CSURFACE
THREAT SENSOR
Home
Analytics
News
About
Tools
Constellation
Libraries
CWE
CAPEC
MITRE ATT&CK
MITRE D3FEND
OWASP Top 10
Ransomware Groups
References
Support
EN
|
PT
CWE Library
Common Weakness Enumeration
All
Pillar
Root categories
Class
Abstract weaknesses
Base
Detectable weaknesses
Variant
Technology-specific
Compound
Multi-weakness
CWE-5
Variant
J2EE Misconfiguration: Data Transmission Without Encryption
Draft
CWE-6
Variant
J2EE Misconfiguration: Insufficient Session-ID Length
Incomplete
CWE-7
Variant
J2EE Misconfiguration: Missing Custom Error Page
Incomplete
CWE-8
Variant
J2EE Misconfiguration: Entity Bean Declared Remote
Incomplete
CWE-9
Variant
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Draft
CWE-11
Variant
ASP.NET Misconfiguration: Creating Debug Binary
Draft
CWE-12
Variant
ASP.NET Misconfiguration: Missing Custom Error Page
Draft
CWE-13
Variant
ASP.NET Misconfiguration: Password in Configuration File
Draft
CWE-14
Variant
Compiler Removal of Code to Clear Buffers
Draft
CWE-24
Variant
Path Traversal: '../filedir'
Incomplete
CWE-25
Variant
Path Traversal: '/../filedir'
Incomplete
CWE-26
Variant
Path Traversal: '/dir/../filename'
Draft
CWE-27
Variant
Path Traversal: 'dir/../../filename'
Draft
CWE-28
Variant
Path Traversal: '..\filedir'
Incomplete
CWE-29
Variant
Path Traversal: '\..\filename'
Incomplete
CWE-30
Variant
Path Traversal: '\dir\..\filename'
Draft
CWE-31
Variant
Path Traversal: 'dir\..\..\filename'
Draft
CWE-32
Variant
Path Traversal: '...' (Triple Dot)
Incomplete
CWE-33
Variant
Path Traversal: '....' (Multiple Dot)
Incomplete
CWE-34
Variant
Path Traversal: '....//'
Incomplete
CWE-35
Variant
Path Traversal: '.../...//'
Incomplete
CWE-37
Variant
Path Traversal: '/absolute/pathname/here'
Draft
CWE-38
Variant
Path Traversal: '\absolute\pathname\here'
Draft
CWE-39
Variant
Path Traversal: 'C:dirname'
Draft
CWE-40
Variant
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Draft
CWE-42
Variant
Path Equivalence: 'filename.' (Trailing Dot)
Incomplete
CWE-43
Variant
Path Equivalence: 'filename....' (Multiple Trailing Dot)
Incomplete
CWE-44
Variant
Path Equivalence: 'file.name' (Internal Dot)
Incomplete
CWE-45
Variant
Path Equivalence: 'file...name' (Multiple Internal Dot)
Incomplete
CWE-46
Variant
Path Equivalence: 'filename ' (Trailing Space)
Incomplete
CWE-47
Variant
Path Equivalence: ' filename' (Leading Space)
Incomplete
CWE-48
Variant
Path Equivalence: 'file name' (Internal Whitespace)
Incomplete
CWE-49
Variant
Path Equivalence: 'filename/' (Trailing Slash)
Incomplete
CWE-50
Variant
Path Equivalence: '//multiple/leading/slash'
Incomplete
CWE-51
Variant
Path Equivalence: '/multiple//internal/slash'
Incomplete
CWE-52
Variant
Path Equivalence: '/multiple/trailing/slash//'
Incomplete
CWE-53
Variant
Path Equivalence: '\multiple\\internal\backslash'
Incomplete
CWE-54
Variant
Path Equivalence: 'filedir\' (Trailing Backslash)
Incomplete
CWE-55
Variant
Path Equivalence: '/./' (Single Dot Directory)
Incomplete
CWE-56
Variant
Path Equivalence: 'filedir*' (Wildcard)
Incomplete
CWE-57
Variant
Path Equivalence: 'fakedir/../realdir/filename'
Incomplete
CWE-58
Variant
Path Equivalence: Windows 8.3 Filename
Incomplete
CWE-62
Variant
UNIX Hard Link
Incomplete
CWE-64
Variant
Windows Shortcut Following (.LNK)
Likelihood: Low
Incomplete
CWE-65
Variant
Windows Hard Link
Incomplete
CWE-67
Variant
Improper Handling of Windows Device Names
Likelihood: High
Incomplete
CWE-69
Variant
Improper Handling of Windows ::DATA Alternate Data Stream
Incomplete
CWE-71
Variant
DEPRECATED: Apple '.DS_Store'
Deprecated
CWE-72
Variant
Improper Handling of Apple HFS+ Alternate Data Stream Path
Incomplete
CWE-80
Variant
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Likelihood: High
Incomplete