· 5 years ago · Jan 13, 2021, 08:34 PM
1{
2 "data": {
3 "vulns_created": [
4 [
5 "",
6 "EN-Improper Restriction of Operations within the Bounds of a Memory Buffer (Type: Class)"
7 ],
8 [
9 "",
10 "EN-Write-what-where Condition (Type: Base)"
11 ],
12 [
13 "",
14 "EN-Improper Validation of Array Index (Type: Base)"
15 ],
16 [
17 "",
18 "EN-Unexpected Sign Extension (Type: Base)"
19 ],
20 [
21 "",
22 "EN-Improper Input Validation (Type: Class)"
23 ],
24 [
25 "",
26 "EN-Information Exposure (Type: Class)"
27 ],
28 [
29 "",
30 "EN-Information Exposure Through an Error Message (Type: Base)"
31 ],
32 [
33 "",
34 "EN-Failure to Handle Missing Parameter (Type: Variant)"
35 ],
36 [
37 "",
38 "EN-Use of Inherently Dangerous Function (Type: Base)"
39 ],
40 [
41 "",
42 "EN-Creation of chroot Jail Without Changing Working Directory (Type: Variant)"
43 ],
44 [
45 "",
46 "EN-Privilege Chaining (Type: Base)"
47 ],
48 [
49 "",
50 "EN-Privilege Dropping / Lowering Errors (Type: Class)"
51 ],
52 [
53 "",
54 "EN-Improper Authorization (Type: Class)"
55 ],
56 [
57 "",
58 "EN-Reliance on IP Address for Authentication (Type: Variant)"
59 ],
60 [
61 "",
62 "EN-DEPRECATED (Duplicate): Trusting Self-reported DNS Name (Type: Variant)"
63 ],
64 [
65 "",
66 "EN-Using Referer Field for Authentication (Type: Variant)"
67 ],
68 [
69 "",
70 "EN-Authentication Bypass by Capture-replay (Type: Base)"
71 ],
72 [
73 "",
74 "EN-Improper Validation of Certificate with Host Mismatch (Type: Variant)"
75 ],
76 [
77 "",
78 "EN-Use of Single-factor Authentication (Type: Base)"
79 ],
80 [
81 "",
82 "EN-Use of Hard-coded Cryptographic Key (Type: Base)"
83 ],
84 [
85 "",
86 "EN-Key Exchange without Entity Authentication (Type: Base)"
87 ],
88 [
89 "",
90 "EN-Reusing a Nonce, Key Pair in Encryption (Type: Base)"
91 ],
92 [
93 "",
94 "EN-Trust of System Event Data (Type: Base)"
95 ],
96 [
97 "",
98 "EN-Creation of Temporary File With Insecure Permissions (Type: Base)"
99 ],
100 [
101 "",
102 "EN-Use After Free (Type: Base)"
103 ],
104 [
105 "",
106 "EN-Use of Uninitialized Variable (Type: Variant)"
107 ],
108 [
109 "",
110 "EN-Use of sizeof() on a Pointer Type (Type: Variant)"
111 ],
112 [
113 "",
114 "EN-Comparison of Classes by Name (Type: Variant)"
115 ],
116 [
117 "",
118 "EN-Critical Public Variable Without Final Modifier (Type: Variant)"
119 ],
120 [
121 "",
122 "EN-Serializable Class Containing Sensitive Data (Type: Variant)"
123 ],
124 [
125 "",
126 "EN-Public Static Field Not Marked Final (Type: Variant)"
127 ],
128 [
129 "",
130 "EN-Covert Storage Channel (Type: Base)"
131 ],
132 [
133 "",
134 "EN-Authorization Bypass Through User-Controlled Key (Type: Base)"
135 ],
136 [
137 "",
138 "EN-Weak Password Recovery Mechanism for Forgotten Password (Type: Base)"
139 ],
140 [
141 "",
142 "EN-External Control of Critical State Data (Type: Class)"
143 ],
144 [
145 "",
146 "EN-Improper Neutralization of Data within XPath Expressions (XPath Injection) (Type: Base)"
147 ],
148 [
149 "",
150 "EN-Improper Neutralization of HTTP Headers for Scripting Syntax (Type: Variant)"
151 ],
152 [
153 "",
154 "EN-Overly Restrictive Account Lockout Mechanism (Type: Base)"
155 ],
156 [
157 "",
158 "EN-Reliance on File Name or Extension of Externally-Supplied File (Type: Variant)"
159 ],
160 [
161 "",
162 "EN-Use of Non-Canonical URL Paths for Authorization Decisions (Type: Variant)"
163 ],
164 [
165 "",
166 "EN-Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking (Type: Base)"
167 ],
168 [
169 "",
170 "EN-Trusting HTTP Permission Methods on the Server Side (Type: Variant)"
171 ],
172 [
173 "",
174 "EN-Improper Neutralization of Data within XQuery Expressions (XQuery Injection) (Type: Base)"
175 ],
176 [
177 "",
178 "EN-Use of Potentially Dangerous Function (Type: Base)"
