CSAF
view release on metacpan or search on metacpan
lib/CSAF/Util/CWE.pm view on Meta::CPAN
'CWE-491' => q"Public cloneable() Method Without Final ('Object Hijack')",
'CWE-492' => q"Use of Inner Class Containing Sensitive Data",
'CWE-493' => q"Critical Public Variable Without Final Modifier",
'CWE-494' => q"Download of Code Without Integrity Check",
'CWE-495' => q"Private Data Structure Returned From A Public Method",
'CWE-496' => q"Public Data Assigned to Private Array-Typed Field",
'CWE-497' => q"Exposure of Sensitive System Information to an Unauthorized Control Sphere",
'CWE-498' => q"Cloneable Class Containing Sensitive Information",
'CWE-499' => q"Serializable Class Containing Sensitive Data",
'CWE-500' => q"Public Static Field Not Marked Final",
'CWE-501' => q"Trust Boundary Violation",
'CWE-502' => q"Deserialization of Untrusted Data",
'CWE-506' => q"Embedded Malicious Code",
'CWE-507' => q"Trojan Horse",
'CWE-508' => q"Non-Replicating Malicious Code",
'CWE-509' => q"Replicating Malicious Code (Virus or Worm)",
'CWE-510' => q"Trapdoor",
'CWE-511' => q"Logic/Time Bomb",
'CWE-512' => q"Spyware",
'CWE-514' => q"Covert Channel",
'CWE-515' => q"Covert Storage Channel",
'CWE-516' => q"DEPRECATED: Covert Timing Channel",
'CWE-520' => q".NET Misconfiguration: Use of Impersonation",
'CWE-521' => q"Weak Password Requirements",
'CWE-522' => q"Insufficiently Protected Credentials",
'CWE-523' => q"Unprotected Transport of Credentials",
'CWE-524' => q"Use of Cache Containing Sensitive Information",
'CWE-525' => q"Use of Web Browser Cache Containing Sensitive Information",
'CWE-526' => q"Cleartext Storage of Sensitive Information in an Environment Variable",
'CWE-527' => q"Exposure of Version-Control Repository to an Unauthorized Control Sphere",
'CWE-528' => q"Exposure of Core Dump File to an Unauthorized Control Sphere",
'CWE-529' => q"Exposure of Access Control List Files to an Unauthorized Control Sphere",
'CWE-530' => q"Exposure of Backup File to an Unauthorized Control Sphere",
'CWE-531' => q"Inclusion of Sensitive Information in Test Code",
'CWE-532' => q"Insertion of Sensitive Information into Log File",
'CWE-533' => q"DEPRECATED: Information Exposure Through Server Log Files",
'CWE-534' => q"DEPRECATED: Information Exposure Through Debug Log Files",
'CWE-535' => q"Exposure of Information Through Shell Error Message",
'CWE-536' => q"Servlet Runtime Error Message Containing Sensitive Information",
'CWE-537' => q"Java Runtime Error Message Containing Sensitive Information",
'CWE-538' => q"Insertion of Sensitive Information into Externally-Accessible File or Directory",
'CWE-539' => q"Use of Persistent Cookies Containing Sensitive Information",
'CWE-540' => q"Inclusion of Sensitive Information in Source Code",
'CWE-541' => q"Inclusion of Sensitive Information in an Include File",
'CWE-542' => q"DEPRECATED: Information Exposure Through Cleanup Log Files",
'CWE-543' => q"Use of Singleton Pattern Without Synchronization in a Multithreaded Context",
'CWE-544' => q"Missing Standardized Error Handling Mechanism",
'CWE-545' => q"DEPRECATED: Use of Dynamic Class Loading",
'CWE-546' => q"Suspicious Comment",
'CWE-547' => q"Use of Hard-coded, Security-relevant Constants",
'CWE-548' => q"Exposure of Information Through Directory Listing",
'CWE-549' => q"Missing Password Field Masking",
'CWE-550' => q"Server-generated Error Message Containing Sensitive Information",
'CWE-551' => q"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
'CWE-552' => q"Files or Directories Accessible to External Parties",
'CWE-553' => q"Command Shell in Externally Accessible Directory",
'CWE-554' => q"ASP.NET Misconfiguration: Not Using Input Validation Framework",
'CWE-555' => q"J2EE Misconfiguration: Plaintext Password in Configuration File",
