CAPEC Related Weakness
Exploitation of Session Variables, Resource IDs and other Trusted Credentials
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290Authentication Bypass by Spoofing
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-346Origin Validation Error
CWE-384
CWE-539Information Exposure Through Persistent Cookies
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-664Improper Control of a Resource Through its Lifetime
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20Improper Input Validation
CWE-113Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-311Missing Encryption of Sensitive Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-384
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Information Exposure Through Persistent Cookies
CWE-565Reliance on Cookies without Validation and Integrity Checking
CWE-602Client-Side Enforcement of Server-Side Security
CWE-642External Control of Critical State Data
CWE-724
Lifting Sensitive Data from the Client
CWE-311Missing Encryption of Sensitive Data
CWE-642External Control of Critical State Data
Back to Top