179 ],
180 [
181 "",
182 "EN-Incorrect Calculation (Type: Class)"
183 ],
184 [
185 "",
186 "EN-Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) (Type: Base)"
187 ],
188 [
189 "",
190 "EN-Reliance on Cookies without Validation and Integrity Checking in a Security Decision (Type: Variant)"
191 ],
192 [
193 "",
194 "EN-Missing Authorization (Type: Class)"
195 ],
196 [
197 "",
198 "EN-Incorrect Authorization (Type: Class)"
199 ],
200 [
201 "",
202 "EN-Improper Control of Resource Identifiers (Resource Injection) (Type: Base)"
203 ],
204 [
205 "",
206 "EN-Buffer Copy without Checking Size of Input (Classic Buffer Overflow) (Type: Base)"
207 ],
208 [
209 "",
210 "EN-Heap-based Buffer Overflow (Type: Variant)"
211 ],
212 [
213 "",
214 "EN-Incorrect Calculation of Buffer Size (Type: Base)"
215 ],
216 [
217 "",
218 "EN-Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) (Type: Class)"
219 ],
220 [
221 "",
222 "EN-Missing Encryption of Sensitive Data (Type: Base)"
223 ],
224 [
225 "",
226 "EN-Addition of Data Structure Sentinel (Type: Base)"
227 ],
228 [
229 "",
230 "EN-Improper Handling of Windows Device Names (Type: Variant)"
231 ],
232 [
233 "",
234 "EN-External Control of File Name or Path (Type: Class)"
235 ],
236 [
237 "",
238 "EN-Improper Neutralization of Equivalent Special Elements (Type: Base)"
239 ],
240 [
241 "",
242 "EN-Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) (Type: Base)"
243 ],
244 [
245 "",
246 "EN-Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (Type: Variant)"
247 ],
248 [
249 "",
250 "EN-Improper Control of Filename for Include/Require Statement in PHP Program (PHP Remote File Inclusion) (Type: Base)"
251 ],
252 [
253 "",
254 "EN-Reliance on Data/Memory Layout (Type: Base)"
255 ],
256 [
257 "",
258 "EN-Numeric Truncation Error (Type: Base)"
259 ],
260 [
261 "",
262 "EN-Unchecked Return Value (Type: Base)"
263 ],
264 [
265 "",
266 "EN-Incorrect Check of Function Return Value (Type: Base)"
267 ],
268 [
269 "",
270 "EN-Improper Following of a Certificates Chain of Trust (Type: Base)"
271 ],
272 [
273 "",
274 "EN-Improper Validation of Certificate Expiration (Type: Variant)"
275 ],
276 [
277 "",
278 "EN-Use of a Key Past its Expiration Date (Type: Base)"
279 ],
280 [
281 "",
282 "EN-Creation of Temporary File in Directory with Incorrect Permissions (Type: Base)"
283 ],
284 [
285 "",
286 "EN-Duplicate Key in Associative List (Alist) (Type: Base)"
287 ],
288 [
289 "",
290 "EN-Signal Handler Use of a Non-reentrant Function (Type: Variant)"
291 ],
292 [
293 "",
294 "EN-Use of Incorrect Operator (Type: Base)"
295 ],
296 [
297 "",
298 "EN-Assigning instead of Comparing (Type: Variant)"
299 ],
300 [
301 "",
302 "EN-Comparing instead of Assigning (Type: Variant)"
303 ],
304 [
305 "",
306 "EN-Incorrect Block Delimitation (Type: Variant)"
307 ],
308 [
309 "",
310 "EN-Improper Restriction of Names for Files and Other Resources (Type: Base)"
311 ],
312 [
313 "",
314 "EN-Incorrect Use of Privileged APIs (Type: Base)"
315 ],
316 [
317 "",
318 "EN-Mismatched Memory Management Routines (Type: Variant)"
319 ],
320 [
321 "",
322 "EN-Operator Precedence Logic Error (Type: Variant)"
323 ],
324 [
325 "",
326 "EN-Uncontrolled Memory Allocation (Type: Variant)"
327 ],
328 [
329 "",
330 "EN-Improper Handling of Insufficient Entropy in TRNG (Type: Variant)"
331 ],
332 [
333 "",
334 "EN-Time-of-check Time-of-use (TOCTOU) Race Condition (Type: Base)"
335 ],
336 [
337 "",
338 "EN-Improper Resource Shutdown or Release (Type: Base)"
339 ],
340 [
341 "",
342 "EN-Algorithmic Complexity (Type: Base)"
343 ],
344 [
345 "",
346 "EN-Double Free (Type: Variant)"
347 ],
348 [
349 "",
350 "EN-Improper Link Resolution Before File Access (Link Following) (Type: Base)"
