CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-470 | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | Vulnerabilities |
CWE-471 | Modification of Assumed-Immutable Data (MAID) | Vulnerabilities |
CWE-472 | External Control of Assumed-Immutable Web Parameter | Vulnerabilities |
CWE-473 | PHP External Variable Modification | Vulnerabilities |
CWE-474 | Use of Function with Inconsistent Implementations | Vulnerabilities |
CWE-475 | Undefined Behavior for Input to API | Vulnerabilities |
CWE-476 | NULL Pointer Dereference | Vulnerabilities |
CWE-477 | Use of Obsolete Function | Vulnerabilities |
CWE-478 | Missing Default Case in Multiple Condition Expression | Vulnerabilities |
CWE-479 | Signal Handler Use of a Non-reentrant Function | Vulnerabilities |
CWE-480 | Use of Incorrect Operator | Vulnerabilities |
CWE-481 | Assigning instead of Comparing | Vulnerabilities |
CWE-482 | Comparing instead of Assigning | Vulnerabilities |
CWE-483 | Incorrect Block Delimitation | Vulnerabilities |
CWE-484 | Omitted Break Statement in Switch | Vulnerabilities |
CWE-486 | Comparison of Classes by Name | Vulnerabilities |
CWE-487 | Reliance on Package-level Scope | Vulnerabilities |
CWE-488 | Exposure of Data Element to Wrong Session | Vulnerabilities |
CWE-489 | Active Debug Code | Vulnerabilities |
CWE-491 | Public cloneable() Method Without Final ('Object Hijack') | Vulnerabilities |
CWE-492 | Use of Inner Class Containing Sensitive Data | Vulnerabilities |
CWE-493 | Critical Public Variable Without Final Modifier | Vulnerabilities |
CWE-494 | Download of Code Without Integrity Check | Vulnerabilities |
CWE-495 | Private Data Structure Returned From A Public Method | Vulnerabilities |
CWE-496 | Public Data Assigned to Private Array-Typed Field | Vulnerabilities |
CWE-497 | Exposure of Sensitive System Information to an Unauthorized Control Sphere | Vulnerabilities |
CWE-498 | Cloneable Class Containing Sensitive Information | Vulnerabilities |
CWE-499 | Serializable Class Containing Sensitive Data | Vulnerabilities |
CWE-500 | Public Static Field Not Marked Final | Vulnerabilities |
CWE-501 | Trust Boundary Violation | Vulnerabilities |
CWE-502 | Deserialization of Untrusted Data | Vulnerabilities |
CWE-506 | Embedded Malicious Code | Vulnerabilities |
CWE-507 | Trojan Horse | Vulnerabilities |
CWE-508 | Non-Replicating Malicious Code | Vulnerabilities |
CWE-509 | Replicating Malicious Code (Virus or Worm) | Vulnerabilities |
CWE-510 | Trapdoor | Vulnerabilities |
CWE-511 | Logic/Time Bomb | Vulnerabilities |
CWE-512 | Spyware | Vulnerabilities |
CWE-514 | Covert Channel | Vulnerabilities |
CWE-515 | Covert Storage Channel | Vulnerabilities |
CWE-520 | .NET Misconfiguration: Use of Impersonation | Vulnerabilities |
CWE-521 | Weak Password Requirements | Vulnerabilities |
CWE-522 | Insufficiently Protected Credentials | Vulnerabilities |
CWE-523 | Unprotected Transport of Credentials | Vulnerabilities |
CWE-524 | Use of Cache Containing Sensitive Information | Vulnerabilities |
CWE-525 | Use of Web Browser Cache Containing Sensitive Information | Vulnerabilities |
CWE-526 | Cleartext Storage of Sensitive Information in an Environment Variable | Vulnerabilities |
CWE-527 | Exposure of Version-Control Repository to an Unauthorized Control Sphere | Vulnerabilities |
CWE-528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Vulnerabilities |
CWE-529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.