| CAPEC | Related Weakness |
| Padding Oracle Crypto Attack |
| CWE-209 | Generation of Error Message Containing Sensitive Information |
| CWE-347 | Improper Verification of Cryptographic Signature |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-514 | Covert Channel |
| CWE-649 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking |
| CWE-696 | Incorrect Behavior Order |
|
| Checksum Spoofing |
| CWE-354 | Improper Validation of Integrity Check Value |
|
| Manipulating Writeable Configuration Files |
| CWE-77 | Improper Neutralization of Special Elements used in a Command ('Command Injection') |
| CWE-99 | Improper Control of Resource Identifiers ('Resource Injection') |
| CWE-346 | Origin Validation Error |
| CWE-349 | Acceptance of Extraneous Untrusted Data With Trusted Data |
| CWE-353 | Missing Support for Integrity Check |
| CWE-354 | Improper Validation of Integrity Check Value |
| CWE-713 | OWASP Top Ten 2007 Category A2 - Injection Flaws |
|
