| Excavation |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-1243
|
Sensitive Non-Volatile Information Not Protected During Debug
|
|
| Subverting Environment Variable Values |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-20
|
Improper Input Validation
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
| Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Exploiting Trust in Client |
|
CWE-20
|
Improper Input Validation
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-287
|
Improper Authentication
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Fingerprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| ICMP Echo Request Ping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP SYN Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Enumerate Mail Exchange (MX) Records |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| DNS Zone Transfers |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Host Discovery |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Traceroute Route Enumeration |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| ICMP Address Mask Request |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Timestamp Request |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| ICMP Information Request |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP ACK Ping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| UDP Ping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP SYN Ping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Port Scanning |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Connect Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP FIN Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Xmas Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Null Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP ACK Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Window Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP RPC Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| UDP Scan |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Network Topology Mapping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Scanning for Vulnerable Software |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Active OS Fingerprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Passive OS Fingerprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| IP ID Sequencing Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| IP 'ID' Echoed Byte-Order Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| IP (DF) 'Don't Fragment Bit' Echoing Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Timestamp Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Sequence Number Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP (ISN) Greatest Common Divisor Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP (ISN) Counter Rate Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP (ISN) Sequence Predictability Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Congestion Control Flag (ECN) Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Initial Window Size Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP Options Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| TCP 'RST' Flag Checksum Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| ICMP Error Message Quoting Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| ICMP Error Message Echoing Integrity Probe |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Browser Fingerprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| File Discovery |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Shoulder Surfing |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-359
|
Exposure of Private Personal Information to an Unauthorized Actor
|
|
| Process Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Services Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Account Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Group Permission Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Owner Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Session Credential Falsification through Prediction |
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-330
|
Use of Insufficiently Random Values
|
|
CWE-331
|
Insufficient Entropy
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-693
|
Protection Mechanism Failure
|
|
| Reusing Session IDs (aka Session Replay) |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
| Establish Rogue Location |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Identify Shared Files/Directories on System |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-267
|
Privilege Defined With Unsafe Actions
|
|
| Peripheral Footprinting |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Eavesdropping |
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
| Using Slashes in Alternate Encoding |
|
CWE-20
|
Improper Input Validation
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
|
CWE-185
|
Incorrect Regular Expression
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-697
|
Incorrect Comparison
|
|
CWE-707
|
Improper Neutralization
|
|