ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

CWE Vulnerabilities Glossary

This CWE glossary does not include description of all existing CWE-IDs and covers only the ones that are encountered in High-Tech Bridge Security Advisories or detected by ImmuniWeb®.

CWE-22
Path Traversal

This weakness describes improper limi­tation of pathname to a restricted direc­tory.

CWE-78
OS Command Injection

This weakness describes improper neutra­lization of special elements which results in modification of the OS command.

CWE-79
Cross-Site Scripting

This weakness describes improper neutra­lization of input during web page genera­tion.

CWE-89
SQL Injection

This weakness type describes improper neutralization of special elements used in an SQL query.

CWE-90
LDAP Injection

This weakness describes improper neutralization of special elements used in LDAP queries.

CWE-91
XML Injection

This weakness describes improper neutralization of special elements used in XML queries.

CWE-94
Code Injection

This weakness describes improper control of code generation.

CWE-98
PHP File Inclusion

This weakness describes improper control of filename within Include or Require statements in a PHP program.

CWE-113
HTTP Response Splitting

This weakness describes improper neutra­lization of CRLF sequences in HTTP hea­ders.

CWE-119
Buffer Errors

This weakness describes improper restric­tion of operations within the bounds of a memory buffer.

CWE-130
Improper Handling of Length Parameter Inconsistency

This weakness describes improper handling of a length field for associated data.

CWE-193
Off-by-one Error

This weakness occurs when a program uses an improper maximum or minimum value that is one more or one less than the proper value.

CWE-200
Information Exposure

This weakness describes intentional or un­intentional disclosure of information that is considered sensitive.

CWE-211
Information Exposure Through Externally-Generated Error Message

This weakness describes information exposure case, where software generates a message with potentially sensitive data and outputs it.

CWE-236
Improper Handling of Undefined Parameters

This weakness describes a case when application uses undefined parameter, field, or argument.

CWE-276
Incorrect Default Permissions

This weakness describes a case where software sets insecure permissions to objects on a system.

CWE-284
Improper Access Control

This weakness describes a failure in the AAA security model.

CWE-287
Improper Authentication

This weakness describes improper mecha­nisms of user's identity verification.

CWE-345
Insufficient Verification of Data Authenticity

This weakness describes improper or absent verification of input data authenticity.

CWE-352
Cross-Site Request Forgery

This weakness describes improper or absent verification of the HTTP request origin.

CWE-427
Uncontrolled Search Path Element

This weakness is caused by applications passing an insufficiently qualified path when loading an external library.

CWE-434
Unrestricted Upload of File with Dangerous Type

This weakness describes improper valida­tion of file types when uploading files.

CWE-476
NULL Pointer Dereference

This weakness describes an application who dereferences a pointer that ought to be valid but indeed is NULL.

CWE-601
Open Redirect

This weakness describes improper saniti­zation of input that is used to redirect users to external websites.

CWE-618
Exposed Unsafe ActiveX Method

This weakness describes exposure of dan­gerous ActiveX methods that perform acti­ons outside the browser's security model.

CWE-671
Lack of Administrator Control over Security

This weakness describes a case where implemented security features do not grant administrators full control over product security.

CWE-822
Untrusted Pointer Dereference

This weakness occurs where software uses untrusted input as a pointer value.

CWE-835
Infinite Loop

This weakness describes a case when a loop cannot reach an exit condition.

Copyright Disclaimer: Any above-mentioned content can be copied and used for non-commercial purposes only if proper credit to High-Tech Bridge is given.