CWE Mitre Web Güvenlik Zaafiyetleri Sözlüğü

1. #####################################################################
2.  
3. Source By KingSkrupellos - Cyberizm.Org Digital Security Team - 06/12/2018
4.  
5. #####################################################################
6.  
7. CWE-1 Location
8. CWE-2 Environment
9. CWE-3 Technology-specific Environment Issues
10. CWE-4 J2EE Environment Issues
11. CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption
12. CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
13. CWE-7 J2EE Misconfiguration: Missing Custom Error Page
14. CWE-8 J2EE Misconfiguration: Entity Bean Declared Remote
15. CWE-9 J2EE Misconfiguration: Weak Access Permissions for EJB Methods
16. CWE-10 ASP.NET Environment Issues
17. CWE-11 ASP.NET Misconfiguration: Creating Debug Binary
18. CWE-12 ASP.NET Misconfiguration: Missing Custom Error Page
19. CWE-13 ASP.NET Misconfiguration: Password in Configuration File
20. CWE-14 Compiler Removal of Code to Clear Buffers
21. CWE-15 External Control of System or Configuration Setting
22. CWE-16 Configuration
23. CWE-17 Code
24. CWE-18 Source Code
25. CWE-19 Data Handling
26. CWE-20 Improper Input Validation
27.  
28. CWE-21 Pathname Traversal and Equivalence Errors
29. CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
30. CWE-23 Relative Path Traversal
31. CWE-24 Path Traversal: '../filedir'
32. CWE-25 Path Traversal: '/../filedir'
33. CWE-26 Path Traversal: '/dir/../filename'
34. CWE-27 Path Traversal: 'dir/../../filename'
35. CWE-28 Path Traversal: '..filedir'
36. CWE-29 Path Traversal: '..filename'
37. CWE-30 Path Traversal: 'dir..filename'
38. CWE-31 Path Traversal: 'dir....filename'
39. CWE-32 Path Traversal: '...' (Triple Dot)
40. CWE-33 Path Traversal: '....' (Multiple Dot)
41. CWE-34 Path Traversal: '....//'
42. CWE-35 Path Traversal: '.../...//'
43. CWE-36 Absolute Path Traversal
44. CWE-37 Path Traversal: '/absolute/pathname/here'
45. CWE-38 Path Traversal: 'absolutepathnamehere'
46. CWE-39 Path Traversal: 'C:dirname'
47. CWE-40 Path Traversal: '\UNCshare ame' (Windows UNC Share)
48.  
49. CWE-41 Improper Resolution of Path Equivalence
50. CWE-42 Path Equivalence: 'filename.' (Trailing Dot)
51. CWE-43 Path Equivalence: 'filename....' (Multiple Trailing Dot)
52. CWE-44 Path Equivalence: 'file.name' (Internal Dot)
53. CWE-45 Path Equivalence: 'file...name' (Multiple Internal Dot)
54. CWE-46 Path Equivalence: 'filename ' (Trailing Space)
55. CWE-47 Path Equivalence: ' filename (Leading Space)
56. CWE-48 Path Equivalence: 'file name' (Internal Whitespace)
57. CWE-49 Path Equivalence: 'filename/' (Trailing Slash)
58. CWE-50 Path Equivalence: '//multiple/leading/slash'
59. CWE-51 Path Equivalence: '/multiple//internal/slash'
60. CWE-52 Path Equivalence: '/multiple/trailing/slash//'
61. CWE-53 Path Equivalence: 'multiple\internalackslash'
62. CWE-54 Path Equivalence: 'filedir' (Trailing Backslash)
63. CWE-55 Path Equivalence: '/./' (Single Dot Directory)
64. CWE-56 Path Equivalence: 'filedir*' (Wildcard)
65. CWE-57 Path Equivalence: 'fakedir/../realdir/filename'
66. CWE-58 Path Equivalence: Windows 8.3 Filename
67. CWE-59 Improper Link Resolution Before File Access ('Link Following')
68. CWE-60 UNIX Path Link Problems
69.  
70. CWE-61 UNIX Symbolic Link (Symlink) Following
71. CWE-62 UNIX Hard Link
72. CWE-63 Windows Path Link Problems
73. CWE-64 Windows Shortcut Following (.LNK)
74. CWE-65 Windows Hard Link
75. CWE-66 Improper Handling of File Names that Identify Virtual Resources
76. CWE-67 Improper Handling of Windows Device Names
77. CWE-68 Windows Virtual File Problems
78. CWE-69 Failure to Handle Windows ::DATA Alternate Data Stream
79. CWE-70 Mac Virtual File Problems
80. CWE-71 Apple '.DS_Store'
81. CWE-72 Improper Handling of Apple HFS+ Alternate Data Stream Path
82. CWE-73 External Control of File Name or Path
83. CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')
84. CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
85. CWE-76 Failure to Resolve Equivalent Special Elements into a Different Plane
86. CWE-77 Improper Sanitization of Special Elements used in a Command ('Command Injection')
87. CWE-78 Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')
88. CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
89. CWE-80 Improper Sanitization of Script-Related HTML Tags in a Web Page (Basic XSS)
90.  
91. CWE-81 Improper Sanitization of Script in an Error Message Web Page
92. CWE-82 Improper Sanitization of Script in Attributes of IMG Tags in a Web Page
93. CWE-83 Failure to Sanitize Script in Attributes in a Web Page
94. CWE-84 Failure to Resolve Encoded URI Schemes in a Web Page
95. CWE-85 Doubled Character XSS Manipulations
96. CWE-86 Failure to Sanitize Invalid Characters in Identifiers in Web Pages
97. CWE-87 Failure to Sanitize Alternate XSS Syntax
98. CWE-88 Argument Injection or Modification
99. CWE-89 Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
100. CWE-90 Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
101. CWE-91 XML Injection (aka Blind XPath Injection)
102. CWE-92 DEPRECATED: Improper Sanitization of Custom Special Characters
103. CWE-93 Failure to Sanitize CRLF Sequences ('CRLF Injection')
104. CWE-94 Failure to Control Generation of Code ('Code Injection')
105. CWE-95 Improper Sanitization of Directives in Dynamically Evaluated Code ('Eval Injection')
106. CWE-96 Improper Sanitization of Directives in Statically Saved Code ('Static Code Injection')
107. CWE-97 Failure to Sanitize Server-Side Includes (SSI) Within a Web Page
108. CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')
109. CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
110. CWE-100 Technology-Specific Input Validation Problems
111.  
