the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew  

CWE Definitions

Select   Select&Copy
CWE Number Name Number Of Related Vulnerabilities
113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting') 20
669 Incorrect Resource Transfer Between Spheres 20
670 Always-Incorrect Control Flow Implementation 19
185 Incorrect Regular Expression 16
123 Write-what-where Condition 14
273 Improper Check for Dropped Privileges 14
436 Interpretation Conflict 14
118 Improper Access of Indexable Resource ('Range Error') 13
212 Improper Cross-boundary Removal of Sensitive Data 13
266 Incorrect Privilege Assignment 13
184 Incomplete Blacklist 12
335 PRNG Seed Error 12
672 Operation on a Resource after Expiration or Release 12
749 Exposed Dangerous Method or Function 11
90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection') 11
126 Buffer Over-read 10
332 Insufficient Entropy in PRNG 10
538 File and Directory Information Exposure 10
662 Insufficient Synchronization 10
172 Encoding Error 9
288 Authentication Bypass Using an Alternate Path or Channel 9
297 Improper Validation of Host-specific Certificate Data 9
321 Use of Hard-coded Cryptographic Key 9
379 Creation of Temporary File in Directory with Incorrect Permissions 9
80 Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS) 9
256 Plaintext Storage of a Password 8
377 Insecure Temporary File 8
23 Relative Path Traversal 7
470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 7
472 External Control of Assumed-Immutable Web Parameter 7
178 Failure to Resolve Case Sensitivity 6
201 Information Leak Through Sent Data 5
250 Execution with Unnecessary Privileges 5
259 Use of Hard-coded Password 5
441 Unintended Proxy/Intermediary 5
471 Modification of Assumed-Immutable Data (MAID) 5
73 External Control of File Name or Path 5
305 Authentication Bypass by Primary Weakness 4
36 Absolute Path Traversal 4
378 Creation of Temporary File With Insecure Permissions 4
407 Algorithmic Complexity 4
99 Improper Control of Resource Identifiers ('Resource Injection') 4
170 Improper Null Termination 3
300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle') 3
385 Covert Timing Channel 3
489 Leftover Debug Code 3
497 Exposure of System Data to an Unauthorized Control Sphere 3
548 Information Leak Through Directory Listing 3
707 Improper Enforcement of Message or Data Structure 3
799 Improper Control of Interaction Frequency 3
Total number of cwe definitions : 668   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14
The CWE definitions are only provided as a quick reference.They are not complete and may not be up to date!
You must visit for a complete list of CWE entries and for more details.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.