CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-407 | Inefficient Algorithmic Complexity | Vulnerabilities |
CWE-408 | Incorrect Behavior Order: Early Amplification | Vulnerabilities |
CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | Vulnerabilities |
CWE-410 | Insufficient Resource Pool | Vulnerabilities |
CWE-412 | Unrestricted Externally Accessible Lock | Vulnerabilities |
CWE-413 | Improper Resource Locking | Vulnerabilities |
CWE-414 | Missing Lock Check | Vulnerabilities |
CWE-415 | Double Free | Vulnerabilities |
CWE-416 | Use After Free | Vulnerabilities |
CWE-419 | Unprotected Primary Channel | Vulnerabilities |
CWE-420 | Unprotected Alternate Channel | Vulnerabilities |
CWE-421 | Race Condition During Access to Alternate Channel | Vulnerabilities |
CWE-422 | Unprotected Windows Messaging Channel ('Shatter') | Vulnerabilities |
CWE-424 | Improper Protection of Alternate Path | Vulnerabilities |
CWE-425 | Direct Request ('Forced Browsing') | Vulnerabilities |
CWE-426 | Untrusted Search Path | Vulnerabilities |
CWE-427 | Uncontrolled Search Path Element | Vulnerabilities |
CWE-428 | Unquoted Search Path or Element | Vulnerabilities |
CWE-430 | Deployment of Wrong Handler | Vulnerabilities |
CWE-431 | Missing Handler | Vulnerabilities |
CWE-432 | Dangerous Signal Handler not Disabled During Sensitive Operations | Vulnerabilities |
CWE-433 | Unparsed Raw Web Content Delivery | Vulnerabilities |
CWE-434 | Unrestricted Upload of File with Dangerous Type | Vulnerabilities |
CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities | Vulnerabilities |
CWE-436 | Interpretation Conflict | Vulnerabilities |
CWE-437 | Incomplete Model of Endpoint Features | Vulnerabilities |
CWE-439 | Behavioral Change in New Version or Environment | Vulnerabilities |
CWE-440 | Expected Behavior Violation | Vulnerabilities |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | Vulnerabilities |
CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | Vulnerabilities |
CWE-446 | UI Discrepancy for Security Feature | Vulnerabilities |
CWE-447 | Unimplemented or Unsupported Feature in UI | Vulnerabilities |
CWE-448 | Obsolete Feature in UI | Vulnerabilities |
CWE-449 | The UI Performs the Wrong Action | Vulnerabilities |
CWE-450 | Multiple Interpretations of UI Input | Vulnerabilities |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Vulnerabilities |
CWE-453 | Insecure Default Variable Initialization | Vulnerabilities |
CWE-454 | External Initialization of Trusted Variables or Data Stores | Vulnerabilities |
CWE-455 | Non-exit on Failed Initialization | Vulnerabilities |
CWE-456 | Missing Initialization of a Variable | Vulnerabilities |
CWE-457 | Use of Uninitialized Variable | Vulnerabilities |
CWE-459 | Incomplete Cleanup | Vulnerabilities |
CWE-460 | Improper Cleanup on Thrown Exception | Vulnerabilities |
CWE-462 | Duplicate Key in Associative List (Alist) | Vulnerabilities |
CWE-463 | Deletion of Data Structure Sentinel | Vulnerabilities |
CWE-464 | Addition of Data Structure Sentinel | Vulnerabilities |
CWE-466 | Return of Pointer Value Outside of Expected Range | Vulnerabilities |
CWE-467 | Use of sizeof() on a Pointer Type | Vulnerabilities |
CWE-468 | Incorrect Pointer Scaling | Vulnerabilities |
CWE-469 | Use of Pointer Subtraction to Determine Size | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.