112. CWE-101 Struts Validation Problems
113. CWE-102 Struts: Duplicate Validation Forms
114. CWE-103 Struts: Incomplete validate() Method Definition
115. CWE-104 Struts: Form Bean Does Not Extend Validation Class
116. CWE-105 Struts: Form Field Without Validator
117. CWE-106 Struts: Plug-in Framework not in Use
118. CWE-107 Struts: Unused Validation Form
119. CWE-108 Struts: Unvalidated Action Form
120. CWE-109 Struts: Validator Turned Off
121. CWE-110 Struts: Validator Without Form Field
122. CWE-111 Direct Use of Unsafe JNI
123. CWE-112 Missing XML Validation
124. CWE-113 Failure to Sanitize CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
125. CWE-114 Process Control
126. CWE-115 Misinterpretation of Input
127. CWE-116 Improper Encoding or Escaping of Output
128. CWE-117 Improper Output Sanitization for Logs
129. CWE-118 Improper Access of Indexable Resource ('Range Error')
130. CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
131. CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
132.  
133. CWE-121 Stack-based Buffer Overflow
134. CWE-122 Heap-based Buffer Overflow
135. CWE-123 Write-what-where Condition
136. CWE-124 Buffer Underwrite ('Buffer Underflow')
137. CWE-125 Out-of-bounds Read
138. CWE-126 Buffer Over-read
139. CWE-127 Buffer Under-read
140. CWE-128 Wrap-around Error
141. CWE-129 Improper Validation of Array Index
142. CWE-130 Improper Handling of Length Parameter Inconsistency
143. CWE-131 Incorrect Calculation of Buffer Size
144. CWE-132 DEPRECATED (Duplicate): Miscalculated Null Termination
145. CWE-133 String Errors
146. CWE-134 Uncontrolled Format String
147. CWE-135 Incorrect Calculation of Multi-Byte String Length
148. CWE-136 Type Errors
149. CWE-137 Representation Errors
150. CWE-138 Improper Sanitization of Special Elements
151. CWE-139 DEPRECATED: General Special Element Problems
152. CWE-140 Failure to Sanitize Delimiters
153.  
154. CWE-141 Failure to Sanitize Parameter/Argument Delimiters
155. CWE-142 Failure to Sanitize Value Delimiters
156. CWE-143 Failure to Sanitize Record Delimiters
157. CWE-144 Failure to Sanitize Line Delimiters
158. CWE-145 Failure to Sanitize Section Delimiters
159. CWE-146 Failure to Sanitize Expression/Command Delimiters
160. CWE-147 Improper Sanitization of Input Terminators
161. CWE-148 Failure to Sanitize Input Leaders
162. CWE-149 Failure to Sanitize Quoting Syntax
163. CWE-150 Failure to Sanitize Escape, Meta, or Control Sequences
164. CWE-151 Improper Sanitization of Comment Delimiters
165. CWE-152 Improper Sanitization of Macro Symbols
166. CWE-153 Improper Sanitization of Substitution Characters
167. CWE-154 Improper Sanitization of Variable Name Delimiters
168. CWE-155 Improper Sanitization of Wildcards or Matching Symbols
169. CWE-156 Improper Sanitization of Whitespace
170. CWE-157 Failure to Sanitize Paired Delimiters
171. CWE-158 Failure to Sanitize Null Byte or NUL Character
172. CWE-159 Failure to Sanitize Special Element
173. CWE-160 Improper Sanitization of Leading Special Elements
174.  
175. CWE-161 Improper Sanitization of Multiple Leading Special Elements
176. CWE-162 Improper Sanitization of Trailing Special Elements
177. CWE-163 Improper Sanitization of Multiple Trailing Special Elements
178. CWE-164 Improper Sanitization of Internal Special Elements
179. CWE-165 Improper Sanitization of Multiple Internal Special Elements
180. CWE-166 Improper Handling of Missing Special Element
181. CWE-167 Improper Handling of Additional Special Element
182. CWE-168 Failure to Resolve Inconsistent Special Elements
183. CWE-169 Technology-Specific Special Elements
184. CWE-170 Improper Null Termination
185. CWE-171 Cleansing, Canonicalization, and Comparison Errors
186. CWE-172 Encoding Error
187. CWE-173 Failure to Handle Alternate Encoding
188. CWE-174 Double Decoding of the Same Data
189. CWE-175 Failure to Handle Mixed Encoding
190. CWE-176 Failure to Handle Unicode Encoding
191. CWE-177 Failure to Handle URL Encoding (Hex Encoding)
192. CWE-178 Failure to Resolve Case Sensitivity
193. CWE-179 Incorrect Behavior Order: Early Validation
194. CWE-180 Incorrect Behavior Order: Validate Before Canonicalize
195.  
196. CWE-181 Incorrect Behavior Order: Validate Before Filter
197. CWE-182 Collapse of Data Into Unsafe Value
198. CWE-183 Permissive Whitelist
199. CWE-184 Incomplete Blacklist
200. CWE-185 Incorrect Regular Expression
201. CWE-186 Overly Restrictive Regular Expression
202. CWE-187 Partial Comparison
203. CWE-188 Reliance on Data/Memory Layout
204. CWE-189 Numeric Errors
205. CWE-190 Integer Overflow or Wraparound
206. CWE-191 Integer Underflow (Wrap or Wraparound)
207. CWE-192 Integer Coercion Error
208. CWE-193 Off-by-one Error
209. CWE-194 Unexpected Sign Extension
210. CWE-195 Signed to Unsigned Conversion Error
211. CWE-196 Unsigned to Signed Conversion Error
212. CWE-197 Numeric Truncation Error
213. CWE-198 Use of Incorrect Byte Ordering
214. CWE-199 Information Management Errors
215. CWE-200 Information Exposure
216.  
