Categories

The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests.

The product does not sufficiently compartmentalize functionality or processes that require different privilege levels, rights, or permissions.

The program performs pointer arithmetic on a valid pointer, but it uses an offset that can point outside of the intended range of valid memory locations for the resulting pointer.

The software stores sensitive information in a file system or device that does not have built-in access control.

The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.This category has been deprecated. It was originally used for organizing the Development View (CWE-699), but it introduced unnecessary complexity and depth to the resulting tree.

This entry has been deprecated because it was a duplicate of CWE-774. All content has been transferred to CWE-774.

This entry has been deprecated because its abstraction was too low-level. See CWE-532.