| Cache Poisoning |
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
| DNS Cache Poisoning |
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
|
| User-Controlled Filename |
|
CWE-20
|
Improper Input Validation
|
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-116
|
Improper Encoding or Escaping of Output
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
|
CWE-697
|
Incorrect Comparison
|
|
| Manipulating Web Input to File System Calls |
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-23
|
Relative Path Traversal
|
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-285
|
Improper Authorization
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
| AJAX Footprinting |
|
CWE-20
|
Improper Input Validation
|
|
CWE-79
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|
CWE-86
|
Improper Neutralization of Invalid Characters in Identifiers in Web Pages
|
|
CWE-96
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
|
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')
|
|
CWE-116
|
Improper Encoding or Escaping of Output
|
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-692
|
Incomplete Denylist to Cross-Site Scripting
|
|