Communication Channel Errors

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.


Binding to an Unrestricted IP Address

The product assigns the address for a database server, a cloud service/instance, or any computing resource that communicates remotely.

Covert Storage Channel

A covert storage channel transfers information through the setting of bits by one program and the reading of those bits by another. What distinguishes this case from t...

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system beha...

Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The product establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was no...

Improper Verification of Source of a Communication Channel

The product establishes a communication channel to handle an incoming request that has been initiated by an actor, but it does not properly verify that the request is ...

Incorrectly Specified Destination in a Communication Channel

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

Key Exchange without Entity Authentication

The product performs a key exchange with an actor without verifying the identity of that actor.

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the reques...

Unprotected Alternate Channel

The product protects a primary channel, but it does not use the same level of protection for an alternate channel.

Unprotected Primary Channel

The product uses a primary channel for administration or restricted functionality, but it does not properly protect the channel.


Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.