CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-5 | J2EE Misconfiguration: Data Transmission Without Encryption | Vulnerabilities |
CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length | Vulnerabilities |
CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | Vulnerabilities |
CWE-8 | J2EE Misconfiguration: Entity Bean Declared Remote | Vulnerabilities |
CWE-9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | Vulnerabilities |
CWE-11 | ASP.NET Misconfiguration: Creating Debug Binary | Vulnerabilities |
CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | Vulnerabilities |
CWE-13 | ASP.NET Misconfiguration: Password in Configuration File | Vulnerabilities |
CWE-14 | Compiler Removal of Code to Clear Buffers | Vulnerabilities |
CWE-15 | External Control of System or Configuration Setting | Vulnerabilities |
CWE-20 | Improper Input Validation | Vulnerabilities |
CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | Vulnerabilities |
CWE-23 | Relative Path Traversal | Vulnerabilities |
CWE-24 | Path Traversal: '../filedir' | Vulnerabilities |
CWE-25 | Path Traversal: '/../filedir' | Vulnerabilities |
CWE-26 | Path Traversal: '/dir/../filename' | Vulnerabilities |
CWE-27 | Path Traversal: 'dir/../../filename' | Vulnerabilities |
CWE-28 | Path Traversal: '..\filedir' | Vulnerabilities |
CWE-29 | Path Traversal: '\..\filename' | Vulnerabilities |
CWE-30 | Path Traversal: '\dir\..\filename' | Vulnerabilities |
CWE-31 | Path Traversal: 'dir\..\..\filename' | Vulnerabilities |
CWE-32 | Path Traversal: '...' (Triple Dot) | Vulnerabilities |
CWE-33 | Path Traversal: '....' (Multiple Dot) | Vulnerabilities |
CWE-34 | Path Traversal: '....//' | Vulnerabilities |
CWE-35 | Path Traversal: '.../...//' | Vulnerabilities |
CWE-36 | Absolute Path Traversal | Vulnerabilities |
CWE-37 | Path Traversal: '/absolute/pathname/here' | Vulnerabilities |
CWE-38 | Path Traversal: '\absolute\pathname\here' | Vulnerabilities |
CWE-39 | Path Traversal: 'C:dirname' | Vulnerabilities |
CWE-40 | Path Traversal: '\\UNC\share\name\' (Windows UNC Share) | Vulnerabilities |
CWE-41 | Improper Resolution of Path Equivalence | Vulnerabilities |
CWE-42 | Path Equivalence: 'filename.' (Trailing Dot) | Vulnerabilities |
CWE-43 | Path Equivalence: 'filename....' (Multiple Trailing Dot) | Vulnerabilities |
CWE-44 | Path Equivalence: 'file.name' (Internal Dot) | Vulnerabilities |
CWE-45 | Path Equivalence: 'file...name' (Multiple Internal Dot) | Vulnerabilities |
CWE-46 | Path Equivalence: 'filename ' (Trailing Space) | Vulnerabilities |
CWE-47 | Path Equivalence: ' filename' (Leading Space) | Vulnerabilities |
CWE-48 | Path Equivalence: 'file name' (Internal Whitespace) | Vulnerabilities |
CWE-49 | Path Equivalence: 'filename/' (Trailing Slash) | Vulnerabilities |
CWE-50 | Path Equivalence: '//multiple/leading/slash' | Vulnerabilities |
CWE-51 | Path Equivalence: '/multiple//internal/slash' | Vulnerabilities |
CWE-52 | Path Equivalence: '/multiple/trailing/slash//' | Vulnerabilities |
CWE-53 | Path Equivalence: '\multiple\\internal\backslash' | Vulnerabilities |
CWE-54 | Path Equivalence: 'filedir\' (Trailing Backslash) | Vulnerabilities |
CWE-55 | Path Equivalence: '/./' (Single Dot Directory) | Vulnerabilities |
CWE-56 | Path Equivalence: 'filedir*' (Wildcard) | Vulnerabilities |
CWE-57 | Path Equivalence: 'fakedir/../realdir/filename' | Vulnerabilities |
CWE-58 | Path Equivalence: Windows 8.3 Filename | Vulnerabilities |
CWE-59 | Improper Link Resolution Before File Access ('Link Following') | Vulnerabilities |
CWE-61 | UNIX Symbolic Link (Symlink) Following | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.