CSAF
view release on metacpan or search on metacpan
lib/CSAF/Util/CWE.pm view on Meta::CPAN
'CWE-498' => q"Cloneable Class Containing Sensitive Information",
'CWE-499' => q"Serializable Class Containing Sensitive Data",
'CWE-500' => q"Public Static Field Not Marked Final",
'CWE-501' => q"Trust Boundary Violation",
'CWE-502' => q"Deserialization of Untrusted Data",
'CWE-506' => q"Embedded Malicious Code",
'CWE-507' => q"Trojan Horse",
'CWE-508' => q"Non-Replicating Malicious Code",
'CWE-509' => q"Replicating Malicious Code (Virus or Worm)",
'CWE-510' => q"Trapdoor",
'CWE-511' => q"Logic/Time Bomb",
'CWE-512' => q"Spyware",
'CWE-514' => q"Covert Channel",
'CWE-515' => q"Covert Storage Channel",
'CWE-516' => q"DEPRECATED: Covert Timing Channel",
'CWE-520' => q".NET Misconfiguration: Use of Impersonation",
'CWE-521' => q"Weak Password Requirements",
'CWE-522' => q"Insufficiently Protected Credentials",
'CWE-523' => q"Unprotected Transport of Credentials",
'CWE-524' => q"Use of Cache Containing Sensitive Information",
'CWE-525' => q"Use of Web Browser Cache Containing Sensitive Information",
'CWE-526' => q"Cleartext Storage of Sensitive Information in an Environment Variable",
'CWE-527' => q"Exposure of Version-Control Repository to an Unauthorized Control Sphere",
'CWE-528' => q"Exposure of Core Dump File to an Unauthorized Control Sphere",
'CWE-529' => q"Exposure of Access Control List Files to an Unauthorized Control Sphere",
'CWE-530' => q"Exposure of Backup File to an Unauthorized Control Sphere",
'CWE-531' => q"Inclusion of Sensitive Information in Test Code",
'CWE-532' => q"Insertion of Sensitive Information into Log File",
'CWE-533' => q"DEPRECATED: Information Exposure Through Server Log Files",
'CWE-534' => q"DEPRECATED: Information Exposure Through Debug Log Files",
'CWE-535' => q"Exposure of Information Through Shell Error Message",
'CWE-536' => q"Servlet Runtime Error Message Containing Sensitive Information",
'CWE-537' => q"Java Runtime Error Message Containing Sensitive Information",
'CWE-538' => q"Insertion of Sensitive Information into Externally-Accessible File or Directory",
'CWE-539' => q"Use of Persistent Cookies Containing Sensitive Information",
'CWE-540' => q"Inclusion of Sensitive Information in Source Code",
'CWE-541' => q"Inclusion of Sensitive Information in an Include File",
'CWE-542' => q"DEPRECATED: Information Exposure Through Cleanup Log Files",
'CWE-543' => q"Use of Singleton Pattern Without Synchronization in a Multithreaded Context",
'CWE-544' => q"Missing Standardized Error Handling Mechanism",
'CWE-545' => q"DEPRECATED: Use of Dynamic Class Loading",
'CWE-546' => q"Suspicious Comment",
'CWE-547' => q"Use of Hard-coded, Security-relevant Constants",
'CWE-548' => q"Exposure of Information Through Directory Listing",
'CWE-549' => q"Missing Password Field Masking",
'CWE-550' => q"Server-generated Error Message Containing Sensitive Information",
'CWE-551' => q"Incorrect Behavior Order: Authorization Before Parsing and Canonicalization",
'CWE-552' => q"Files or Directories Accessible to External Parties",
'CWE-553' => q"Command Shell in Externally Accessible Directory",
'CWE-554' => q"ASP.NET Misconfiguration: Not Using Input Validation Framework",
'CWE-555' => q"J2EE Misconfiguration: Plaintext Password in Configuration File",
'CWE-556' => q"ASP.NET Misconfiguration: Use of Identity Impersonation",
'CWE-558' => q"Use of getlogin() in Multithreaded Application",
'CWE-560' => q"Use of umask() with chmod-style Argument",
'CWE-561' => q"Dead Code",
'CWE-562' => q"Return of Stack Variable Address",
'CWE-563' => q"Assignment to Variable without Use",
'CWE-564' => q"SQL Injection: Hibernate",
'CWE-565' => q"Reliance on Cookies without Validation and Integrity Checking",
'CWE-566' => q"Authorization Bypass Through User-Controlled SQL Primary Key",