217. CWE-201 Information Leak Through Sent Data
218. CWE-202 Privacy Leak through Data Queries
219. CWE-203 Information Exposure Through Discrepancy
220. CWE-204 Response Discrepancy Information Leak
221. CWE-205 Information Exposure Through Behavioral Discrepancy
222. CWE-206 Internal Behavioral Inconsistency Information Leak
223. CWE-207 Information Exposure Through an External Behavioral Inconsistency
224. CWE-208 Timing Discrepancy Information Leak
225. CWE-209 Information Exposure Through an Error Message
226. CWE-210 Product-Generated Error Message Information Leak
227. CWE-211 Product-External Error Message Information Leak
228. CWE-212 Improper Cross-boundary Removal of Sensitive Data
229. CWE-213 Intended Information Leak
230. CWE-214 Process Environment Information Leak
231. CWE-215 Information Leak Through Debug Information
232. CWE-216 Containment Errors (Container Errors)
233. CWE-217 DEPRECATED: Failure to Protect Stored Data from Modification
234. CWE-218 DEPRECATED (Duplicate): Failure to provide confidentiality for stored data
235. CWE-219 Sensitive Data Under Web Root
236. CWE-220 Sensitive Data Under FTP Root
237.  
238. CWE-221 Information Loss or Omission
239. CWE-222 Truncation of Security-relevant Information
240. CWE-223 Omission of Security-relevant Information
241. CWE-224 Obscured Security-relevant Information by Alternate Name
242. CWE-225 DEPRECATED (Duplicate): General Information Management Problems
243. CWE-226 Sensitive Information Uncleared Before Release
244. CWE-227 Failure to Fulfill API Contract ('API Abuse')
245. CWE-228 Improper Handling of Syntactically Invalid Structure
246. CWE-229 Improper Handling of Values
247. CWE-230 Improper Handling of Missing Values
248. CWE-231 Improper Handling of Extra Values
249. CWE-232 Improper Handling of Undefined Values
250. CWE-233 Parameter Problems
251. CWE-234 Failure to Handle Missing Parameter
252. CWE-235 Improper Handling of Extra Parameters
253. CWE-236 Improper Handling of Undefined Parameters
254. CWE-237 Improper Handling of Structural Elements
255. CWE-238 Improper Handling of Incomplete Structural Elements
256. CWE-239 Failure to Handle Incomplete Element
257. CWE-240 Improper Handling of Inconsistent Structural Elements
258.  
259. CWE-241 Improper Handling of Unexpected Data Type
260. CWE-242 Use of Inherently Dangerous Function
261. CWE-243 Failure to Change Working Directory in chroot Jail
262. CWE-244 Failure to Clear Heap Memory Before Release ('Heap Inspection')
263. CWE-245 J2EE Bad Practices: Direct Management of Connections
264. CWE-246 J2EE Bad Practices: Direct Use of Sockets
265. CWE-247 Reliance on DNS Lookups in a Security Decision
266. CWE-248 Uncaught Exception
267. CWE-249 DEPRECATED: Often Misused: Path Manipulation
268. CWE-250 Execution with Unnecessary Privileges
269. CWE-251 Often Misused: String Management
270. CWE-252 Unchecked Return Value
271. CWE-253 Incorrect Check of Function Return Value
272. CWE-254 Security Features
273. CWE-255 Credentials Management
274. CWE-256 Plaintext Storage of a Password
275. CWE-257 Storing Passwords in a Recoverable Format
276. CWE-258 Empty Password in Configuration File
277. CWE-259 Use of Hard-coded Password
278. CWE-260 Password in Configuration File
279.  
280. CWE-261 Weak Cryptography for Passwords
281. CWE-262 Not Using Password Aging
282. CWE-263 Password Aging with Long Expiration
283. CWE-264 Permissions, Privileges, and Access Controls
284. CWE-265 Privilege / Sandbox Issues
285. CWE-266 Incorrect Privilege Assignment
286. CWE-267 Privilege Defined With Unsafe Actions
287. CWE-268 Privilege Chaining
288. CWE-269 Improper Privilege Management
289. CWE-270 Privilege Context Switching Error
290. CWE-271 Privilege Dropping / Lowering Errors
291. CWE-272 Least Privilege Violation
292. CWE-273 Improper Check for Dropped Privileges
293. CWE-274 Improper Handling of Insufficient Privileges
294. CWE-275 Permission Issues
295. CWE-276 Incorrect Default Permissions
296. CWE-277 Insecure Inherited Permissions
297. CWE-278 Insecure Preserved Inherited Permissions
298. CWE-279 Incorrect Execution-Assigned Permissions
299. CWE-280 Improper Handling of Insufficient Permissions or Privileges
300.  
301. CWE-281 Improper Preservation of Permissions
302. CWE-282 Improper Ownership Management
303. CWE-283 Unverified Ownership
304. CWE-284 Access Control (Authorization) Issues
305. CWE-285 Improper Access Control (Authorization)
306. CWE-286 Incorrect User Management
307. CWE-287 Improper Authentication
308. CWE-288 Authentication Bypass Using an Alternate Path or Channel
309. CWE-289 Authentication Bypass by Alternate Name
310. CWE-290 Authentication Bypass by Spoofing
311. CWE-291 Trusting Self-reported IP Address
312. CWE-292 Trusting Self-reported DNS Name
313. CWE-293 Using Referer Field for Authentication
314. CWE-294 Authentication Bypass by Capture-replay
315. CWE-295 Certificate Issues
316. CWE-296 Improper Following of Chain of Trust for Certificate Validation
317. CWE-297 Improper Validation of Host-specific Certificate Data
318. CWE-298 Improper Validation of Certificate Expiration
319. CWE-299 Improper Check for Certificate Revocation
320. CWE-300 Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
321.  
