnerabilities |
CWE-66 | Improper Handling of File Names that Identify Virtual Resources | Vulnerabilities |
CWE-67 | Improper Handling of Windows Device Names | Vulnerabilities |
CWE-69 | Improper Handling of Windows ::DATA Alternate Data Stream | Vulnerabilities |
CWE-72 | Improper Handling of Apple HFS+ Alternate Data Stream Path | Vulnerabilities |
CWE-73 | External Control of File Name or Path | Vulnerabilities |
CWE-74 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') | Vulnerabilities |
CWE-75 | Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) | Vulnerabilities |
CWE-76 | Improper Neutralization of Equivalent Special Elements | Vulnerabilities |
CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') | Vulnerabilities |
CWE-78 | Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | Vulnerabilities |
CWE-79 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | Vulnerabilities |
CWE-80 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | Vulnerabilities |
CWE-81 | Improper Neutralization of Script in an Error Message Web Page | Vulnerabilities |
CWE-82 | Improper Neutralization of Script in Attributes of IMG Tags in a Web Page | Vulnerabilities |
CWE-83 | Improper Neutralization of Script in Attributes in a Web Page | Vulnerabilities |
CWE-84 | Improper Neutralization of Encoded URI Schemes in a Web Page | Vulnerabilities |
CWE-85 | Doubled Character XSS Manipulations | Vulnerabilities |
CWE-86 | Improper Neutralization of Invalid Characters in Identifiers in Web Pages | Vulnerabilities |
CWE-87 | Improper Neutralization of Alternate XSS Syntax | Vulnerabilities |
CWE-88 | Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') | Vulnerabilities |
CWE-89 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | Vulnerabilities |
CWE-90 | Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') | Vulnerabilities |
CWE-91 | XML Injection (aka Blind XPath Injection) | Vulnerabilities |
CWE-93 | Improper Neutralization of CRLF Sequences ('CRLF Injection') | Vulnerabilities |
CWE-94 | Improper Control of Generation of Code ('Code Injection') | Vulnerabilities |
CWE-95 | Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') | Vulnerabilities |
CWE-96 | Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') | Vulnerabilities |
CWE-97 | Improper Neutralization of Server-Side Includes (SSI) Within a Web Page | Vulnerabilities |
CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Vulnerabilities |
CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') | Vulnerabilities |
CWE-102 | Struts: Duplicate Validation Forms | Vulnerabilities |
CWE-103 | Struts: Incomplete validate() Method Definition | Vulnerabilities |
CWE-104 | Struts: Form Bean Does Not Extend Validation Class | Vulnerabilities |
CWE-105 | Struts: Form Field Without Validator | Vulnerabilities |
CWE-106 | Struts: Plug-in Framework not in Use | Vulnerabilities |
CWE-107 | Struts: Unused Validation Form | Vulnerabilities |
CWE-108 | Struts: Unvalidated Action Form | Vulnerabilities |
CWE-109 | Struts: Validator Turned Off | Vulnerabilities |
CWE-110 | Struts: Validator Without Form Field | Vulnerabilities |
CWE-111 | Direct Use of Unsafe JNI | Vulnerabilities |
CWE-112 | Missing XML Validation | Vulnerabilities |
CWE-113 | Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') | Vulnerabilities |
CWE-114 | Process Control | Vulnerabilities |
CWE-115 | Misinterpretation of Input | Vulnerabilities |
CWE-116 | Improper Encoding or Escaping of Output | Vulnerabilities |
CWE-117 | Improper Output Neutralization for Logs | Vulnerabilities |
CWE-118 | Incorrect Access of Indexable Resource ('Range Error') | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.