'CWE-567' => q"Unsynchronized Access to Shared Data in a Multithreaded Context",
'CWE-568' => q"finalize() Method Without super.finalize()",
'CWE-570' => q"Expression is Always False",
'CWE-571' => q"Expression is Always True",
'CWE-572' => q"Call to Thread run() instead of start()",
'CWE-573' => q"Improper Following of Specification by Caller",
'CWE-574' => q"EJB Bad Practices: Use of Synchronization Primitives",
'CWE-575' => q"EJB Bad Practices: Use of AWT Swing",
'CWE-576' => q"EJB Bad Practices: Use of Java I/O",
'CWE-577' => q"EJB Bad Practices: Use of Sockets",
'CWE-578' => q"EJB Bad Practices: Use of Class Loader",
'CWE-579' => q"J2EE Bad Practices: Non-serializable Object Stored in Session",
'CWE-580' => q"clone() Method Without super.clone()",
'CWE-581' => q"Object Model Violation: Just One of Equals and Hashcode Defined",
'CWE-582' => q"Array Declared Public, Final, and Static",
'CWE-583' => q"finalize() Method Declared Public",
'CWE-584' => q"Return Inside Finally Block",
'CWE-585' => q"Empty Synchronized Block",
'CWE-586' => q"Explicit Call to Finalize()",
'CWE-587' => q"Assignment of a Fixed Address to a Pointer",
'CWE-588' => q"Attempt to Access Child of a Non-structure Pointer",
'CWE-589' => q"Call to Non-ubiquitous API",
'CWE-590' => q"Free of Memory not on the Heap",
'CWE-591' => q"Sensitive Data Storage in Improperly Locked Memory",
'CWE-592' => q"DEPRECATED: Authentication Bypass Issues",
'CWE-593' => q"Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created",
'CWE-594' => q"J2EE Framework: Saving Unserializable Objects to Disk",
'CWE-595' => q"Comparison of Object References Instead of Object Contents",
'CWE-596' => q"DEPRECATED: Incorrect Semantic Object Comparison",
'CWE-597' => q"Use of Wrong Operator in String Comparison",
'CWE-598' => q"Use of GET Request Method With Sensitive Query Strings",
'CWE-599' => q"Missing Validation of OpenSSL Certificate",
'CWE-600' => q"Uncaught Exception in Servlet ",
'CWE-601' => q"URL Redirection to Untrusted Site ('Open Redirect')",
'CWE-602' => q"Client-Side Enforcement of Server-Side Security",
'CWE-603' => q"Use of Client-Side Authentication",
'CWE-605' => q"Multiple Binds to the Same Port",
'CWE-606' => q"Unchecked Input for Loop Condition",
'CWE-607' => q"Public Static Final Field References Mutable Object",
'CWE-608' => q"Struts: Non-private Field in ActionForm Class",
'CWE-609' => q"Double-Checked Locking",
'CWE-610' => q"Externally Controlled Reference to a Resource in Another Sphere",
'CWE-611' => q"Improper Restriction of XML External Entity Reference",
'CWE-612' => q"Improper Authorization of Index Containing Sensitive Information",
'CWE-613' => q"Insufficient Session Expiration",
'CWE-614' => q"Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
'CWE-615' => q"Inclusion of Sensitive Information in Source Code Comments",
'CWE-616' => q"Incomplete Identification of Uploaded File Variables (PHP)",
'CWE-617' => q"Reachable Assertion",
'CWE-618' => q"Exposed Unsafe ActiveX Method",
'CWE-619' => q"Dangling Database Cursor ('Cursor Injection')",
'CWE-620' => q"Unverified Password Change",
'CWE-621' => q"Variable Extraction Error",
'CWE-622' => q"Improper Validation of Function Hook Arguments",
'CWE-623' => q"Unsafe ActiveX Control Marked Safe For Scripting",
'CWE-624' => q"Executable Regular Expression Error",
'CWE-625' => q"Permissive Regular Expression",
'CWE-626' => q"Null Byte Interaction Error (Poison Null Byte)",
'CWE-627' => q"Dynamic Variable Evaluation",
'CWE-628' => q"Function Call with Incorrectly Specified Arguments",
'CWE-636' => q"Not Failing Securely ('Failing Open')",
lib/CSAF/Util/CWE.pm view on Meta::CPAN
'CWE-733' => q"Compiler Optimization Removal or Modification of Security-critical Code",
'CWE-749' => q"Exposed Dangerous Method or Function",
