| Nature | Type | ID | Name |
|---|---|---|---|
| MemberOf | ViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 711 | Weaknesses in OWASP Top Ten (2004) |
| HasMember | VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. | 9 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 22 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 41 | Improper Resolution of Path Equivalence |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 73 | External Control of File Name or Path |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 266 | Incorrect Privilege Assignment |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 268 | Privilege Chaining |
| HasMember | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 275 | Permission Issues |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 283 | Unverified Ownership |
| HasMember | PillarPillar - a weakness that is the most abstract type of weakness and represents a theme for all class/base/variant weaknesses related to it. A Pillar is different from a Category as a Pillar is still technically a type of weakness that describes a mistake, while a Category represents a common characteristic used to group related things. | 284 | Improper Access Control |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 285 | Improper Authorization |
| HasMember | ClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource. | 330 | Use of Insufficiently Random Values |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 425 | Direct Request ('Forced Browsing') |
| HasMember | VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. | 525 | Use of Web Browser Cache Containing Sensitive Information |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 551 | Incorrect Behavior Order: Authorization Before Parsing and Canonicalization |
| HasMember | VariantVariant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific than a Base weakness. Variant level weaknesses typically describe issues in terms of 3 to 5 of the following dimensions: behavior, property, technology, language, and resource. | 556 | ASP.NET Misconfiguration: Use of Identity Impersonation |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 639 | Authorization Bypass Through User-Controlled Key |
| HasMember | BaseBase - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 708 | Incorrect Ownership Assignment |
Usage: PROHIBITED
Reason: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.Comments:
See member weaknesses of this category.| Submissions | ||
|---|---|---|
| Submission Date | Submitter | Organization |
|
2008年08月15日
(CWE 1.0, 2008年09月09日) |
Veracode | |
| Suggested creation of view and provided mappings | ||
| Modifications | ||
| Modification Date | Modifier | Organization |
| 2009年03月10日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2023年04月27日 | CWE Content Team | MITRE |
| updated Mapping_Notes | ||
| 2023年06月29日 | CWE Content Team | MITRE |
| updated Mapping_Notes | ||
|
2025年09月09日
(CWE 4.18, 2025年09月09日) |
CWE Content Team | MITRE |
| updated References | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.