Exploitation of Trusted Identifiers |
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
CWE-290
|
Authentication Bypass by Spoofing
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-346
|
Origin Validation Error
|
CWE-384
|
Session Fixation
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
CWE-642
|
External Control of Critical State Data
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
Accessing/Intercepting/Modifying HTTP Cookies |
CWE-20
|
Improper Input Validation
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-311
|
Missing Encryption of Sensitive Data
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-384
|
Session Fixation
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
CWE-642
|
External Control of Critical State Data
|
CWE-724
|
OWASP Top Ten 2004 Category A3 - Broken Authentication and Session Management
|
|
Manipulating User-Controlled Variables |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-94
|
Improper Control of Generation of Code ('Code Injection')
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-473
|
PHP External Variable Modification
|
CWE-1321
|
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
|
HTTP Verb Tampering |
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-654
|
Reliance on a Single Factor in a Security Decision
|
|
Buffer Overflow via Environment Variables |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
CWE-733
|
Compiler Optimization Removal or Modification of Security-critical Code
|
|
Subverting Environment Variable Values |
CWE-15
|
External Control of System or Configuration Setting
|
CWE-20
|
Improper Input Validation
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-353
|
Missing Support for Integrity Check
|
|
Manipulating Opaque Client-based Data Tokens |
CWE-233
|
Improper Handling of Parameters
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-315
|
Cleartext Storage of Sensitive Information in a Cookie
|
CWE-353
|
Missing Support for Integrity Check
|
CWE-384
|
Session Fixation
|
CWE-472
|
External Control of Assumed-Immutable Web Parameter
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
CWE-565
|
Reliance on Cookies without Validation and Integrity Checking
|
|
Buffer Overflow via Symbolic Links |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-118
|
Incorrect Access of Indexable Resource ('Range Error')
|
CWE-119
|
Improper Restriction of Operations within the Bounds of a Memory Buffer
|
CWE-120
|
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
|
CWE-285
|
Improper Authorization
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
CWE-680
|
Integer Overflow to Buffer Overflow
|
CWE-697
|
Incorrect Comparison
|
|