CWE Definitions
Common Weakness Enumeration (CWE™) is a list of common software and hardware weakness types that have security ramifications.
A “weakness” is a condition in a software, firmware, hardware, or service component that, under certain circumstances, could contribute to the introduction of vulnerabilities.
CWE Number | Name | |
---|---|---|
CWE-454 | External Initialization of Trusted Variables or Data Stores | Vulnerabilities |
CWE-453 | Insecure Default Variable Initialization | Vulnerabilities |
CWE-451 | User Interface (UI) Misrepresentation of Critical Information | Vulnerabilities |
CWE-450 | Multiple Interpretations of UI Input | Vulnerabilities |
CWE-449 | The UI Performs the Wrong Action | Vulnerabilities |
CWE-448 | Obsolete Feature in UI | Vulnerabilities |
CWE-447 | Unimplemented or Unsupported Feature in UI | Vulnerabilities |
CWE-446 | UI Discrepancy for Security Feature | Vulnerabilities |
CWE-444 | Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') | Vulnerabilities |
CWE-441 | Unintended Proxy or Intermediary ('Confused Deputy') | Vulnerabilities |
CWE-440 | Expected Behavior Violation | Vulnerabilities |
CWE-439 | Behavioral Change in New Version or Environment | Vulnerabilities |
CWE-437 | Incomplete Model of Endpoint Features | Vulnerabilities |
CWE-436 | Interpretation Conflict | Vulnerabilities |
CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities | Vulnerabilities |
CWE-434 | Unrestricted Upload of File with Dangerous Type | Vulnerabilities |
CWE-433 | Unparsed Raw Web Content Delivery | Vulnerabilities |
CWE-432 | Dangerous Signal Handler not Disabled During Sensitive Operations | Vulnerabilities |
CWE-431 | Missing Handler | Vulnerabilities |
CWE-430 | Deployment of Wrong Handler | Vulnerabilities |
CWE-428 | Unquoted Search Path or Element | Vulnerabilities |
CWE-427 | Uncontrolled Search Path Element | Vulnerabilities |
CWE-426 | Untrusted Search Path | Vulnerabilities |
CWE-425 | Direct Request ('Forced Browsing') | Vulnerabilities |
CWE-424 | Improper Protection of Alternate Path | Vulnerabilities |
CWE-422 | Unprotected Windows Messaging Channel ('Shatter') | Vulnerabilities |
CWE-421 | Race Condition During Access to Alternate Channel | Vulnerabilities |
CWE-420 | Unprotected Alternate Channel | Vulnerabilities |
CWE-419 | Unprotected Primary Channel | Vulnerabilities |
CWE-416 | Use After Free | Vulnerabilities |
CWE-415 | Double Free | Vulnerabilities |
CWE-414 | Missing Lock Check | Vulnerabilities |
CWE-413 | Improper Resource Locking | Vulnerabilities |
CWE-412 | Unrestricted Externally Accessible Lock | Vulnerabilities |
CWE-410 | Insufficient Resource Pool | Vulnerabilities |
CWE-409 | Improper Handling of Highly Compressed Data (Data Amplification) | Vulnerabilities |
CWE-408 | Incorrect Behavior Order: Early Amplification | Vulnerabilities |
CWE-407 | Inefficient Algorithmic Complexity | Vulnerabilities |
CWE-406 | Insufficient Control of Network Message Volume (Network Amplification) | Vulnerabilities |
CWE-405 | Asymmetric Resource Consumption (Amplification) | Vulnerabilities |
CWE-404 | Improper Resource Shutdown or Release | Vulnerabilities |
CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | Vulnerabilities |
CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Vulnerabilities |
CWE-401 | Missing Release of Memory after Effective Lifetime | Vulnerabilities |
CWE-400 | Uncontrolled Resource Consumption | Vulnerabilities |
CWE-397 | Declaration of Throws for Generic Exception | Vulnerabilities |
CWE-396 | Declaration of Catch for Generic Exception | Vulnerabilities |
CWE-395 | Use of NullPointerException Catch to Detect NULL Pointer Dereference | Vulnerabilities |
CWE-394 | Unexpected Status Code or Return Value | Vulnerabilities |
CWE-393 | Return of Wrong Status Code | Vulnerabilities |
Please note that CWE definitions are provided as a quick reference only.
Visit http://cwe.mitre.org/ for a complete list of CWE entries
and for more details.