CWE is a community-developed list of common software and hardware weakness
types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or
service component that, under certain circumstances, could contribute to the introduction of
vulnerabilities. The CWE List and associated classification taxonomy serve as a language that can be used to
identify and describe these weaknesses in terms of CWEs.
CWE Number
Name
Action
CWE-225
DEPRECATED: General Information Management Problems
CWE-226
Sensitive Information in Resource Not Removed Before Reuse
CWE-228
Improper Handling of Syntactically Invalid Structure
CWE-229
Improper Handling of Values
CWE-230
Improper Handling of Missing Values
CWE-231
Improper Handling of Extra Values
CWE-232
Improper Handling of Undefined Values
CWE-233
Improper Handling of Parameters
CWE-234
Failure to Handle Missing Parameter
CWE-235
Improper Handling of Extra Parameters
CWE-236
Improper Handling of Undefined Parameters
CWE-237
Improper Handling of Structural Elements
CWE-238
Improper Handling of Incomplete Structural Elements
CWE-239
Failure to Handle Incomplete Element
CWE-240
Improper Handling of Inconsistent Structural Elements
CWE-241
Improper Handling of Unexpected Data Type
CWE-242
Use of Inherently Dangerous Function
CWE-243
Creation of chroot Jail Without Changing Working Directory
CWE-244
Improper Clearing of Heap Memory Before Release ('Heap Inspection')
CWE-245
J2EE Bad Practices: Direct Management of Connections
CWE-246
J2EE Bad Practices: Direct Use of Sockets
CWE-247
DEPRECATED: Reliance on DNS Lookups in a Security Decision
CWE-248
Uncaught Exception
CWE-249
DEPRECATED: Often Misused: Path Manipulation
CWE-250
Execution with Unnecessary Privileges
CWE-252
Unchecked Return Value
CWE-253
Incorrect Check of Function Return Value
CWE-256
Plaintext Storage of a Password
CWE-257
Storing Passwords in a Recoverable Format
CWE-258
Empty Password in Configuration File
CWE-259
Use of Hard-coded Password
CWE-260
Password in Configuration File
CWE-261
Weak Encoding for Password
CWE-262
Not Using Password Aging
CWE-263
Password Aging with Long Expiration
CWE-266
Incorrect Privilege Assignment
CWE-267
Privilege Defined With Unsafe Actions
CWE-268
Privilege Chaining
CWE-269
Improper Privilege Management
CWE-270
Privilege Context Switching Error
CWE-271
Privilege Dropping / Lowering Errors
CWE-272
Least Privilege Violation
CWE-273
Improper Check for Dropped Privileges
CWE-274
Improper Handling of Insufficient Privileges
CWE-276
Incorrect Default Permissions
CWE-277
Insecure Inherited Permissions
CWE-278
Insecure Preserved Inherited Permissions
CWE-279
Incorrect Execution-Assigned Permissions
CWE-280
Improper Handling of Insufficient Permissions or Privileges