322. CWE-301 Reflection Attack in an Authentication Protocol
323. CWE-302 Authentication Bypass by Assumed-Immutable Data
324. CWE-303 Incorrect Implementation of Authentication Algorithm
325. CWE-304 Missing Critical Step in Authentication
326. CWE-305 Authentication Bypass by Primary Weakness
327. CWE-306 Missing Authentication for Critical Function
328. CWE-307 Improper Restriction of Excessive Authentication Attempts
329. CWE-308 Use of Single-factor Authentication
330. CWE-309 Use of Password System for Primary Authentication
331. CWE-310 Cryptographic Issues
332. CWE-311 Missing Encryption of Sensitive Data
333. CWE-312 Cleartext Storage of Sensitive Information
334. CWE-313 Plaintext Storage in a File or on Disk
335. CWE-314 Plaintext Storage in the Registry
336. CWE-315 Plaintext Storage in a Cookie
337. CWE-316 Plaintext Storage in Memory
338. CWE-317 Plaintext Storage in GUI
339. CWE-318 Plaintext Storage in Executable
340. CWE-319 Cleartext Transmission of Sensitive Information
341. CWE-320 Key Management Errors
342.  
343. CWE-321 Use of Hard-coded Cryptographic Key
344. CWE-322 Key Exchange without Entity Authentication
345. CWE-323 Reusing a Nonce, Key Pair in Encryption
346. CWE-324 Use of a Key Past its Expiration Date
347. CWE-325 Missing Required Cryptographic Step
348. CWE-326 Inadequate Encryption Strength
349. CWE-327 Use of a Broken or Risky Cryptographic Algorithm
350. CWE-328 Reversible One-Way Hash
351. CWE-329 Not Using a Random IV with CBC Mode
352. CWE-330 Use of Insufficiently Random Values
353. CWE-331 Insufficient Entropy
354. CWE-332 Insufficient Entropy in PRNG
355. CWE-333 Improper Handling of Insufficient Entropy in TRNG
356. CWE-334 Small Space of Random Values
357. CWE-335 PRNG Seed Error
358. CWE-336 Same Seed in PRNG
359. CWE-337 Predictable Seed in PRNG
360. CWE-338 Use of Cryptographically Weak PRNG
361. CWE-339 Small Seed Space in PRNG
362. CWE-340 Predictability Problems
363.  
364. CWE-341 Predictable from Observable State
365. CWE-342 Predictable Exact Value from Previous Values
366. CWE-343 Predictable Value Range from Previous Values
367. CWE-344 Use of Invariant Value in Dynamically Changing Context
368. CWE-345 Insufficient Verification of Data Authenticity
369. CWE-346 Origin Validation Error
370. CWE-347 Improper Verification of Cryptographic Signature
371. CWE-348 Use of Less Trusted Source
372. CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
373. CWE-350 Improperly Trusted Reverse DNS
374. CWE-351 Insufficient Type Distinction
375. CWE-352 Cross-Site Request Forgery (CSRF)
376. CWE-353 Failure to Add Integrity Check Value
377. CWE-354 Improper Validation of Integrity Check Value
378. CWE-355 User Interface Security Issues
379. CWE-356 Product UI does not Warn User of Unsafe Actions
380. CWE-357 Insufficient UI Warning of Dangerous Operations
381. CWE-358 Improperly Implemented Security Check for Standard
382. CWE-359 Privacy Violation
383. CWE-360 Trust of System Event Data
384.  
385. CWE-361 Time and State
386. CWE-362 Race Condition
387. CWE-363 Race Condition Enabling Link Following
388. CWE-364 Signal Handler Race Condition
389. CWE-365 Race Condition in Switch
390. CWE-366 Race Condition within a Thread
391. CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
392. CWE-368 Context Switching Race Condition
393. CWE-369 Divide By Zero
394. CWE-370 Missing Check for Certificate Revocation after Initial Check
395. CWE-371 State Issues
396. CWE-372 Incomplete Internal State Distinction
397. CWE-373 State Synchronization Error
398. CWE-374 Mutable Objects Passed by Reference
399. CWE-375 Passing Mutable Objects to an Untrusted Method
400. CWE-376 Temporary File Issues
401. CWE-377 Insecure Temporary File
402. CWE-378 Creation of Temporary File With Insecure Permissions
403. CWE-379 Creation of Temporary File in Directory with Incorrect Permissions
404. CWE-380 Technology-Specific Time and State Issues
405.  
406. CWE-381 J2EE Time and State Issues
407. CWE-382 J2EE Bad Practices: Use of System.exit()
408. CWE-383 J2EE Bad Practices: Direct Use of Threads
409. CWE-384 Session Fixation
410. CWE-385 Covert Timing Channel
411. CWE-386 Symbolic Name not Mapping to Correct Object
412. CWE-387 Signal Errors
413. CWE-388 Error Handling
414. CWE-389 Error Conditions, Return Values, Status Codes
415. CWE-390 Detection of Error Condition Without Action
416. CWE-391 Unchecked Error Condition
417. CWE-392 Failure to Report Error in Status Code
418. CWE-393 Return of Wrong Status Code
419. CWE-394 Unexpected Status Code or Return Value
420. CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference
421. CWE-396 Declaration of Catch for Generic Exception
422. CWE-397 Declaration of Throws for Generic Exception
423. CWE-398 Indicator of Poor Code Quality
424. CWE-399 Resource Management Errors
425. CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
426.  
427. CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')
428. CWE-402 Transmission of Private Resources into a New Sphere ('Resource Leak')
429. CWE-403 UNIX File Descriptor Leak
430. CWE-404 Improper Resource Shutdown or Release
431. CWE-405 Asymmetric Resource Consumption (Amplification)
432. CWE-406 Insufficient Control of Network Message Volume (Network Amplification)
433. CWE-407 Algorithmic Complexity
434. CWE-408 Incorrect Behavior Order: Early Amplification
435. CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
436. CWE-410 Insufficient Resource Pool
437. CWE-411 Resource Locking Problems
438. CWE-412 Unrestricted Externally Accessible Lock
439. CWE-413 Insufficient Resource Locking
440. CWE-414 Missing Lock Check
441. CWE-415 Double Free
442. CWE-416 Use After Free
443. CWE-417 Channel and Path Errors
444. CWE-418 Channel Errors
445. CWE-419 Unprotected Primary Channel
446. CWE-420 Unprotected Alternate Channel
447.  
