CWEs

CWE NameCWE-IDVulnerabilities
J2EE Misconfiguration: Data Transmission Without Encryption50
J2EE Misconfiguration: Insufficient Session-ID Length61
J2EE Misconfiguration: Missing Custom Error Page70
J2EE Misconfiguration: Entity Bean Declared Remote80
J2EE Misconfiguration: Weak Access Permissions for EJB Methods90
ASP.NET Misconfiguration: Creating Debug Binary111
ASP.NET Misconfiguration: Missing Custom Error Page121
ASP.NET Misconfiguration: Password in Configuration File130
Compiler Removal of Code to Clear Buffers140
External Control of System or Configuration Setting1518
Improper Input Validation2011385
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')226658
Relative Path Traversal23196
Path Traversal: '../filedir'2456
Path Traversal: '/../filedir'257
Path Traversal: '/dir/../filename'2612
Path Traversal: 'dir/../../filename'2714
Path Traversal: '..\filedir'282
Path Traversal: '\..\filename'2940
Path Traversal: '\dir\..\filename'300
Path Traversal: 'dir\..\..\filename'3111
Path Traversal: '...' (Triple Dot)322
Path Traversal: '....' (Multiple Dot)330
Path Traversal: '....//'341
Path Traversal: '.../...//'3548
Absolute Path Traversal3647
Path Traversal: '/absolute/pathname/here'373
Path Traversal: '\absolute\pathname\here'380
Path Traversal: 'C:dirname'391
Path Traversal: '\\UNC\share\name\' (Windows UNC Share)402
Improper Resolution of Path Equivalence417
Path Equivalence: 'filename.' (Trailing Dot)421
Path Equivalence: 'filename....' (Multiple Trailing Dot)430
Path Equivalence: 'file.name' (Internal Dot)440
Path Equivalence: 'file...name' (Multiple Internal Dot)450
Path Equivalence: 'filename ' (Trailing Space)460
Path Equivalence: ' filename' (Leading Space)470
Path Equivalence: 'file name' (Internal Whitespace)480
Path Equivalence: 'filename/' (Trailing Slash)490
Path Equivalence: '//multiple/leading/slash'501
Path Equivalence: '/multiple//internal/slash'510
Path Equivalence: '/multiple/trailing/slash//'520
Path Equivalence: '\multiple\\internal\backslash'530
Path Equivalence: 'filedir\' (Trailing Backslash)540
Path Equivalence: '/./' (Single Dot Directory)550
Path Equivalence: 'filedir*' (Wildcard)560
Path Equivalence: 'fakedir/../realdir/filename'571
Path Equivalence: Windows 8.3 Filename580
Improper Link Resolution Before File Access ('Link Following')591181
UNIX Symbolic Link (Symlink) Following6164
UNIX Hard Link621
Windows Shortcut Following (.LNK)643
Windows Hard Link656
Improper Handling of File Names that Identify Virtual Resources660
Improper Handling of Windows Device Names672
Improper Handling of Windows ::DATA Alternate Data Stream691
Improper Handling of Apple HFS+ Alternate Data Stream Path720
External Control of File Name or Path73152
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')741406
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)7533
Improper Neutralization of Equivalent Special Elements769
Improper Neutralization of Special Elements used in a Command ('Command Injection')772525
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')783977
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')7931345
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)80307
Improper Neutralization of Script in an Error Message Web Page816
Improper Neutralization of Script in Attributes of IMG Tags in a Web Page820
Improper Neutralization of Script in Attributes in a Web Page838
Improper Neutralization of Encoded URI Schemes in a Web Page845
Doubled Character XSS Manipulations851
Improper Neutralization of Invalid Characters in Identifiers in Web Pages865
Improper Neutralization of Alternate XSS Syntax8718
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')88244
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')8913175
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')9033
XML Injection (aka Blind XPath Injection)9197
Improper Neutralization of CRLF Sequences ('CRLF Injection')9362
Improper Control of Generation of Code ('Code Injection')944001
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')9567
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')9614
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page972
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')9862
Improper Control of Resource Identifiers ('Resource Injection')9926
Struts: Duplicate Validation Forms1020
Struts: Incomplete validate() Method Definition1030
Struts: Form Bean Does Not Extend Validation Class1040
Struts: Form Field Without Validator1050
Struts: Plug-in Framework not in Use1060
Struts: Unused Validation Form1070
Struts: Unvalidated Action Form1081
Struts: Validator Turned Off1090
Struts: Validator Without Form Field1100
Direct Use of Unsafe JNI1112
Missing XML Validation1127
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')11353
Process Control11413
Misinterpretation of Input11521
Improper Encoding or Escaping of Output116280
Improper Output Neutralization for Logs11781
Incorrect Access of Indexable Resource ('Range Error')11821