'CWE-754' => q"Improper Check for Unusual or Exceptional Conditions",
'CWE-755' => q"Improper Handling of Exceptional Conditions",
'CWE-756' => q"Missing Custom Error Page",
'CWE-757' => q"Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')",
'CWE-758' => q"Reliance on Undefined, Unspecified, or Implementation-Defined Behavior",
'CWE-759' => q"Use of a One-Way Hash without a Salt",
'CWE-760' => q"Use of a One-Way Hash with a Predictable Salt",
'CWE-761' => q"Free of Pointer not at Start of Buffer",
'CWE-762' => q"Mismatched Memory Management Routines",
'CWE-763' => q"Release of Invalid Pointer or Reference",
'CWE-764' => q"Multiple Locks of a Critical Resource",
'CWE-765' => q"Multiple Unlocks of a Critical Resource",
'CWE-766' => q"Critical Data Element Declared Public",
'CWE-767' => q"Access to Critical Private Variable via Public Method",
'CWE-768' => q"Incorrect Short Circuit Evaluation",
'CWE-769' => q"DEPRECATED: Uncontrolled File Descriptor Consumption",
'CWE-770' => q"Allocation of Resources Without Limits or Throttling",
'CWE-771' => q"Missing Reference to Active Allocated Resource",
'CWE-772' => q"Missing Release of Resource after Effective Lifetime",
'CWE-773' => q"Missing Reference to Active File Descriptor or Handle",
'CWE-774' => q"Allocation of File Descriptors or Handles Without Limits or Throttling",
'CWE-775' => q"Missing Release of File Descriptor or Handle after Effective Lifetime",
'CWE-776' => q"Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')",
'CWE-777' => q"Regular Expression without Anchors",
'CWE-778' => q"Insufficient Logging",
'CWE-779' => q"Logging of Excessive Data",
'CWE-780' => q"Use of RSA Algorithm without OAEP",
'CWE-781' => q"Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code",
'CWE-782' => q"Exposed IOCTL with Insufficient Access Control",
'CWE-783' => q"Operator Precedence Logic Error",
'CWE-784' => q"Reliance on Cookies without Validation and Integrity Checking in a Security Decision",
'CWE-785' => q"Use of Path Manipulation Function without Maximum-sized Buffer",
'CWE-786' => q"Access of Memory Location Before Start of Buffer",
'CWE-787' => q"Out-of-bounds Write",
'CWE-788' => q"Access of Memory Location After End of Buffer",
'CWE-789' => q"Memory Allocation with Excessive Size Value",
'CWE-790' => q"Improper Filtering of Special Elements",
'CWE-791' => q"Incomplete Filtering of Special Elements",
'CWE-792' => q"Incomplete Filtering of One or More Instances of Special Elements",
'CWE-793' => q"Only Filtering One Instance of a Special Element",
'CWE-794' => q"Incomplete Filtering of Multiple Instances of Special Elements",
'CWE-795' => q"Only Filtering Special Elements at a Specified Location",
'CWE-796' => q"Only Filtering Special Elements Relative to a Marker",
'CWE-797' => q"Only Filtering Special Elements at an Absolute Position",
'CWE-798' => q"Use of Hard-coded Credentials",
'CWE-799' => q"Improper Control of Interaction Frequency",
'CWE-804' => q"Guessable CAPTCHA",
'CWE-805' => q"Buffer Access with Incorrect Length Value",
'CWE-806' => q"Buffer Access Using Size of Source Buffer",
'CWE-807' => q"Reliance on Untrusted Inputs in a Security Decision",
'CWE-820' => q"Missing Synchronization",
'CWE-821' => q"Incorrect Synchronization",
'CWE-822' => q"Untrusted Pointer Dereference",
'CWE-823' => q"Use of Out-of-range Pointer Offset",
'CWE-824' => q"Access of Uninitialized Pointer",
'CWE-825' => q"Expired Pointer Dereference",
'CWE-826' => q"Premature Release of Resource During Expected Lifetime",
'CWE-827' => q"Improper Control of Document Type Definition",
'CWE-828' => q"Signal Handler with Functionality that is not Asynchronous-Safe",
'CWE-829' => q"Inclusion of Functionality from Untrusted Control Sphere",
'CWE-830' => q"Inclusion of Web Functionality from an Untrusted Source",