448. CWE-421 Race Condition During Access to Alternate Channel
449. CWE-422 Unprotected Windows Messaging Channel ('Shatter')
450. CWE-423 DEPRECATED (Duplicate): Proxied Trusted Channel
451. CWE-424 Failure to Protect Alternate Path
452. CWE-425 Direct Request ('Forced Browsing')
453. CWE-426 Untrusted Search Path
454. CWE-427 Uncontrolled Search Path Element
455. CWE-428 Unquoted Search Path or Element
456. CWE-429 Handler Errors
457. CWE-430 Deployment of Wrong Handler
458. CWE-431 Missing Handler
459. CWE-432 Dangerous Handler not Disabled During Sensitive Operations
460. CWE-433 Unparsed Raw Web Content Delivery
461. CWE-434 Unrestricted Upload of File with Dangerous Type
462. CWE-435 Interaction Error
463. CWE-436 Interpretation Conflict
464. CWE-437 Incomplete Model of Endpoint Features
465. CWE-438 Behavioral Problems
466. CWE-439 Behavioral Change in New Version or Environment
467. CWE-440 Expected Behavior Violation
468.  
469. CWE-441 Unintended Proxy/Intermediary
470. CWE-442 Web Problems
471. CWE-443 DEPRECATED (Duplicate): HTTP response splitting
472. CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
473. CWE-445 User Interface Errors
474. CWE-446 UI Discrepancy for Security Feature
475. CWE-447 Unimplemented or Unsupported Feature in UI
476. CWE-448 Obsolete Feature in UI
477. CWE-449 The UI Performs the Wrong Action
478. CWE-450 Multiple Interpretations of UI Input
479. CWE-451 UI Misrepresentation of Critical Information
480. CWE-452 Initialization and Cleanup Errors
481. CWE-453 Insecure Default Variable Initialization
482. CWE-454 External Initialization of Trusted Variables or Data Stores
483. CWE-455 Non-exit on Failed Initialization
484. CWE-456 Missing Initialization
485. CWE-457 Use of Uninitialized Variable
486. CWE-458 DEPRECATED: Incorrect Initialization
487. CWE-459 Incomplete Cleanup
488. CWE-460 Improper Cleanup on Thrown Exception
489.  
490. CWE-461 Data Structure Issues
491. CWE-462 Duplicate Key in Associative List (Alist)
492. CWE-463 Deletion of Data Structure Sentinel
493. CWE-464 Addition of Data Structure Sentinel
494. CWE-465 Pointer Issues
495. CWE-466 Return of Pointer Value Outside of Expected Range
496. CWE-467 Use of sizeof() on a Pointer Type
497. CWE-468 Incorrect Pointer Scaling
498. CWE-469 Use of Pointer Subtraction to Determine Size
499. CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
500. CWE-471 Modification of Assumed-Immutable Data (MAID)
501. CWE-472 External Control of Assumed-Immutable Web Parameter
502. CWE-473 PHP External Variable Modification
503. CWE-474 Use of Function with Inconsistent Implementations
504. CWE-475 Undefined Behavior for Input to API
505. CWE-476 NULL Pointer Dereference
506. CWE-477 Use of Obsolete Functions
507. CWE-478 Missing Default Case in Switch Statement
508. CWE-479 Unsafe Function Call from a Signal Handler
509. CWE-480 Use of Incorrect Operator
510.  
511. CWE-481 Assigning instead of Comparing
512. CWE-482 Comparing instead of Assigning
513. CWE-483 Incorrect Block Delimitation
514. CWE-484 Omitted Break Statement in Switch
515. CWE-485 Insufficient Encapsulation
516. CWE-486 Comparison of Classes by Name
517. CWE-487 Reliance on Package-level Scope
518. CWE-488 Data Leak Between Sessions
519. CWE-489 Leftover Debug Code
520. CWE-490 Mobile Code Issues
521. CWE-491 Public cloneable() Method Without Final ('Object Hijack')
522. CWE-492 Use of Inner Class Containing Sensitive Data
523. CWE-493 Critical Public Variable Without Final Modifier
524. CWE-494 Download of Code Without Integrity Check
525. CWE-495 Private Array-Typed Field Returned From A Public Method
526. CWE-496 Public Data Assigned to Private Array-Typed Field
527. CWE-497 Exposure of System Data to an Unauthorized Control Sphere
528. CWE-498 Information Leak through Class Cloning
529. CWE-499 Serializable Class Containing Sensitive Data
530. CWE-500 Public Static Field Not Marked Final
531.  
532. CWE-501 Trust Boundary Violation
533. CWE-502 Deserialization of Untrusted Data
534. CWE-503 Byte/Object Code
535. CWE-504 Motivation/Intent
536. CWE-505 Intentionally Introduced Weakness
537. CWE-506 Embedded Malicious Code
538. CWE-507 Trojan Horse
539. CWE-508 Non-Replicating Malicious Code
540. CWE-509 Replicating Malicious Code (Virus or Worm)
541. CWE-510 Trapdoor
542. CWE-511 Logic/Time Bomb
543. CWE-512 Spyware
544. CWE-513 Intentionally Introduced Nonmalicious Weakness
545. CWE-514 Covert Channel
546. CWE-515 Covert Storage Channel
547. CWE-516 DEPRECATED (Duplicate): Covert Timing Channel
548. CWE-517 Other Intentional, Nonmalicious Weakness
549. CWE-518 Inadvertently Introduced Weakness
550. CWE-519 .NET Environment Issues
551. CWE-520 .NET Misconfiguration: Use of Impersonation
552.  
