CWE Library

Common Weakness Enumeration

All Pillar Root categories Class Abstract weaknesses Base Detectable weaknesses Variant Technology-specific Compound Multi-weakness
CWE-5 Variant
J2EE Misconfiguration: Data Transmission Without Encryption
Draft
CWE-6 Variant
J2EE Misconfiguration: Insufficient Session-ID Length
Incomplete
CWE-7 Variant
J2EE Misconfiguration: Missing Custom Error Page
Incomplete
CWE-8 Variant
J2EE Misconfiguration: Entity Bean Declared Remote
Incomplete
CWE-9 Variant
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Draft
CWE-11 Variant
ASP.NET Misconfiguration: Creating Debug Binary
Draft
CWE-12 Variant
ASP.NET Misconfiguration: Missing Custom Error Page
Draft
CWE-13 Variant
ASP.NET Misconfiguration: Password in Configuration File
Draft
CWE-14 Variant
Compiler Removal of Code to Clear Buffers
Draft
CWE-15 Base
External Control of System or Configuration Setting
Incomplete
CWE-20 Class
Improper Input Validation
Likelihood: High Stable
CWE-22 Base
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Likelihood: High Stable
CWE-23 Base
Relative Path Traversal
Draft
CWE-24 Variant
Path Traversal: '../filedir'
Incomplete
CWE-25 Variant
Path Traversal: '/../filedir'
Incomplete
CWE-26 Variant
Path Traversal: '/dir/../filename'
Draft
CWE-27 Variant
Path Traversal: 'dir/../../filename'
Draft
CWE-28 Variant
Path Traversal: '..\filedir'
Incomplete
CWE-29 Variant
Path Traversal: '\..\filename'
Incomplete
CWE-30 Variant
Path Traversal: '\dir\..\filename'
Draft
CWE-31 Variant
Path Traversal: 'dir\..\..\filename'
Draft
CWE-32 Variant
Path Traversal: '...' (Triple Dot)
Incomplete
CWE-33 Variant
Path Traversal: '....' (Multiple Dot)
Incomplete
CWE-34 Variant
Path Traversal: '....//'
Incomplete
CWE-35 Variant
Path Traversal: '.../...//'
Incomplete
CWE-36 Base
Absolute Path Traversal
Draft
CWE-37 Variant
Path Traversal: '/absolute/pathname/here'
Draft
CWE-38 Variant
Path Traversal: '\absolute\pathname\here'
Draft
CWE-39 Variant
Path Traversal: 'C:dirname'
Draft
CWE-40 Variant
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Draft
CWE-41 Base
Improper Resolution of Path Equivalence
Incomplete
CWE-42 Variant
Path Equivalence: 'filename.' (Trailing Dot)
Incomplete
CWE-43 Variant
Path Equivalence: 'filename....' (Multiple Trailing Dot)
Incomplete
CWE-44 Variant
Path Equivalence: 'file.name' (Internal Dot)
Incomplete
CWE-45 Variant
Path Equivalence: 'file...name' (Multiple Internal Dot)
Incomplete
CWE-46 Variant
Path Equivalence: 'filename ' (Trailing Space)
Incomplete
CWE-47 Variant
Path Equivalence: ' filename' (Leading Space)
Incomplete
CWE-48 Variant
Path Equivalence: 'file name' (Internal Whitespace)
Incomplete
CWE-49 Variant
Path Equivalence: 'filename/' (Trailing Slash)
Incomplete
CWE-50 Variant
Path Equivalence: '//multiple/leading/slash'
Incomplete
CWE-51 Variant
Path Equivalence: '/multiple//internal/slash'
Incomplete
CWE-52 Variant
Path Equivalence: '/multiple/trailing/slash//'
Incomplete
CWE-53 Variant
Path Equivalence: '\multiple\\internal\backslash'
Incomplete
CWE-54 Variant
Path Equivalence: 'filedir\' (Trailing Backslash)
Incomplete
CWE-55 Variant
Path Equivalence: '/./' (Single Dot Directory)
Incomplete
CWE-56 Variant
Path Equivalence: 'filedir*' (Wildcard)
Incomplete
CWE-57 Variant
Path Equivalence: 'fakedir/../realdir/filename'
Incomplete
CWE-58 Variant
Path Equivalence: Windows 8.3 Filename
Incomplete
CWE-59 Base
Improper Link Resolution Before File Access ('Link Following')
Likelihood: Medium Draft
CWE-61 Compound
UNIX Symbolic Link (Symlink) Following
Likelihood: High Incomplete