Common Weakness Enumeration: CWE

CWE is a community-developed list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to identify and describe these weaknesses in terms of CWEs.
CWE Number Name Action
CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-7 J2EE Misconfiguration: Missing Custom Error Page
CWE-8 J2EE Misconfiguration: Entity Bean Declared Remote
CWE-9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
CWE-11 ASP.NET Misconfiguration: Creating Debug Binary
CWE-12 ASP.NET Misconfiguration: Missing Custom Error Page
CWE-13 ASP.NET Misconfiguration: Password in Configuration File
CWE-14 Compiler Removal of Code to Clear Buffers
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23 Relative Path Traversal
CWE-24 Path Traversal: '../filedir'
CWE-25 Path Traversal: '/../filedir'
CWE-26 Path Traversal: '/dir/../filename'
CWE-27 Path Traversal: 'dir/../../filename'
CWE-28 Path Traversal: '..\filedir'
CWE-29 Path Traversal: '\..\filename'
CWE-30 Path Traversal: '\dir\..\filename'
CWE-31 Path Traversal: 'dir\..\..\filename'
CWE-32 Path Traversal: '...' (Triple Dot)
CWE-33 Path Traversal: '....' (Multiple Dot)
CWE-34 Path Traversal: '....//'
CWE-35 Path Traversal: '.../...//'
CWE-36 Absolute Path Traversal
CWE-37 Path Traversal: '/absolute/pathname/here'
CWE-38 Path Traversal: '\absolute\pathname\here'
CWE-39 Path Traversal: 'C:dirname'
CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
CWE-41 Improper Resolution of Path Equivalence
CWE-42 Path Equivalence: 'filename.' (Trailing Dot)
CWE-43 Path Equivalence: 'filename....' (Multiple Trailing Dot)
CWE-44 Path Equivalence: '' (Internal Dot)
CWE-45 Path Equivalence: '' (Multiple Internal Dot)
CWE-46 Path Equivalence: 'filename ' (Trailing Space)
CWE-47 Path Equivalence: ' filename' (Leading Space)
CWE-48 Path Equivalence: 'file name' (Internal Whitespace)
CWE-49 Path Equivalence: 'filename/' (Trailing Slash)
CWE-50 Path Equivalence: '//multiple/leading/slash'
CWE-51 Path Equivalence: '/multiple//internal/slash'
CWE-52 Path Equivalence: '/multiple/trailing/slash//'
CWE-53 Path Equivalence: '\multiple\\internal\backslash'
CWE-54 Path Equivalence: 'filedir\' (Trailing Backslash)
CWE-55 Path Equivalence: '/./' (Single Dot Directory)
CWE-56 Path Equivalence: 'filedir*' (Wildcard)
CWE-57 Path Equivalence: 'fakedir/../realdir/filename'
CWE-58 Path Equivalence: Windows 8.3 Filename
CWE-59 Improper Link Resolution Before File Access ('Link Following')
CWE-61 UNIX Symbolic Link (Symlink) Following
Showing 50 of 959 Results