553. CWE-521 Weak Password Requirements
554. CWE-522 Insufficiently Protected Credentials
555. CWE-523 Unprotected Transport of Credentials
556. CWE-524 Information Leak Through Caching
557. CWE-525 Information Leak Through Browser Caching
558. CWE-526 Information Leak Through Environmental Variables
559. CWE-527 Exposure of CVS Repository to an Unauthorized Control Sphere
560. CWE-528 Exposure of Core Dump File to an Unauthorized Control Sphere
561. CWE-529 Exposure of Access Control List Files to an Unauthorized Control Sphere
562. CWE-530 Exposure of Backup File to an Unauthorized Control Sphere
563. CWE-531 Information Leak Through Test Code
564. CWE-532 Information Leak Through Log Files
565. CWE-533 Information Leak Through Server Log Files
566. CWE-534 Information Leak Through Debug Log Files
567. CWE-535 Information Leak Through Shell Error Message
568. CWE-536 Information Leak Through Servlet Runtime Error Message
569. CWE-537 Information Leak Through Java Runtime Error Message
570. CWE-538 File and Directory Information Exposure
571. CWE-539 Information Leak Through Persistent Cookies
572. CWE-540 Information Leak Through Source Code
573.  
574. CWE-541 Information Leak Through Include Source Code
575. CWE-542 Information Leak Through Cleanup Log Files
576. CWE-543 Use of Singleton Pattern in a Non-thread-safe Manner
577. CWE-544 Failure to Use a Standardized Error Handling Mechanism
578. CWE-545 Use of Dynamic Class Loading
579. CWE-546 Suspicious Comment
580. CWE-547 Use of Hard-coded, Security-relevant Constants
581. CWE-548 Information Leak Through Directory Listing
582. CWE-549 Missing Password Field Masking
583. CWE-550 Information Leak Through Server Error Message
584. CWE-551 Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
585. CWE-552 Files or Directories Accessible to External Parties
586. CWE-553 Command Shell in Externally Accessible Directory
587. CWE-554 ASP.NET Misconfiguration: Not Using Input Validation Framework
588. CWE-555 J2EE Misconfiguration: Plaintext Password in Configuration File
589. CWE-556 ASP.NET Misconfiguration: Use of Identity Impersonation
590. CWE-557 Concurrency Issues
591. CWE-558 Use of getlogin() in Multithreaded Application
592. CWE-559 Often Misused: Arguments and Parameters
593. CWE-560 Use of umask() with chmod-style Argument
594.  
595. CWE-561 Dead Code
596. CWE-562 Return of Stack Variable Address
597. CWE-563 Unused Variable
598. CWE-564 SQL Injection: Hibernate
599. CWE-565 Reliance on Cookies without Validation and Integrity Checking
600. CWE-566 Access Control Bypass Through User-Controlled SQL Primary Key
601. CWE-567 Unsynchronized Access to Shared Data
602. CWE-568 finalize() Method Without super.finalize()
603. CWE-569 Expression Issues
604. CWE-570 Expression is Always False
605. CWE-571 Expression is Always True
606. CWE-572 Call to Thread run() instead of start()
607. CWE-573 Failure to Follow Specification
608. CWE-574 EJB Bad Practices: Use of Synchronization Primitives
609. CWE-575 EJB Bad Practices: Use of AWT Swing
610. CWE-576 EJB Bad Practices: Use of Java I/O
611. CWE-577 EJB Bad Practices: Use of Sockets
612. CWE-578 EJB Bad Practices: Use of Class Loader
613. CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session
614. CWE-580 clone() Method Without super.clone()
615.  
616. CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined
617. CWE-582 Array Declared Public, Final, and Static
618. CWE-583 finalize() Method Declared Public
619. CWE-584 Return Inside Finally Block
620. CWE-585 Empty Synchronized Block
621. CWE-586 Explicit Call to Finalize()
622. CWE-587 Assignment of a Fixed Address to a Pointer
623. CWE-588 Attempt to Access Child of a Non-structure Pointer
624. CWE-589 Call to Non-ubiquitous API
625. CWE-590 Free of Memory not on the Heap
626. CWE-591 Sensitive Data Storage in Improperly Locked Memory
627. CWE-592 Authentication Bypass Issues
628. CWE-593 Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
629. CWE-594 J2EE Framework: Saving Unserializable Objects to Disk
630. CWE-595 Comparison of Object References Instead of Object Contents
631. CWE-596 Incorrect Semantic Object Comparison
632. CWE-597 Use of Wrong Operator in String Comparison
633. CWE-598 Information Leak Through Query Strings in GET Request
634. CWE-599 Trust of OpenSSL Certificate Without Validation
635. CWE-600 Failure to Catch All Exceptions in Servlet
636.  
637. CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
638. CWE-602 Client-Side Enforcement of Server-Side Security
639. CWE-603 Use of Client-Side Authentication
640. CWE-604 Deprecated Entries
641. CWE-605 Multiple Binds to the Same Port
642. CWE-606 Unchecked Input for Loop Condition
643. CWE-607 Public Static Final Field References Mutable Object
644. CWE-608 Struts: Non-private Field in ActionForm Class
645. CWE-609 Double-Checked Locking
646. CWE-610 Externally Controlled Reference to a Resource in Another Sphere
647. CWE-611 Information Leak Through XML External Entity File Disclosure
648. CWE-612 Information Leak Through Indexing of Private Data
649. CWE-613 Insufficient Session Expiration
650. CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
651. CWE-615 Information Leak Through Comments
652. CWE-616 Incomplete Identification of Uploaded File Variables (PHP)
653. CWE-617 Reachable Assertion
654. CWE-618 Exposed Unsafe ActiveX Method
655. CWE-619 Dangling Database Cursor ('Cursor Injection')
656. CWE-620 Unverified Password Change
657.  
