the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
565 Reliance on Cookies without Validation and Integrity Checking 30
212 Improper Cross-boundary Removal of Sensitive Data 28
436 Interpretation Conflict 28
662 Insufficient Synchronization 28
113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 22
358 Improperly Implemented Security Check for Standard 21
335 PRNG Seed Error 20
672 Operation on a Resource after Expiration or Release 19
256 Plaintext Storage of a Password 18
273 Improper Check for Dropped Privileges 18
123 Write-what-where Condition 14
178 Failure to Resolve Case Sensitivity 14
377 Insecure Temporary File 14
118 Improper Access of Indexable Resource ('Range Error') 13
250 Execution with Unnecessary Privileges 13
266 Incorrect Privilege Assignment 13
126 Buffer Over-read 12
184 Incomplete Blacklist 12
23 Relative Path Traversal 12
288 Authentication Bypass Using an Alternate Path or Channel 12
321 Use of Hard-coded Cryptographic Key 12
80 Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS) 12
185 Incorrect Regular Expression 11
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 11
90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection') 11
332 Insufficient Entropy in PRNG 10
538 File and Directory Information Exposure 10
749 Exposed Dangerous Method or Function 10
172 Encoding Error 9
297 Improper Validation of Host-specific Certificate Data 9
73 External Control of File Name or Path 9
359 Privacy Violation 8
379 Creation of Temporary File in Directory with Incorrect Permissions 7
407 Algorithmic Complexity 7
472 External Control of Assumed-Immutable Web Parameter 7
789 Uncontrolled Memory Allocation 7
170 Improper Null Termination 6
201 Information Leak Through Sent Data 6
248 Uncaught Exception 6
305 Authentication Bypass by Primary Weakness 6
457 Use of Uninitialized Variable 6
489 Leftover Debug Code 6
799 Improper Control of Interaction Frequency 6
99 Improper Control of Resource Identifiers ('Resource Injection') 6
259 Use of Hard-coded Password 5
441 Unintended Proxy/Intermediary 5
471 Modification of Assumed-Immutable Data (MAID) 5
208 Timing Discrepancy Information Leak 4
378 Creation of Temporary File With Insecure Permissions 4
406 Insufficient Control of Network Message Volume (Network Amplification) 4
Total number of cwe definitions : 668   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.