'CWE-556' => q"ASP.NET Misconfiguration: Use of Identity Impersonation",
'CWE-558' => q"Use of getlogin() in Multithreaded Application",
'CWE-560' => q"Use of umask() with chmod-style Argument",
'CWE-561' => q"Dead Code",
'CWE-562' => q"Return of Stack Variable Address",
'CWE-563' => q"Assignment to Variable without Use",
'CWE-564' => q"SQL Injection: Hibernate",
'CWE-565' => q"Reliance on Cookies without Validation and Integrity Checking",
'CWE-566' => q"Authorization Bypass Through User-Controlled SQL Primary Key",
'CWE-567' => q"Unsynchronized Access to Shared Data in a Multithreaded Context",
'CWE-568' => q"finalize() Method Without super.finalize()",
'CWE-570' => q"Expression is Always False",
'CWE-571' => q"Expression is Always True",
'CWE-572' => q"Call to Thread run() instead of start()",
'CWE-573' => q"Improper Following of Specification by Caller",
'CWE-574' => q"EJB Bad Practices: Use of Synchronization Primitives",
'CWE-575' => q"EJB Bad Practices: Use of AWT Swing",
'CWE-576' => q"EJB Bad Practices: Use of Java I/O",
'CWE-577' => q"EJB Bad Practices: Use of Sockets",
'CWE-578' => q"EJB Bad Practices: Use of Class Loader",
'CWE-579' => q"J2EE Bad Practices: Non-serializable Object Stored in Session",
'CWE-580' => q"clone() Method Without super.clone()",
'CWE-581' => q"Object Model Violation: Just One of Equals and Hashcode Defined",
'CWE-582' => q"Array Declared Public, Final, and Static",
'CWE-583' => q"finalize() Method Declared Public",
'CWE-584' => q"Return Inside Finally Block",
'CWE-585' => q"Empty Synchronized Block",
'CWE-586' => q"Explicit Call to Finalize()",
'CWE-587' => q"Assignment of a Fixed Address to a Pointer",
'CWE-588' => q"Attempt to Access Child of a Non-structure Pointer",
'CWE-589' => q"Call to Non-ubiquitous API",
'CWE-590' => q"Free of Memory not on the Heap",
'CWE-591' => q"Sensitive Data Storage in Improperly Locked Memory",
'CWE-592' => q"DEPRECATED: Authentication Bypass Issues",
'CWE-593' => q"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created",
'CWE-594' => q"J2EE Framework: Saving Unserializable Objects to Disk",
'CWE-595' => q"Comparison of Object References Instead of Object Contents",
'CWE-596' => q"DEPRECATED: Incorrect Semantic Object Comparison",
'CWE-597' => q"Use of Wrong Operator in String Comparison",
'CWE-598' => q"Use of GET Request Method With Sensitive Query Strings",
'CWE-599' => q"Missing Validation of OpenSSL Certificate",
'CWE-600' => q"Uncaught Exception in Servlet ",
'CWE-601' => q"URL Redirection to Untrusted Site ('Open Redirect')",
'CWE-602' => q"Client-Side Enforcement of Server-Side Security",
'CWE-603' => q"Use of Client-Side Authentication",
'CWE-605' => q"Multiple Binds to the Same Port",
'CWE-606' => q"Unchecked Input for Loop Condition",
'CWE-607' => q"Public Static Final Field References Mutable Object",
'CWE-608' => q"Struts: Non-private Field in ActionForm Class",
'CWE-609' => q"Double-Checked Locking",
'CWE-610' => q"Externally Controlled Reference to a Resource in Another Sphere",
'CWE-611' => q"Improper Restriction of XML External Entity Reference",
'CWE-612' => q"Improper Authorization of Index Containing Sensitive Information",
'CWE-613' => q"Insufficient Session Expiration",
'CWE-614' => q"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
'CWE-615' => q"Inclusion of Sensitive Information in Source Code Comments",
'CWE-616' => q"Incomplete Identification of Uploaded File Variables (PHP)",
'CWE-617' => q"Reachable Assertion",
'CWE-618' => q"Exposed Unsafe ActiveX Method",
'CWE-619' => q"Dangling Database Cursor ('Cursor Injection')",
'CWE-620' => q"Unverified Password Change",
'CWE-621' => q"Variable Extraction Error",
'CWE-622' => q"Improper Validation of Function Hook Arguments",
( run in 0.688 second using v1.01-cache-2.11-cpan-39bf76dae61 )