CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-344 | Use of Invariant Value in Dynamically Changing Context | Vulnerabilities |
CWE-345 | Insufficient Verification of Data Authenticity | Vulnerabilities |
CWE-346 | Origin Validation Error | Vulnerabilities |
CWE-347 | Improper Verification of Cryptographic Signature | Vulnerabilities |
CWE-348 | Use of Less Trusted Source | Vulnerabilities |
CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data | Vulnerabilities |
CWE-350 | Reliance on Reverse DNS Resolution for a Security-Critical Action | Vulnerabilities |
CWE-351 | Insufficient Type Distinction | Vulnerabilities |
CWE-352 | Cross-Site Request Forgery (CSRF) | Vulnerabilities |
CWE-353 | Missing Support for Integrity Check | Vulnerabilities |
CWE-354 | Improper Validation of Integrity Check Value | Vulnerabilities |
CWE-356 | Product UI does not Warn User of Unsafe Actions | Vulnerabilities |
CWE-357 | Insufficient UI Warning of Dangerous Operations | Vulnerabilities |
CWE-358 | Improperly Implemented Security Check for Standard | Vulnerabilities |
CWE-359 | Exposure of Private Personal Information to an Unauthorized Actor | Vulnerabilities |
CWE-360 | Trust of System Event Data | Vulnerabilities |
CWE-362 | Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') | Vulnerabilities |
CWE-363 | Race Condition Enabling Link Following | Vulnerabilities |
CWE-364 | Signal Handler Race Condition | Vulnerabilities |
CWE-366 | Race Condition within a Thread | Vulnerabilities |
CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | Vulnerabilities |
CWE-368 | Context Switching Race Condition | Vulnerabilities |
CWE-369 | Divide By Zero | Vulnerabilities |
CWE-370 | Missing Check for Certificate Revocation after Initial Check | Vulnerabilities |
CWE-372 | Incomplete Internal State Distinction | Vulnerabilities |
CWE-374 | Passing Mutable Objects to an Untrusted Method | Vulnerabilities |
CWE-375 | Returning a Mutable Object to an Untrusted Caller | Vulnerabilities |
CWE-377 | Insecure Temporary File | Vulnerabilities |
CWE-378 | Creation of Temporary File With Insecure Permissions | Vulnerabilities |
CWE-379 | Creation of Temporary File in Directory with Insecure Permissions | Vulnerabilities |
CWE-382 | J2EE Bad Practices: Use of System.exit() | Vulnerabilities |
CWE-383 | J2EE Bad Practices: Direct Use of Threads | Vulnerabilities |
CWE-384 | Session Fixation | Vulnerabilities |
CWE-385 | Covert Timing Channel | Vulnerabilities |
CWE-386 | Symbolic Name not Mapping to Correct Object | Vulnerabilities |
CWE-390 | Detection of Error Condition Without Action | Vulnerabilities |
CWE-391 | Unchecked Error Condition | Vulnerabilities |
CWE-392 | Missing Report of Error Condition | Vulnerabilities |
CWE-393 | Return of Wrong Status Code | Vulnerabilities |
CWE-394 | Unexpected Status Code or Return Value | Vulnerabilities |
CWE-395 | Use of NullPointerException Catch to Detect NULL Pointer Dereference | Vulnerabilities |
CWE-396 | Declaration of Catch for Generic Exception | Vulnerabilities |
CWE-397 | Declaration of Throws for Generic Exception | Vulnerabilities |
CWE-400 | Uncontrolled Resource Consumption | Vulnerabilities |
CWE-401 | Missing Release of Memory after Effective Lifetime | Vulnerabilities |
CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Vulnerabilities |
CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | Vulnerabilities |
CWE-404 | Improper Resource Shutdown or Release | Vulnerabilities |
CWE-405 | Asymmetric Resource Consumption (Amplification) | Vulnerabilities |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.