658. CWE-621 Variable Extraction Error
659. CWE-622 Unvalidated Function Hook Arguments
660. CWE-623 Unsafe ActiveX Control Marked Safe For Scripting
661. CWE-624 Executable Regular Expression Error
662. CWE-625 Permissive Regular Expression
663. CWE-626 Null Byte Interaction Error (Poison Null Byte)
664. CWE-627 Dynamic Variable Evaluation
665. CWE-628 Function Call with Incorrectly Specified Arguments
666. CWE-629 Weaknesses in OWASP Top Ten (2007)
667. CWE-630 Weaknesses Examined by SAMATE
668. CWE-631 Resource-specific Weaknesses
669. CWE-632 Weaknesses that Affect Files or Directories
670. CWE-633 Weaknesses that Affect Memory
671. CWE-634 Weaknesses that Affect System Processes
672. CWE-635 Weaknesses Used by NVD
673. CWE-636 Not Failing Securely ('Failing Open')
674. CWE-637 Failure to Use Economy of Mechanism
675. CWE-638 Failure to Use Complete Mediation
676. CWE-639 Access Control Bypass Through User-Controlled Key
677. CWE-640 Weak Password Recovery Mechanism for Forgotten Password
678.  
679. CWE-641 Insufficient Filtering of File and Other Resource Names for Executable Content
680. CWE-642 External Control of Critical State Data
681. CWE-643 Failure to Sanitize Data within XPath Expressions ('XPath injection')
682. CWE-644 Improper Sanitization of HTTP Headers for Scripting Syntax
683. CWE-645 Overly Restrictive Account Lockout Mechanism
684. CWE-646 Reliance on File Name or Extension of Externally-Supplied File
685. CWE-647 Use of Non-Canonical URL Paths for Authorization Decisions
686. CWE-648 Incorrect Use of Privileged APIs
687. CWE-649 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking
688. CWE-650 Trusting HTTP Permission Methods on the Server Side
689. CWE-651 Information Leak through WSDL File
690. CWE-652 Failure to Sanitize Data within XQuery Expressions ('XQuery Injection')
691. CWE-653 Insufficient Compartmentalization
692. CWE-654 Reliance on a Single Factor in a Security Decision
693. CWE-655 Insufficient Psychological Acceptability
694. CWE-656 Reliance on Security through Obscurity
695. CWE-657 Violation of Secure Design Principles
696. CWE-658 Weaknesses in Software Written in C
697. CWE-659 Weaknesses in Software Written in C++
698. CWE-660 Weaknesses in Software Written in Java
699.  
700. CWE-661 Weaknesses in Software Written in PHP
701. CWE-662 Insufficient Synchronization
702. CWE-663 Use of a Non-reentrant Function in an Unsynchronized Context
703. CWE-664 Improper Control of a Resource Through its Lifetime
704. CWE-665 Improper Initialization
705. CWE-666 Operation on Resource in Wrong Phase of Lifetime
706. CWE-667 Insufficient Locking
707. CWE-668 Exposure of Resource to Wrong Sphere
708. CWE-669 Incorrect Resource Transfer Between Spheres
709. CWE-670 Always-Incorrect Control Flow Implementation
710. CWE-671 Lack of Administrator Control over Security
711. CWE-672 Operation on a Resource after Expiration or Release
712. CWE-673 External Influence of Sphere Definition
713. CWE-674 Uncontrolled Recursion
714. CWE-675 Duplicate Operations on Resource
715. CWE-676 Use of Potentially Dangerous Function
716. CWE-677 Weakness Base Elements
717. CWE-678 Composites
718. CWE-679 Chain Elements
719. CWE-680 Integer Overflow to Buffer Overflow
720.  
721. CWE-681 Incorrect Conversion between Numeric Types
722. CWE-682 Incorrect Calculation
723. CWE-683 Function Call With Incorrect Order of Arguments
724. CWE-684 Failure to Provide Specified Functionality
725. CWE-685 Function Call With Incorrect Number of Arguments
726. CWE-686 Function Call With Incorrect Argument Type
727. CWE-687 Function Call With Incorrectly Specified Argument Value
728. CWE-688 Function Call With Incorrect Variable or Reference as Argument
729. CWE-689 Permission Race Condition During Resource Copy
730. CWE-690 Unchecked Return Value to NULL Pointer Dereference
731. CWE-691 Insufficient Control Flow Management
732. CWE-692 Incomplete Blacklist to Cross-Site Scripting
733. CWE-693 Protection Mechanism Failure
734. CWE-694 Use of Multiple Resources with Duplicate Identifier
735. CWE-695 Use of Low-Level Functionality
736. CWE-696 Incorrect Behavior Order
737. CWE-697 Insufficient Comparison
738. CWE-698 Redirect Without Exit
739. CWE-699 Development Concepts
740. CWE-700 Seven Pernicious Kingdoms
741.  
742. CWE-701 Weaknesses Introduced During Design
743. CWE-702 Weaknesses Introduced During Implementation
744. CWE-703 Failure to Handle Exceptional Conditions
745. CWE-704 Incorrect Type Conversion or Cast
746. CWE-705 Incorrect Control Flow Scoping
747. CWE-706 Use of Incorrectly-Resolved Name or Reference
748. CWE-707 Improper Enforcement of Message or Data Structure
749. CWE-708 Incorrect Ownership Assignment
750. CWE-709 Named Chains
751. CWE-710 Coding Standards Violation
752. CWE-711 Weaknesses in OWASP Top Ten (2004)
753. CWE-712 OWASP Top Ten 2007 Category A1 - Cross Site Scripting (XSS)
754. CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
755. CWE-714 OWASP Top Ten 2007 Category A3 - Malicious File Execution
756. CWE-715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference
757. CWE-716 OWASP Top Ten 2007 Category A5 - Cross Site Request Forgery (CSRF)
758. CWE-717 OWASP Top Ten 2007 Category A6 - Information Leakage and Improper Error Handling
759. CWE-718 OWASP Top Ten 2007 Category A7 - Broken Authentication and Session Management
760. CWE-719 OWASP Top Ten 2007 Category A8 - Insecure Cryptographic Storage
761. CWE-720 OWASP Top Ten 2007 Category A9 - Insecure Communications
762.  
