CWE Variant Weaknesses

Browse 299 Variant level CWE entries. Platform, language, or technology-specific weaknesses that are variants of base weaknesses.

299
Total
28
High Likelihood
14
Medium
10
Low
Showing 100 of 299 Variant weaknesses
CWE-486High

Comparison of Classes by Name

The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.

CWE-243High

Creation of chroot Jail Without Changing Working Directory

The product uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

CWE-493High

Critical Public Variable Without Final Modifier

The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.

CWE-415High

Double Free

The product calls free() twice on the same memory address.

CWE-258High

Empty Password in Configuration File

Using an empty string as a password is insecure.

CWE-234High

Failure to Handle Missing Parameter

If too few arguments are sent to a function, the function will still pop the expected number of arguments from the stack. Potentially, a variable number of arguments could be exhausted in a function as well.

CWE-122High

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-98High

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

CWE-67High

Improper Handling of Windows Device Names

The product constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.

CWE-644High

Improper Neutralization of HTTP Headers for Scripting Syntax

The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.

CWE-80High

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special characters such as "<", ">", and "&" that could be interpreted as web-scripting elements when they are sent to a downstream component that processes web pages.

CWE-129High

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

CWE-297High

Improper Validation of Certificate with Host Mismatch

The product communicates with a host that provides a certificate, but the product does not properly ensure that the certificate is actually associated with that host.

CWE-500High

Public Static Field Not Marked Final

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

CWE-784High

Reliance on Cookies without Validation and Integrity Checking in a Security Decision

The product uses a protection mechanism that relies on the existence or values of a cookie, but it does not properly ensure that the cookie is valid for the associated user.

CWE-646High

Reliance on File Name or Extension of Externally-Supplied File

The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.

CWE-291High

Reliance on IP Address for Authentication

The product uses an IP address for authentication.

CWE-499High

Serializable Class Containing Sensitive Data

The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another class.

CWE-121High

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-650High

Trusting HTTP Permission Methods on the Server Side

The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.

CWE-194High

Unexpected Sign Extension

The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

CWE-416High

Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

CWE-321High

Use of Hard-coded Cryptographic Key

The product uses a hard-coded, unchangeable cryptographic key.

CWE-259High

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

CWE-647High

Use of Non-Canonical URL Paths for Authorization Decisions

The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.

CWE-457High

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

CWE-467High

Use of sizeof() on a Pointer Type

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

CWE-293High

Using Referer Field for Authentication

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

CWE-498Medium

Cloneable Class Containing Sensitive Information

The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.

CWE-329Medium

Generation of Predictable IV with CBC Mode

The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.

CWE-95Medium

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

CWE-332Medium

Insufficient Entropy in PRNG

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

CWE-192Medium

Integer Coercion Error

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

CWE-370Medium

Missing Check for Certificate Revocation after Initial Check

The product does not check the revocation status of a certificate after its initial revocation check, which can cause the product to perform privileged actions even after the certificate is revoked at a later time.

CWE-401Medium

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

CWE-777Medium

Regular Expression without Anchors

The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.

CWE-1004Medium

Sensitive Cookie Without 'HttpOnly' Flag

The product uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag.

CWE-1275Medium

Sensitive Cookie with Improper SameSite Attribute

The SameSite attribute for sensitive cookies is not set, or an insecure value is used.

CWE-196Medium

Unsigned to Signed Conversion Error

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

CWE-492Medium

Use of Inner Class Containing Sensitive Data

Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.

CWE-780Medium

Use of RSA Algorithm without OAEP

The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption.

CWE-1022Medium

Use of Web Link to Untrusted Target with window.opener Access

The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property.

CWE-774Low

Allocation of File Descriptors or Handles Without Limits or Throttling

The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

CWE-481Low

Assigning instead of Comparing

The code uses an operator for assignment when the intention was to perform a comparison.

CWE-482Low

Comparing instead of Assigning

The code uses an operator for comparison when the intention was to perform an assignment.

CWE-462Low

Duplicate Key in Associative List (Alist)

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

CWE-333Low

Improper Handling of Insufficient Entropy in TRNG

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

CWE-298Low

Improper Validation of Certificate Expiration

A certificate expiration is not validated or is incorrectly validated.

CWE-768Low

Incorrect Short Circuit Evaluation

The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.

CWE-762Low

Mismatched Memory Management Routines

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

CWE-479Low

Signal Handler Use of a Non-reentrant Function

The product defines a signal handler that calls a non-reentrant function.

CWE-64Low

Windows Shortcut Following (.LNK)

The product, when opening a file or directory, does not sufficiently handle when the file is a Windows shortcut (.LNK) whose target is outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.

CWE-520

.NET Misconfiguration: Use of Impersonation

Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.

CWE-11

ASP.NET Misconfiguration: Creating Debug Binary

Debugging messages help attackers learn about the system and plan a form of attack.

CWE-1174

ASP.NET Misconfiguration: Improper Model Validation

The ASP.NET application does not use, or incorrectly uses, the model validation framework.

