| Nature | Type | ID | Name |
|---|---|---|---|
| MemberOf | ViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 635 | Weaknesses Originally Used by NVD from 2008 to 2016 |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 933 | OWASP Top Ten 2013 Category A5 - Security Misconfiguration |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1032 | OWASP Top Ten 2017 Category A6 - Security Misconfiguration |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1349 | OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration |
Usage: PROHIBITED
Reason: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1287]. This CWE entry may have become widely-used because of NIST's usage in NVD from 2008 to 2016 (see CWE-635 view, updated to the CWE-1003 view in 2016). Mapping is also Prohibited because this entry's status is Obsolete.Comments:
As of CWE 4.9, "Configuration" is beginning to be treated as an aspect of the SDLC in which a product is directed (by a human or automated process) to perform an insecure behavior. CWE mapping should be conducted by analyzing the weakness in the behavior that has been set by the configuration, such as those related to access control (descendants of CWE-284) or resource management (CWE-400), etc.Maintenance
Maintenance
| Submissions | ||
|---|---|---|
| Submission Date | Submitter | Organization |
|
2006年07月19日
(CWE Draft 3, 2006年07月19日) |
CWE Community | |
| Submitted by members of the CWE community to extend early CWE versions | ||
| Modifications | ||
| Modification Date | Modifier | Organization |
| 2008年09月08日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2010年02月16日 | CWE Content Team | MITRE |
| updated Taxonomy_Mappings | ||
| 2013年07月17日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2014年07月30日 | CWE Content Team | MITRE |
| updated Detection_Factors | ||
| 2015年12月07日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2017年01月19日 | CWE Content Team | MITRE |
| updated Maintenance_Notes, Relationships | ||
| 2017年11月08日 | CWE Content Team | MITRE |
| updated Detection_Factors | ||
| 2018年03月27日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2019年06月20日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2020年02月24日 | CWE Content Team | MITRE |
| updated Maintenance_Notes, Relationships | ||
| 2021年10月28日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2022年10月13日 | CWE Content Team | MITRE |
| updated Maintenance_Notes, References | ||
| 2023年06月29日 | CWE Content Team | MITRE |
| updated Mapping_Notes | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.