| CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length |
| CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
| CWE-285 | Improper Authorization |
| CWE-290 | Authentication Bypass by Spoofing |
| CWE-330 | Use of Insufficiently Random Values |
| CWE-331 | Insufficient Entropy |
| CWE-346 | Origin Validation Error |
| CWE-384 | Session Fixation |
| CWE-488 | Exposure of Data Element to Wrong Session |
| CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
| CWE-693 | Protection Mechanism Failure |
| CWE-719 | OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage |
