1. CWE Types
  2. Weaknesses related to CWE-285
CAPEC Related Weakness
Manipulating Opaque Client-based Data Tokens
CWE-233Improper Handling of Parameters
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-315Cleartext Storage of Sensitive Information in a Cookie
CWE-353Missing Support for Integrity Check
CWE-384Session Fixation
CWE-472External Control of Assumed-Immutable Web Parameter
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-565Reliance on Cookies without Validation and Integrity Checking
Manipulating Web Input to File System Calls
CWE-15External Control of System or Configuration Setting
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-23Relative Path Traversal
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-264Permissions, Privileges, and Access Controls
CWE-272Least Privilege Violation
CWE-285Improper Authorization
CWE-346Origin Validation Error
CWE-348Use of Less Trusted Source
CWE-715OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
Bypassing ATA Password Security
CWE-285Improper Authorization
Blue Boxing
CWE-285Improper Authorization
Cross Zone Scripting
CWE-20Improper Input Validation
CWE-116Improper Encoding or Escaping of Output
CWE-250Execution with Unnecessary Privileges
CWE-285Improper Authorization
CWE-638Not Using Complete Mediation
Poison Web Service Registry
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
Session Credential Falsification through Prediction
CWE-6J2EE Misconfiguration: Insufficient Session-ID Length
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-330Use of Insufficiently Random Values
CWE-331Insufficient Entropy
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-693Protection Mechanism Failure
CWE-719OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
Collect Data from Registries
CWE-285Improper Authorization
Using Malicious Files
CWE-59Improper Link Resolution Before File Access ('Link Following')
CWE-264Permissions, Privileges, and Access Controls
CWE-270Privilege Context Switching Error
CWE-272Least Privilege Violation
CWE-275Permission Issues
CWE-282Improper Ownership Management
CWE-285Improper Authorization
CWE-693Protection Mechanism Failure
CWE-732Incorrect Permission Assignment for Critical Resource
Buffer Overflow via Symbolic Links
CWE-20Improper Input Validation
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118Incorrect Access of Indexable Resource ('Range Error')
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-680Integer Overflow to Buffer Overflow
CWE-697Incorrect Comparison
Accessing Functionality Not Properly Constrained by ACLs
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-434Unrestricted Upload of File with Dangerous Type
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Directory Indexing
CWE-276Incorrect Default Permissions
CWE-285Improper Authorization
CWE-288Authentication Bypass Using an Alternate Path or Channel
CWE-424Improper Protection of Alternate Path
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
CWE-721OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732Incorrect Permission Assignment for Critical Resource
Subverting Environment Variable Values
CWE-15External Control of System or Configuration Setting
CWE-20Improper Input Validation
CWE-73External Control of File Name or Path
CWE-74Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-353Missing Support for Integrity Check
Manipulating User-Controlled Variables
CWE-15External Control of System or Configuration Setting
CWE-94Improper Control of Generation of Code ('Code Injection')
CWE-96Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285Improper Authorization
CWE-302Authentication Bypass by Assumed-Immutable Data
CWE-473PHP External Variable Modification
Forceful Browsing
CWE-285Improper Authorization
CWE-425Direct Request ('Forced Browsing')
CWE-693Protection Mechanism Failure
Reusing Session IDs (aka Session Replay)
CWE-200Exposure of Sensitive Information to an Unauthorized Actor
CWE-285Improper Authorization
CWE-290Authentication Bypass by Spoofing
CWE-294Authentication Bypass by Capture-replay
CWE-346Origin Validation Error
CWE-384Session Fixation
CWE-488Exposure of Data Element to Wrong Session
CWE-539Use of Persistent Cookies Containing Sensitive Information
CWE-664Improper Control of a Resource Through its Lifetime
CWE-732Incorrect Permission Assignment for Critical Resource
Back to Top