CWE-12

ASP.NET Misconfiguration: Missing Custom Error Page

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

CWE-554

ASP.NET Misconfiguration: Not Using Input Validation Framework

The ASP.NET application does not use an input validation framework.

CWE-13

ASP.NET Misconfiguration: Password in Configuration File

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.

CWE-556

ASP.NET Misconfiguration: Use of Identity Impersonation

Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges.

CWE-582

Array Declared Public, Final, and Static

The product declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.

CWE-587

Assignment of a Fixed Address to a Pointer

The product sets a pointer to a specific address other than NULL or 0.

CWE-588

Attempt to Access Child of a Non-structure Pointer

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

CWE-593

Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created

The product modifies the SSL context after connection creation has begun.

CWE-566

Authorization Bypass Through User-Controlled SQL Primary Key

The product uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with a primary key that can be controlled by that actor.

CWE-806

Buffer Access Using Size of Source Buffer

The product uses the size of a source buffer when reading from or writing to a destination buffer, which may cause it to access memory that is outside of the bounds of the buffer.

CWE-126

Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

CWE-127

Buffer Under-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations prior to the targeted buffer.

CWE-589

Call to Non-ubiquitous API

The product uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.

CWE-572

Call to Thread run() instead of start()

The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.

CWE-313

Cleartext Storage in a File or on Disk

The product stores sensitive information in cleartext in a file, or on disk.

CWE-314

Cleartext Storage in the Registry

The product stores sensitive information in cleartext in the registry.

CWE-318

Cleartext Storage of Sensitive Information in Executable

The product stores sensitive information in cleartext in an executable.

CWE-317

Cleartext Storage of Sensitive Information in GUI

The product stores sensitive information in cleartext within the GUI.

CWE-316

Cleartext Storage of Sensitive Information in Memory

The product stores sensitive information in cleartext in memory.

CWE-315

Cleartext Storage of Sensitive Information in a Cookie

The product stores sensitive information in cleartext in a cookie.

CWE-526

Cleartext Storage of Sensitive Information in an Environment Variable

The product uses an environment variable to store unencrypted sensitive information.

CWE-553

Command Shell in Externally Accessible Directory

A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute commands on the web server.

CWE-1255

Comparison Logic is Vulnerable to Power Side-Channel Attacks

A device's real time power consumption may be monitored during security token evaluation and the information gleaned may be used to determine the value of the reference token.

CWE-595

Comparison of Object References Instead of Object Contents

The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

CWE-14

Compiler Removal of Code to Clear Buffers

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

CWE-71

DEPRECATED: Apple '.DS_Store'

This entry has been deprecated as it represents a specific observed example of a UNIX Hard Link weakness type rather than its own individual weakness type. Please refer to CWE-62.

CWE-542

DEPRECATED: Information Exposure Through Cleanup Log Files

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

CWE-534

DEPRECATED: Information Exposure Through Debug Log Files

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

CWE-533

DEPRECATED: Information Exposure Through Server Log Files

This entry has been deprecated because its abstraction was too low-level. See CWE-532.

CWE-249

DEPRECATED: Often Misused: Path Manipulation

This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to CWE-785.

CWE-292

DEPRECATED: Trusting Self-reported DNS Name

This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350.

CWE-545

DEPRECATED: Use of Dynamic Class Loading

This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.

CWE-111

Direct Use of Unsafe JNI

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java.

CWE-174

Double Decoding of the Same Data

The product decodes the same input twice, which can limit the effectiveness of any protection mechanism that occurs in between the decoding operations.

CWE-85

Doubled Character XSS Manipulations

The web application does not filter user-controlled input for executable script disguised using doubling of the involved characters.

CWE-627

Dynamic Variable Evaluation

In a language where the user can influence the name of a variable at runtime, if the variable names are not controlled, an attacker can read or write to arbitrary variables, or access arbitrary functions.

CWE-575

EJB Bad Practices: Use of AWT Swing

The product violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.

CWE-578

EJB Bad Practices: Use of Class Loader

The product violates the Enterprise JavaBeans (EJB) specification by using the class loader.

CWE-576

EJB Bad Practices: Use of Java I/O

The product violates the Enterprise JavaBeans (EJB) specification by using the java.io package.

CWE-577

EJB Bad Practices: Use of Sockets

The product violates the Enterprise JavaBeans (EJB) specification by using sockets.

CWE-574

EJB Bad Practices: Use of Synchronization Primitives

The product violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.

CWE-1069

Empty Exception Block

An invokable code block contains an exception handling block that does not contain any code, i.e. is empty.

CWE-585

Empty Synchronized Block

The product contains an empty synchronized block.

CWE-782

Exposed IOCTL with Insufficient Access Control

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

CWE-618

Exposed Unsafe ActiveX Method

An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain).

Don't leave your security to chance

Get a free security assessment from our experts. We'll identify vulnerabilities and create a protection plan tailored to your business.

⚠️ Security Notice

This tool is provided for educational and authorized security testing purposes only. Always ensure you have proper authorization before testing any systems or networks you do not own. All processing happens client-side in your browser — no data is sent to our servers.