Weakness browsing - CVE-Search

CAPEC

Related Weakness

HTTP Verb Tampering

CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-654	Reliance on a Single Factor in a Security Decision

Manipulating Opaque Client-based Data Tokens

CWE-233	Improper Handling of Parameters
CWE-285	Improper Authorization
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-315	Cleartext Storage of Sensitive Information in a Cookie
CWE-353	Missing Support for Integrity Check
CWE-384	Session Fixation
CWE-472	External Control of Assumed-Immutable Web Parameter
CWE-539	Use of Persistent Cookies Containing Sensitive Information
CWE-565	Reliance on Cookies without Validation and Integrity Checking

Buffer Overflow via Environment Variables

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99	Improper Control of Resource Identifiers ('Resource Injection')
CWE-118	Incorrect Access of Indexable Resource ('Range Error')
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-680	Integer Overflow to Buffer Overflow
CWE-697	Incorrect Comparison
CWE-733	Compiler Optimization Removal or Modification of Security-critical Code

Exploitation of Trusted Credentials

CWE-6	J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290	Authentication Bypass by Spoofing
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-346	Origin Validation Error
CWE-384	Session Fixation
CWE-539	Use of Persistent Cookies Containing Sensitive Information
CWE-602	Client-Side Enforcement of Server-Side Security
CWE-642	External Control of Critical State Data
CWE-664	Improper Control of a Resource Through its Lifetime

Accessing/Intercepting/Modifying HTTP Cookies

CWE-20	Improper Input Validation
CWE-113	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-311	Missing Encryption of Sensitive Data
CWE-315	Cleartext Storage of Sensitive Information in a Cookie
CWE-384	Session Fixation
CWE-472	External Control of Assumed-Immutable Web Parameter
CWE-539	Use of Persistent Cookies Containing Sensitive Information
CWE-565	Reliance on Cookies without Validation and Integrity Checking
CWE-602	Client-Side Enforcement of Server-Side Security
CWE-642	External Control of Critical State Data
CWE-724	OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management

Buffer Overflow via Symbolic Links

CWE-20	Improper Input Validation
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118	Incorrect Access of Indexable Resource ('Range Error')
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285	Improper Authorization
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-680	Integer Overflow to Buffer Overflow
CWE-697	Incorrect Comparison

Subverting Environment Variable Values

CWE-15	External Control of System or Configuration Setting
CWE-20	Improper Input Validation
CWE-73	External Control of File Name or Path
CWE-74	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200	Exposure of Sensitive Information to an Unauthorized Actor
CWE-285	Improper Authorization
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-353	Missing Support for Integrity Check

Manipulating User-Controlled Variables

CWE-15	External Control of System or Configuration Setting
CWE-94	Improper Control of Generation of Code ('Code Injection')
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285	Improper Authorization
CWE-302	Authentication Bypass by Assumed-Immutable Data
CWE-473	PHP External Variable Modification

Back to Top