CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-627 | Dynamic Variable Evaluation | Vulnerabilities |
CWE-626 | Null Byte Interaction Error (Poison Null Byte) | Vulnerabilities |
CWE-625 | Permissive Regular Expression | Vulnerabilities |
CWE-624 | Executable Regular Expression Error | Vulnerabilities |
CWE-623 | Unsafe ActiveX Control Marked Safe For Scripting | Vulnerabilities |
CWE-622 | Improper Validation of Function Hook Arguments | Vulnerabilities |
CWE-621 | Variable Extraction Error | Vulnerabilities |
CWE-620 | Unverified Password Change | Vulnerabilities |
CWE-619 | Dangling Database Cursor ('Cursor Injection') | Vulnerabilities |
CWE-618 | Exposed Unsafe ActiveX Method | Vulnerabilities |
CWE-617 | Reachable Assertion | Vulnerabilities |
CWE-616 | Incomplete Identification of Uploaded File Variables (PHP) | Vulnerabilities |
CWE-615 | Inclusion of Sensitive Information in Source Code Comments | Vulnerabilities |
CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | Vulnerabilities |
CWE-613 | Insufficient Session Expiration | Vulnerabilities |
CWE-612 | Improper Authorization of Index Containing Sensitive Information | Vulnerabilities |
CWE-611 | Improper Restriction of XML External Entity Reference | Vulnerabilities |
CWE-610 | Externally Controlled Reference to a Resource in Another Sphere | Vulnerabilities |
CWE-609 | Double-Checked Locking | Vulnerabilities |
CWE-608 | Struts: Non-private Field in ActionForm Class | Vulnerabilities |
CWE-607 | Public Static Final Field References Mutable Object | Vulnerabilities |
CWE-606 | Unchecked Input for Loop Condition | Vulnerabilities |
CWE-605 | Multiple Binds to the Same Port | Vulnerabilities |
CWE-603 | Use of Client-Side Authentication | Vulnerabilities |
CWE-602 | Client-Side Enforcement of Server-Side Security | Vulnerabilities |
CWE-601 | URL Redirection to Untrusted Site ('Open Redirect') | Vulnerabilities |
CWE-600 | Uncaught Exception in Servlet | Vulnerabilities |
CWE-599 | Missing Validation of OpenSSL Certificate | Vulnerabilities |
CWE-598 | Use of GET Request Method With Sensitive Query Strings | Vulnerabilities |
CWE-597 | Use of Wrong Operator in String Comparison | Vulnerabilities |
CWE-595 | Comparison of Object References Instead of Object Contents | Vulnerabilities |
CWE-594 | J2EE Framework: Saving Unserializable Objects to Disk | Vulnerabilities |
CWE-593 | Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created | Vulnerabilities |
CWE-591 | Sensitive Data Storage in Improperly Locked Memory | Vulnerabilities |
CWE-590 | Free of Memory not on the Heap | Vulnerabilities |
CWE-589 | Call to Non-ubiquitous API | Vulnerabilities |
CWE-588 | Attempt to Access Child of a Non-structure Pointer | Vulnerabilities |
CWE-587 | Assignment of a Fixed Address to a Pointer | Vulnerabilities |
CWE-586 | Explicit Call to Finalize() | Vulnerabilities |
CWE-585 | Empty Synchronized Block | Vulnerabilities |
CWE-584 | Return Inside Finally Block | Vulnerabilities |
CWE-583 | finalize() Method Declared Public | Vulnerabilities |
CWE-582 | Array Declared Public, Final, and Static | Vulnerabilities |
CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | Vulnerabilities |
CWE-580 | clone() Method Without super.clone() | Vulnerabilities |
CWE-579 | J2EE Bad Practices: Non-serializable Object Stored in Session | Vulnerabilities |
CWE-578 | EJB Bad Practices: Use of Class Loader | Vulnerabilities |
CWE-577 | EJB Bad Practices: Use of Sockets | Vulnerabilities |
CWE-576 | EJB Bad Practices: Use of Java I/O | Vulnerabilities |
CWE-575 | EJB Bad Practices: Use of AWT Swing | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.