CWE-425: Direct Request ('Forced Browsing')
ID
CWE-425
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
144
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path.
Modes of Introduction
Phase | Note |
---|---|
Implementation | |
Operation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific | ||
Technology | Web Based |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-862 | Missing Authorization | Class | Simple | Incomplete | |
CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-862 | Missing Authorization | Class | Simple | Incomplete | |
CWE-1000 | Research Concepts | Draft | CWE-288 | Authentication Bypass Using an Alternate Path or Channel | Base | Simple | Incomplete | |
CWE-1000 | Research Concepts | Draft | CWE-424 | Improper Protection of Alternate Path | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-471 | Modification of Assumed-Immutable Data (MAID) | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-98 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') | Variant | Simple | Draft |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...