1. Home
  2. Weaknesses
  3. CWE-276

CWE-276: Incorrect Default Permissions

ID CWE-276
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 972
Detail CAPEC Dashboard Vulnerabilities Web & Social
During installation, installed file permissions are set to allow anyone to modify those files.

Modes of Introduction

Phase Note
Architecture and Design
Implementation
Installation
Operation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific
Technology Not Technology-Specific
Technology ICS/OT

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-732 Incorrect Permission Assignment for Critical Resource Class Simple Draft
CWE-1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Incomplete CWE-732 Incorrect Permission Assignment for Critical Resource Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs CWE-276
CAPEC-81 Web Server Logs Tampering CWE-276
CAPEC-127 Directory Indexing CWE-276

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date