CWE-1403: Comprehensive Categorization: Exposed Resource
ID
CWE-1403
Status
Incomplete
Weaknesses in this category are related to exposed resource.
Relationships
| View | Weakness | ||||||
|---|---|---|---|---|---|---|---|
| # ID | Name | # ID | Name | Abstraction | Structure | Status | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-8 | J2EE Misconfiguration: Entity Bean Declared Remote | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-15 | External Control of System or Configuration Setting | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-73 | External Control of File Name or Path | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-114 | Process Control | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-219 | Storage of File with Sensitive Data Under Web Root | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-220 | Storage of File With Sensitive Data Under FTP Root | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-374 | Passing Mutable Objects to an Untrusted Method | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-375 | Returning a Mutable Object to an Untrusted Caller | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-377 | Insecure Temporary File | Class | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-378 | Creation of Temporary File With Insecure Permissions | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-379 | Creation of Temporary File in Directory with Insecure Permissions | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-402 | Transmission of Private Resources into a New Sphere ('Resource Leak') | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-403 | Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-426 | Untrusted Search Path | Base | Simple | Stable | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-427 | Uncontrolled Search Path Element | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-428 | Unquoted Search Path or Element | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-433 | Unparsed Raw Web Content Delivery | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-472 | External Control of Assumed-Immutable Web Parameter | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-488 | Exposure of Data Element to Wrong Session | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-491 | Public cloneable() Method Without Final ('Object Hijack') | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-492 | Use of Inner Class Containing Sensitive Data | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-493 | Critical Public Variable Without Final Modifier | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-498 | Cloneable Class Containing Sensitive Information | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-499 | Serializable Class Containing Sensitive Data | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-500 | Public Static Field Not Marked Final | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-524 | Use of Cache Containing Sensitive Information | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-525 | Use of Web Browser Cache Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-527 | Exposure of Version-Control Repository to an Unauthorized Control Sphere | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-528 | Exposure of Core Dump File to an Unauthorized Control Sphere | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-529 | Exposure of Access Control List Files to an Unauthorized Control Sphere | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-530 | Exposure of Backup File to an Unauthorized Control Sphere | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-539 | Use of Persistent Cookies Containing Sensitive Information | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-552 | Files or Directories Accessible to External Parties | Base | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-553 | Command Shell in Externally Accessible Directory | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-565 | Reliance on Cookies without Validation and Integrity Checking | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-582 | Array Declared Public, Final, and Static | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-583 | finalize() Method Declared Public | Variant | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-608 | Struts: Non-private Field in ActionForm Class | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-619 | Dangling Database Cursor ('Cursor Injection') | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-642 | External Control of Critical State Data | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-668 | Exposure of Resource to Wrong Sphere | Class | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-767 | Access to Critical Private Variable via Public Method | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-784 | Reliance on Cookies without Validation and Integrity Checking in a Security Decision | Variant | Simple | Draft | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1282 | Assumed-Immutable Data is Stored in Writable Memory | Base | Simple | Incomplete | |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends | CWE-1327 | Binding to an Unrestricted IP Address | Base | Simple | Incomplete | |
Loading...