CWE Definitions

Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications. A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number Name
CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption Vulnerabilities
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length Vulnerabilities
CWE-7 J2EE Misconfiguration: Missing Custom Error Page Vulnerabilities
CWE-8 J2EE Misconfiguration: Entity Bean Declared Remote Vulnerabilities
CWE-9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods Vulnerabilities
CWE-11 ASP.NET Misconfiguration: Creating Debug Binary Vulnerabilities
CWE-12 ASP.NET Misconfiguration: Missing Custom Error Page Vulnerabilities
CWE-13 ASP.NET Misconfiguration: Password in Configuration File Vulnerabilities
CWE-14 Compiler Removal of Code to Clear Buffers Vulnerabilities
CWE-15 External Control of System or Configuration Setting Vulnerabilities
CWE-20 Improper Input Validation Vulnerabilities
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerabilities
CWE-23 Relative Path Traversal Vulnerabilities
CWE-24 Path Traversal: '../filedir' Vulnerabilities
CWE-25 Path Traversal: '/../filedir' Vulnerabilities
CWE-26 Path Traversal: '/dir/../filename' Vulnerabilities
CWE-27 Path Traversal: 'dir/../../filename' Vulnerabilities
CWE-28 Path Traversal: '..\filedir' Vulnerabilities
CWE-29 Path Traversal: '\..\filename' Vulnerabilities
CWE-30 Path Traversal: '\dir\..\filename' Vulnerabilities
CWE-31 Path Traversal: 'dir\..\..\filename' Vulnerabilities
CWE-32 Path Traversal: '...' (Triple Dot) Vulnerabilities
CWE-33 Path Traversal: '....' (Multiple Dot) Vulnerabilities
CWE-34 Path Traversal: '....//' Vulnerabilities
CWE-35 Path Traversal: '.../...//' Vulnerabilities
CWE-36 Absolute Path Traversal Vulnerabilities
CWE-37 Path Traversal: '/absolute/pathname/here' Vulnerabilities
CWE-38 Path Traversal: '\absolute\pathname\here' Vulnerabilities
CWE-39 Path Traversal: 'C:dirname' Vulnerabilities
CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share) Vulnerabilities
CWE-41 Improper Resolution of Path Equivalence Vulnerabilities
CWE-42 Path Equivalence: 'filename.' (Trailing Dot) Vulnerabilities
CWE-43 Path Equivalence: 'filename....' (Multiple Trailing Dot) Vulnerabilities
CWE-44 Path Equivalence: '' (Internal Dot) Vulnerabilities
CWE-45 Path Equivalence: '' (Multiple Internal Dot) Vulnerabilities
CWE-46 Path Equivalence: 'filename ' (Trailing Space) Vulnerabilities
CWE-47 Path Equivalence: ' filename' (Leading Space) Vulnerabilities
CWE-48 Path Equivalence: 'file name' (Internal Whitespace) Vulnerabilities
CWE-49 Path Equivalence: 'filename/' (Trailing Slash) Vulnerabilities
CWE-50 Path Equivalence: '//multiple/leading/slash' Vulnerabilities
CWE-51 Path Equivalence: '/multiple//internal/slash' Vulnerabilities
CWE-52 Path Equivalence: '/multiple/trailing/slash//' Vulnerabilities
CWE-53 Path Equivalence: '\multiple\\internal\backslash' Vulnerabilities
CWE-54 Path Equivalence: 'filedir\' (Trailing Backslash) Vulnerabilities
CWE-55 Path Equivalence: '/./' (Single Dot Directory) Vulnerabilities
CWE-56 Path Equivalence: 'filedir*' (Wildcard) Vulnerabilities
CWE-57 Path Equivalence: 'fakedir/../realdir/filename' Vulnerabilities
CWE-58 Path Equivalence: Windows 8.3 Filename Vulnerabilities
CWE-59 Improper Link Resolution Before File Access ('Link Following') Vulnerabilities
CWE-61 UNIX Symbolic Link (Symlink) Following Vulnerabilities
933 CWE definitions found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Please note that CWE definitions are provided as a quick reference only. Visit for a complete list of CWE entries and for more details.
This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!