CAPEC Related Weakness
Web Logs Tampering
CWE-20 Improper Input Validation
CWE-75 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-116 Improper Encoding or Escaping of Output
CWE-117 Improper Output Neutralization for Logs
CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences
CWE-221 Information Loss or Omission
CWE-276 Incorrect Default Permissions
CWE-279 Incorrect Execution-Assigned Permissions
CWE-713 OWASP Top Ten 2007 Category A2 - Injection Flaws
Directory Indexing
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-288 Authentication Bypass Using an Alternate Path or Channel
CWE-424 Improper Protection of Alternate Path
CWE-425 Direct Request ('Forced Browsing')
CWE-693 Protection Mechanism Failure
CWE-721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732 Incorrect Permission Assignment for Critical Resource
Accessing Functionality Not Properly Constrained by ACLs
CWE-276 Incorrect Default Permissions
CWE-285 Improper Authorization
CWE-434 Unrestricted Upload of File with Dangerous Type
CWE-693 Protection Mechanism Failure
CWE-721 OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
CWE-732 Incorrect Permission Assignment for Critical Resource
CWE-1191 Exposed Chip Debug and Test Interface With Insufficient or Missing Authorization
CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control
CWE-1220 Insufficient Granularity of Access Control
CWE-1224 Improper Restriction of Write-Once Bit Fields
CWE-1244 Improper Access to Sensitive Information Using Debug and Test Interfaces
CWE-1252 CPU Hardware Not Configured to Support Exclusivity of Write and Execute Operations
CWE-1257 Improper Access Control Applied to Mirrored or Aliased Memory Regions
CWE-1262 Register Interface Allows Software Access to Sensitive Data or Security Settings
CWE-1268 Policy Privileges are not Assigned Consistently Between Control and Data Agents
CWE-1283 Mutable Attestation or Measurement Reporting Data
CWE-1311 Improper Translation of Security Attributes by Fabric Bridge
CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime
CWE-1314 Missing Write Protection for Parametric Data Values
CWE-1315 Improper Setting of Bus Controlling Capability in Fabric End-point
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1320 Improper Protection for Out of Bounds Signal Level Alerts
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1326 Missing Immutable Root of Trust in Hardware
CWE-1327 Binding to an Unrestricted IP Address