CAPEC | Related Weakness |
Session Fixation |
CWE-361 | 7PK - Time and State |
CWE-384 | Session Fixation |
CWE-664 | Improper Control of a Resource Through its Lifetime |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Replace Binaries |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Cross Site Request Forgery |
CWE-306 | Missing Authentication for Critical Function |
CWE-352 | Cross-Site Request Forgery (CSRF) |
CWE-664 | Improper Control of a Resource Through its Lifetime |
CWE-716 | OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF) |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Hijacking a privileged process |
CWE-648 | Incorrect Use of Privileged APIs |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Using Malicious Files |
CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
CWE-264 | Permissions, Privileges, and Access Controls |
CWE-270 | Privilege Context Switching Error |
CWE-272 | Least Privilege Violation |
CWE-275 | Permission Issues |
CWE-282 | Improper Ownership Management |
CWE-285 | Improper Authorization |
CWE-693 | Protection Mechanism Failure |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Exploiting Incorrectly Configured Access Control Security Levels |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Signing Malicious Code |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Accessing Functionality Not Properly Constrained by ACLs |
CWE-276 | Incorrect Default Permissions |
CWE-285 | Improper Authorization |
CWE-434 | Unrestricted Upload of File with Dangerous Type |
CWE-693 | Protection Mechanism Failure |
CWE-721 | OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Privilege Abuse |
CWE-269 | Improper Privilege Management |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Directory Indexing |
CWE-276 | Incorrect Default Permissions |
CWE-285 | Improper Authorization |
CWE-288 | Authentication Bypass Using an Alternate Path or Channel |
CWE-424 | Improper Protection of Alternate Path |
CWE-425 | Direct Request ('Forced Browsing') |
CWE-693 | Protection Mechanism Failure |
CWE-721 | OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|
Reusing Session IDs (aka Session Replay) |
CWE-200 | Exposure of Sensitive Information to an Unauthorized Actor |
CWE-285 | Improper Authorization |
CWE-290 | Authentication Bypass by Spoofing |
CWE-294 | Authentication Bypass by Capture-replay |
CWE-346 | Origin Validation Error |
CWE-384 | Session Fixation |
CWE-488 | Exposure of Data Element to Wrong Session |
CWE-539 | Use of Persistent Cookies Containing Sensitive Information |
CWE-664 | Improper Control of a Resource Through its Lifetime |
CWE-732 | Incorrect Permission Assignment for Critical Resource |
|