|
CWE-276
|
Incorrect Default Permissions
|
|
CWE-285
|
Improper Authorization
|
|
CWE-288
|
Authentication Bypass Using an Alternate Path or Channel
|
|
CWE-424
|
Improper Protection of Alternate Path
|
|
CWE-425
|
Direct Request ('Forced Browsing')
|
|
CWE-693
|
Protection Mechanism Failure
|
|
CWE-721
|
OWASP Top Ten 2007 Category A10 - Failure to Restrict URL Access
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|