CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-566
Authorization Bypass Through User-Controlled SQL Primary Key
CWE-567
Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-568
finalize() Method Without super.finalize()
CWE-570
Expression is Always False
CWE-571
Expression is Always True
CWE-572
Call to Thread run() instead of start()
CWE-573
Improper Following of Specification by Caller
CWE-574
EJB Bad Practices: Use of Synchronization Primitives
CWE-575
EJB Bad Practices: Use of AWT Swing
CWE-576
EJB Bad Practices: Use of Java I/O
CWE-577
EJB Bad Practices: Use of Sockets
CWE-578
EJB Bad Practices: Use of Class Loader
CWE-579
J2EE Bad Practices: Non-serializable Object Stored in Session
CWE-580
clone() Method Without super.clone()
CWE-581
Object Model Violation: Just One of Equals and Hashcode Defined
CWE-582
Array Declared Public, Final, and Static
CWE-583
finalize() Method Declared Public
CWE-584
Return Inside Finally Block
CWE-585
Empty Synchronized Block
CWE-586
Explicit Call to Finalize()
CWE-587
Assignment of a Fixed Address to a Pointer
CWE-588
Attempt to Access Child of a Non-structure Pointer
CWE-589
Call to Non-ubiquitous API
CWE-590
Free of Memory not on the Heap
CWE-591
Sensitive Data Storage in Improperly Locked Memory
CWE-592
DEPRECATED: Authentication Bypass Issues
CWE-593
Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
CWE-594
J2EE Framework: Saving Unserializable Objects to Disk
CWE-595
Comparison of Object References Instead of Object Contents
CWE-596
DEPRECATED: Incorrect Semantic Object Comparison
CWE-597
Use of Wrong Operator in String Comparison
CWE-598
Use of GET Request Method With Sensitive Query Strings
CWE-599
Missing Validation of OpenSSL Certificate
CWE-600
Uncaught Exception in Servlet
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-602
Client-Side Enforcement of Server-Side Security
CWE-603
Use of Client-Side Authentication
CWE-605
Multiple Binds to the Same Port
CWE-606
Unchecked Input for Loop Condition
CWE-607
Public Static Final Field References Mutable Object
CWE-608
Struts: Non-private Field in ActionForm Class
CWE-609
Double-Checked Locking
CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CWE-611
Improper Restriction of XML External Entity Reference
CWE-612
Improper Authorization of Index Containing Sensitive Information
CWE-613
Insufficient Session Expiration
CWE-614
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
CWE-615
Inclusion of Sensitive Information in Source Code Comments
CWE-616
Incomplete Identification of Uploaded File Variables (PHP)
