San Francisco: +1 (415) 635 3784  |  Geneva: +41 (22) 723 2424   |  
ImmuniWeb®: Login | Register
ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

CWE Knowledge Base

High-Tech Bridge CWE (Common Weakness Enumeration by MITRE) Knowledge Base covers all CWE vulnerabilities that are encountered in High-Tech Bridge Security Advisories or detected by ImmuniWeb®. For each entry we try to provide as much information, examples and internal research as possible. Records are being regularly updated.

Some security weaknesses and misconfiguration related to web application that do not really fall under vulnerability section are grouped on the Common Web Application Security Weaknesses page. You can also view our CVSS calculator.

CWE-22 Path Traversal

This weakness describes improper filtering of pathname to a restricted direc­tory.

CWE-78 OS Command Injection

This weakness describes improper neutra­lization of special elements which results in modification of the OS command.

CWE-79 Cross-Site Scripting

This weakness describes improper neutra­lization of input during web page genera­tion.

CWE-89 SQL Injection

This weakness type describes improper neutralization of special elements used in an SQL query.

CWE-90 LDAP Injection

This weakness describes improper neutralization of special elements used in LDAP queries.

CWE-91 XML Injection

This weakness describes improper neutralization of special elements used in XML queries.

CWE-94 Code Injection

This weakness describes improper control of code generation.

CWE-98 PHP File Inclusion

This weakness describes improper control of filename within Include or Require statements in a PHP program.

CWE-113 HTTP Response Splitting

This weakness describes improper neutra­lization of CRLF sequences in HTTP hea­ders.

CWE-119 Buffer Errors

This weakness describes improper restric­tion of operations within the bounds of a memory buffer.

CWE-130 Improper Handling of Length Parameter Inconsistency

This weakness describes improper handling of a length field for associated data.

CWE-193 Off-by-one Error

This weakness occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value.

CWE-200 Information Exposure

This weakness describes intentional or un­intentional disclosure of information that is considered sensitive.

CWE-211 Information Exposure Through Externally-Generated Error Message

This weakness describes information exposure case, where software generates a message with potentially sensitive data and outputs it.

CWE-236 Improper Handling of Undefined Parameters

This weakness describes a case when application uses undefined parameter, field, or argument.

CWE-276 Incorrect Default Permissions

This weakness describes a case where software sets insecure permissions to objects on a system.

CWE-284 Improper Access Control

This weakness describes a failure in the AAA security model.

CWE-287 Improper Authentication

This weakness describes improper mecha­nisms of user's identity verification.

CWE-345 Insufficient Verification of Data Authenticity

This weakness describes improper or absent verification of input data authenticity.

CWE-352 Cross-Site Request Forgery

This weakness describes improper or absent verification of the HTTP request origin.

CWE-384 Session Fixation

This weakness describes a case where application incorrectly handles session identifiers when establishing new sessions.

CWE-427 Uncontrolled Search Path Element

This weakness is caused by applications passing an insufficiently qualified path when loading an external library.

CWE-434 Unrestricted Upload of File with Dangerous Type

This weakness describes improper valida­tion of file types when uploading files.

CWE-476 NULL Pointer Dereference

This weakness describes an application who dereferences a pointer that ought to be valid but indeed is NULL.

CWE-601 Open Redirect

This weakness describes improper saniti­zation of input that is used to redirect users to external websites.

CWE-613 Insufficient Session Expiration

This weakness describes a case of insufficient session expiration, which allows an attacker to use existing session identifier to log in into the application.

CWE-618 Exposed Unsafe ActiveX Method

This weakness describes exposure of dan­gerous ActiveX methods that perform acti­ons outside the browser's security model.

CWE-671 Lack of Administrator Control over Security

This weakness describes a case where implemented security features do not grant administrators full control over product security.

CWE-822 Untrusted Pointer Dereference

This weakness occurs where software uses untrusted input as a pointer value.

CWE-835 Infinite Loop

This weakness describes a case when a loop cannot reach an exit condition.


Copyright Disclaimer: Any above-mentioned content can be copied and used for non-commercial purposes only if proper credit to High-Tech Bridge is given.