CAPEC Related Weakness
Subverting Environment Variable Values
CWE-15External Control of System or Configuration Setting
CWE-20Improper Input Validation
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-353Missing Support for Integrity Check
Footprinting
CWE-200Information Exposure
CWE-202Exposure of Sensitive Data Through Data Queries
CWE-276Incorrect Default Permissions
CWE-311Missing Encryption of Sensitive Data
CWE-312Cleartext Storage of Sensitive Information
CWE-319Cleartext Transmission of Sensitive Information
CWE-497Exposure of System Data to an Unauthorized Control Sphere
CWE-538File and Directory Information Exposure
Exploiting Trust in Client (aka Make the Client Invisible)
CWE-20Improper Input Validation
CWE-200Information Exposure
CWE-287Improper Authentication
CWE-290Authentication Bypass by Spoofing
CWE-693Protection Mechanism Failure
Browser Fingerprinting
CWE-200Information Exposure
Session Credential Falsification through Prediction
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-330Use of Insufficiently Random Values
CWE-331Insufficient Entropy
CWE-346Origin Validation Error
CWE-384
CWE-488Exposure of Data Element to Wrong Session
CWE-539Information Exposure Through Persistent Cookies
CWE-693Protection Mechanism Failure
CWE-719
Reusing Session IDs (aka Session Replay)
CWE-200Information Exposure
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384
CWE-488Exposure of Data Element to Wrong Session
CWE-539Information Exposure Through Persistent Cookies
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Using Slashes in Alternate Encoding
CWE-20Improper Input Validation
CWE-21
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-171
CWE-173Improper Handling of Alternate Encoding
CWE-180Incorrect Behavior Order: Validate Before Canonicalize
CWE-181Incorrect Behavior Order: Validate Before Filter
CWE-185Incorrect Regular Expression
CWE-200Information Exposure
CWE-697Insufficient Comparison
CWE-707Improper Enforcement of Message or Data Structure
Back to Top