Weaknesses Originally Used by NVD from 2008 to 2016
A view in the Common Weakness Enumeration published by The MITRE Corporation.
Objective
Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.
CWE nodes in this view (slice) were used by NIST to categorize vulnerabilities within NVD, from 2008 to 2016. This original version has been used by many other projects.
Weaknesses
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource...
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated...
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process th...
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but ...
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an uni...
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or...
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Categories
Weaknesses in this category are related to the management of credentials.
Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniqu...
Weaknesses in this category are related to improper calculation or conversion of numbers.
Weaknesses in this category are related to improper management of system resources.
Deprecated or Obsolete
Weaknesses in this category are typically introduced during the configuration of the software.
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
See Also
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.