'CWE-831' => q"Signal Handler Function Associated with Multiple Signals",
'CWE-832' => q"Unlock of a Resource that is not Locked",
'CWE-833' => q"Deadlock",
'CWE-834' => q"Excessive Iteration",
'CWE-835' => q"Loop with Unreachable Exit Condition ('Infinite Loop')",
'CWE-836' => q"Use of Password Hash Instead of Password for Authentication",
'CWE-837' => q"Improper Enforcement of a Single, Unique Action",
'CWE-838' => q"Inappropriate Encoding for Output Context",
'CWE-839' => q"Numeric Range Comparison Without Minimum Check",
'CWE-841' => q"Improper Enforcement of Behavioral Workflow",
'CWE-842' => q"Placement of User into Incorrect Group",
'CWE-843' => q"Access of Resource Using Incompatible Type ('Type Confusion')",
'CWE-862' => q"Missing Authorization",
'CWE-863' => q"Incorrect Authorization",
'CWE-908' => q"Use of Uninitialized Resource",
'CWE-909' => q"Missing Initialization of Resource",
'CWE-910' => q"Use of Expired File Descriptor",
'CWE-911' => q"Improper Update of Reference Count",
'CWE-912' => q"Hidden Functionality",
'CWE-913' => q"Improper Control of Dynamically-Managed Code Resources",
'CWE-914' => q"Improper Control of Dynamically-Identified Variables",
'CWE-915' => q"Improperly Controlled Modification of Dynamically-Determined Object Attributes",
'CWE-916' => q"Use of Password Hash With Insufficient Computational Effort",
'CWE-917' =>
"Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')",
'CWE-918' => q"Server-Side Request Forgery (SSRF)",
'CWE-920' => q"Improper Restriction of Power Consumption",
'CWE-921' => q"Storage of Sensitive Data in a Mechanism without Access Control",
'CWE-922' => q"Insecure Storage of Sensitive Information",
'CWE-923' => q"Improper Restriction of Communication Channel to Intended Endpoints",
'CWE-924' => q"Improper Enforcement of Message Integrity During Transmission in a Communication Channel",
'CWE-925' => q"Improper Verification of Intent by Broadcast Receiver",
'CWE-926' => q"Improper Export of Android Application Components",
'CWE-927' => q"Use of Implicit Intent for Sensitive Communication",
'CWE-939' => q"Improper Authorization in Handler for Custom URL Scheme",
'CWE-940' => q"Improper Verification of Source of a Communication Channel",
'CWE-941' => q"Incorrectly Specified Destination in a Communication Channel",
'CWE-942' => q"Permissive Cross-domain Policy with Untrusted Domains",
'CWE-943' => q"Improper Neutralization of Special Elements in Data Query Logic",
'CWE-1004' => q"Sensitive Cookie Without 'HttpOnly' Flag",
'CWE-1007' => q"Insufficient Visual Distinction of Homoglyphs Presented to User",
'CWE-1021' => q"Improper Restriction of Rendered UI Layers or Frames",
'CWE-1022' => q"Use of Web Link to Untrusted Target with window.opener Access",
'CWE-1023' => q"Incomplete Comparison with Missing Factors",
'CWE-1024' => q"Comparison of Incompatible Types",
'CWE-1025' => q"Comparison Using Wrong Factors",
'CWE-1037' => q"Processor Optimization Removal or Modification of Security-critical Code",
'CWE-1038' => q"Insecure Automated Optimizations",
'CWE-1039' =>
"Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations",
'CWE-1041' => q"Use of Redundant Code",
'CWE-1042' => q"Static Member Data Element outside of a Singleton Class Element",
'CWE-1043' => q"Data Element Aggregating an Excessively Large Number of Non-Primitive Elements",
'CWE-1044' => q"Architecture with Number of Horizontal Layers Outside of Expected Range",
'CWE-1045' => q"Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor",
'CWE-1046' => q"Creation of Immutable Text Using String Concatenation",
'CWE-1047' => q"Modules with Circular Dependencies",
'CWE-1048' => q"Invokable Control Element with Large Number of Outward Calls",
( run in 1.058 second using v1.01-cache-2.11-cpan-39bf76dae61 )