763. CWE-721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
764. CWE-722 OWASP Top Ten 2004 Category A1 - Unvalidated Input
765. CWE-723 OWASP Top Ten 2004 Category A2 - Broken Access Control
766. CWE-724 OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
767. CWE-725 OWASP Top Ten 2004 Category A4 - Cross-Site Scripting (XSS) Flaws
768. CWE-726 OWASP Top Ten 2004 Category A5 - Buffer Overflows
769. CWE-727 OWASP Top Ten 2004 Category A6 - Injection Flaws
770. CWE-728 OWASP Top Ten 2004 Category A7 - Improper Error Handling
771. CWE-729 OWASP Top Ten 2004 Category A8 - Insecure Storage
772. CWE-730 OWASP Top Ten 2004 Category A9 - Denial of Service
773. CWE-731 OWASP Top Ten 2004 Category A10 - Insecure Configuration Management
774. CWE-732 Incorrect Permission Assignment for Critical Resource
775. CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
776. CWE-734 Weaknesses Addressed by the CERT C Secure Coding Standard
777. CWE-735 CERT C Secure Coding Section 01 - Preprocessor (PRE)
778. CWE-736 CERT C Secure Coding Section 02 - Declarations and Initialization (DCL)
779. CWE-737 CERT C Secure Coding Section 03 - Expressions (EXP)
780. CWE-738 CERT C Secure Coding Section 04 - Integers (INT)
781. CWE-739 CERT C Secure Coding Section 05 - Floating Point (FLP)
782. CWE-740 CERT C Secure Coding Section 06 - Arrays (ARR)
783.  
784. CWE-741 CERT C Secure Coding Section 07 - Characters and Strings (STR)
785. CWE-742 CERT C Secure Coding Section 08 - Memory Management (MEM)
786. CWE-743 CERT C Secure Coding Section 09 - Input Output (FIO)
787. CWE-744 CERT C Secure Coding Section 10 - Environment (ENV)
788. CWE-745 CERT C Secure Coding Section 11 - Signals (SIG)
789. CWE-746 CERT C Secure Coding Section 12 - Error Handling (ERR)
790. CWE-747 CERT C Secure Coding Section 49 - Miscellaneous (MSC)
791. CWE-748 CERT C Secure Coding Section 50 - POSIX (POS)
792. CWE-749 Exposed Dangerous Method or Function
793. CWE-750 Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors
794. CWE-751 2009 Top 25 - Insecure Interaction Between Components
795. CWE-752 2009 Top 25 - Risky Resource Management
796. CWE-753 2009 Top 25 - Porous Defenses
797. CWE-754 Improper Check for Unusual or Exceptional Conditions
798. CWE-755 Improper Handling of Exceptional Conditions
799. CWE-756 Missing Custom Error Page
800. CWE-757 Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')
801. CWE-758 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
802. CWE-759 Use of a One-Way Hash without a Salt
803. CWE-760 Use of a One-Way Hash with a Predictable Salt
804.  
805. CWE-761 Free of Pointer not at Start of Buffer
806. CWE-762 Mismatched Memory Management Routines
807. CWE-763 Release of Invalid Pointer or Reference
808. CWE-764 Multiple Locks of a Critical Resource
809. CWE-765 Multiple Unlocks of a Critical Resource
810. CWE-766 Critical Variable Declared Public
811. CWE-767 Access to Critical Private Variable via Public Method
812. CWE-768 Incorrect Short Circuit Evaluation
813. CWE-769 File Descriptor Exhaustion
814. CWE-770 Allocation of Resources Without Limits or Throttling
815. CWE-771 Missing Reference to Active Allocated Resource
816. CWE-772 Missing Release of Resource after Effective Lifetime
817. CWE-773 Missing Reference to Active File Descriptor or Handle
818. CWE-774 Allocation of File Descriptors or Handles Without Limits or Throttling
819. CWE-775 Missing Release of File Descriptor or Handle after Effective Lifetime
820. CWE-776 Unrestricted Recursive Entity References in DTDs ('XML Bomb')
821. CWE-777 Regular Expression without Anchors
822. CWE-778 Insufficient Logging
823. CWE-779 Logging of Excessive Data
824. CWE-780 Use of RSA Algorithm without OAEP
825.  
826. CWE-781 Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code
827. CWE-782 Exposed IOCTL with Insufficient Access Control
828. CWE-783 Operator Precedence Logic Error
829. CWE-784 Reliance on Cookies without Validation and Integrity Checking in a Security Decision
830. CWE-785 Use of Path Manipulation Function without Maximum-sized Buffer
831. CWE-786 Access of Memory Location Before Start of Buffer
832. CWE-787 Out-of-bounds Write
833. CWE-788 Access of Memory Location After End of Buffer
834. CWE-789 Uncontrolled Memory Allocation
835. CWE-790 Improper Filtering of Special Elements
836. CWE-791 Incomplete Filtering of Special Elements
837. CWE-792 Incomplete Filtering of One or More Instances of Special Elements
838. CWE-793 Only Filtering One Instance of a Special Element
839. CWE-794 Incomplete Filtering of Multiple Instances of Special Elements
840. CWE-795 Only Filtering Special Elements at a Specified Location
841. CWE-796 Only Filtering Special Elements Relative to a Marker
842. CWE-797 Only Filtering Special Elements at an Absolute Position
843. CWE-798 Use of Hard-coded Credentials
844. CWE-799 Improper Control of Interaction Frequency
845. CWE-800 Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors
846.  
847. CWE-801 2010 Top 25 - Insecure Interaction Between Components
848. CWE-802 2010 Top 25 - Risky Resource Management
849. CWE-803 2010 Top 25 - Porous Defenses
850. CWE-804 Guessable CAPTCHA
851. CWE-805 Buffer Access with Incorrect Length Value
852. CWE-806 Buffer Access Using Size of Source Buffer
853. CWE-807 Reliance on Untrusted Inputs in a Security Decision
854. CWE-808 2010 Top 25 - Weaknesses On the Cusp
855. CWE-1000 Research Concepts
856. CWE-2000 Comprehensive CWE Dictionary
857.  
858. Kaynak : cwe.mitre.org
859.  
860. Kaynak : security-database.com/cwe.php
861.  
862. Kaynak : cxsecurity.com/allcwe/
863.  
864. #####################################################################
865.  
866. Source By KingSkrupellos - Cyberizm.Org Digital Security Team - 06/12/2018
867.  
868. #####################################################################