CWE Library

Common Weakness Enumeration

All Pillar Root categories Class Abstract weaknesses Base Detectable weaknesses Variant Technology-specific Compound Multi-weakness
CWE-5 Variant
J2EE Misconfiguration: Data Transmission Without Encryption
Draft
CWE-6 Variant
J2EE Misconfiguration: Insufficient Session-ID Length
Incomplete
CWE-7 Variant
J2EE Misconfiguration: Missing Custom Error Page
Incomplete
CWE-8 Variant
J2EE Misconfiguration: Entity Bean Declared Remote
Incomplete
CWE-9 Variant
J2EE Misconfiguration: Weak Access Permissions for EJB Methods
Draft
CWE-11 Variant
ASP.NET Misconfiguration: Creating Debug Binary
Draft
CWE-12 Variant
ASP.NET Misconfiguration: Missing Custom Error Page
Draft
CWE-13 Variant
ASP.NET Misconfiguration: Password in Configuration File
Draft
CWE-14 Variant
Compiler Removal of Code to Clear Buffers
Draft
CWE-24 Variant
Path Traversal: '../filedir'
Incomplete
CWE-25 Variant
Path Traversal: '/../filedir'
Incomplete
CWE-26 Variant
Path Traversal: '/dir/../filename'
Draft
CWE-27 Variant
Path Traversal: 'dir/../../filename'
Draft
CWE-28 Variant
Path Traversal: '..\filedir'
Incomplete
CWE-29 Variant
Path Traversal: '\..\filename'
Incomplete
CWE-30 Variant
Path Traversal: '\dir\..\filename'
Draft
CWE-31 Variant
Path Traversal: 'dir\..\..\filename'
Draft
CWE-32 Variant
Path Traversal: '...' (Triple Dot)
Incomplete
CWE-33 Variant
Path Traversal: '....' (Multiple Dot)
Incomplete
CWE-34 Variant
Path Traversal: '....//'
Incomplete
CWE-35 Variant
Path Traversal: '.../...//'
Incomplete
CWE-37 Variant
Path Traversal: '/absolute/pathname/here'
Draft
CWE-38 Variant
Path Traversal: '\absolute\pathname\here'
Draft
CWE-39 Variant
Path Traversal: 'C:dirname'
Draft
CWE-40 Variant
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)
Draft
CWE-42 Variant
Path Equivalence: 'filename.' (Trailing Dot)
Incomplete
CWE-43 Variant
Path Equivalence: 'filename....' (Multiple Trailing Dot)
Incomplete
CWE-44 Variant
Path Equivalence: 'file.name' (Internal Dot)
Incomplete
CWE-45 Variant
Path Equivalence: 'file...name' (Multiple Internal Dot)
Incomplete
CWE-46 Variant
Path Equivalence: 'filename ' (Trailing Space)
Incomplete
CWE-47 Variant
Path Equivalence: ' filename' (Leading Space)
Incomplete
CWE-48 Variant
Path Equivalence: 'file name' (Internal Whitespace)
Incomplete
CWE-49 Variant
Path Equivalence: 'filename/' (Trailing Slash)
Incomplete
CWE-50 Variant
Path Equivalence: '//multiple/leading/slash'
Incomplete
CWE-51 Variant
Path Equivalence: '/multiple//internal/slash'
Incomplete
CWE-52 Variant
Path Equivalence: '/multiple/trailing/slash//'
Incomplete
CWE-53 Variant
Path Equivalence: '\multiple\\internal\backslash'
Incomplete
CWE-54 Variant
Path Equivalence: 'filedir\' (Trailing Backslash)
Incomplete
CWE-55 Variant
Path Equivalence: '/./' (Single Dot Directory)
Incomplete
CWE-56 Variant
Path Equivalence: 'filedir*' (Wildcard)
Incomplete
CWE-57 Variant
Path Equivalence: 'fakedir/../realdir/filename'
Incomplete
CWE-58 Variant
Path Equivalence: Windows 8.3 Filename
Incomplete
CWE-62 Variant
UNIX Hard Link
Incomplete
CWE-64 Variant
Windows Shortcut Following (.LNK)
Likelihood: Low Incomplete
CWE-65 Variant
Windows Hard Link
Incomplete
CWE-67 Variant
Improper Handling of Windows Device Names
Likelihood: High Incomplete
CWE-69 Variant
Improper Handling of Windows ::DATA Alternate Data Stream
Incomplete
CWE-71 Variant
DEPRECATED: Apple '.DS_Store'
Deprecated
CWE-72 Variant
Improper Handling of Apple HFS+ Alternate Data Stream Path
Incomplete
CWE-80 Variant
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Likelihood: High Incomplete