351 ],
352 [
353 "",
354 "EN-URL Redirection to Untrusted Site (Open Redirect) (Type: Variant)"
355 ],
356 [
357 "",
358 "EN-Exposed Dangerous Method or Function (Type: Base)"
359 ],
360 [
361 "",
362 "EN-Improper Handling of Exceptional Conditions (Type: Class)"
363 ],
364 [
365 "",
366 "EN-Critical Variable Declared Public (Type: Variant)"
367 ],
368 [
369 "",
370 "EN-Access to Critical Private Variable via Public Method (Type: Variant)"
371 ],
372 [
373 "",
374 "EN-Improper Restriction of Recursive Entity References in DTDs (XML Entity Expansion) (Type: Variant)"
375 ],
376 [
377 "",
378 "EN-Regular Expression without Anchors (Type: Variant)"
379 ],
380 [
381 "",
382 "EN-Logging of Excessive Data (Type: Base)"
383 ],
384 [
385 "",
386 "EN-Improper Address Validation in IOCTL with METHOD_NEITHER I/O Control Code (Type: Variant)"
387 ],
388 [
389 "",
390 "EN-Exposed IOCTL with Insufficient Access Control (Type: Variant)"
391 ],
392 [
393 "",
394 "EN-Improper Output Neutralization for Logs (Type: Base)"
395 ],
396 [
397 "",
398 "EN-Buffer Underwrite (Buffer Underflow) (Type: Base)"
399 ],
400 [
401 "",
402 "EN-Wrap-around Error (Type: Base)"
403 ],
404 [
405 "",
406 "EN-Improper Null Termination (Type: Base)"
407 ],
408 [
409 "",
410 "EN-Integer Overflow or Wraparound (Type: Base)"
411 ],
412 [
413 "",
414 "EN-Unsigned to Signed Conversion Error (Type: Variant)"
415 ],
416 [
417 "",
418 "EN-Exposure of Sensitive Data Through Data Queries (Type: Variant)"
419 ],
420 [
421 "",
422 "EN-Execution with Unnecessary Privileges (Type: Class)"
423 ],
424 [
425 "",
426 "EN-Improper Privilege Management (Type: Base)"
427 ],
428 [
429 "",
430 "EN-Improper Check for Dropped Privileges (Type: Base)"
431 ],
432 [
433 "",
434 "EN-Incorrect Default Permissions (Type: Variant)"
435 ],
436 [
437 "",
438 "EN-Improper Check for Certificate Revocation (Type: Variant)"
439 ],
440 [
441 "",
442 "EN-Reflection Attack in an Authentication Protocol (Type: Variant)"
443 ],
444 [
445 "",
446 "EN-Not Using a Random IV with CBC Mode (Type: Variant)"
447 ],
448 [
449 "",
450 "EN-Insufficient Entropy in PRNG (Type: Variant)"
451 ],
452 [
453 "",
454 "EN-Use of Cryptographically Weak PRNG (Type: Base)"
455 ],
456 [
457 "",
458 "EN-Missing Support for Integrity Check (Type: Base)"
459 ],
460 [
461 "",
462 "EN-Improper Validation of Integrity Check Value (Type: Base)"
463 ],
464 [
465 "",
466 "EN-Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) (Type: Class)"
467 ],
468 [
469 "",
470 "EN-Signal Handler Race Condition (Type: Base)"
471 ],
472 [
473 "",
474 "EN-Race Condition in Switch (Type: Base)"
475 ],
476 [
477 "",
478 "EN-Race Condition within a Thread (Type: Base)"
479 ],
480 [
481 "",
482 "EN-Divide By Zero (Type: Base)"
483 ],
484 [
485 "",
486 "EN-Missing Check for Certificate Revocation after Initial Check (Type: Base)"
487 ],
488 [
489 "",
490 "EN-Passing Mutable Objects to an Untrusted Method (Type: Base)"
491 ],
492 [
493 "",
494 "EN-Returning a Mutable Object to an Untrusted Caller (Type: Base)"
495 ],
496 [
497 "",
498 "EN-Covert Timing Channel (Type: Base)"
499 ],
500 [
501 "",
502 "EN-Detection of Error Condition Without Action (Type: Class)"
503 ],
504 [
505 "",
506 "EN-Unchecked Error Condition (Type: Base)"
507 ],
508 [
509 "",
510 "EN-Improper Release of Memory Before Removing Last Reference (Memory Leak) (Type: Base)"
511 ],
512 [
513 "",
514 "EN-Improper Cleanup on Thrown Exception (Type: Variant)"
515 ],
516 [
517 "",
518 "EN-Incorrect Pointer Scaling (Type: Base)"
519 ],
520 [
521 "",
522 "EN-Use of Pointer Subtraction to Determine Size (Type: Base)"
523 ],
524 [
525 "",
526 "EN-NULL Pointer Dereference (Type: Base)"
527 ],
528 [
529 "",
530 "EN-Omitted Break Statement in Switch (Type: Base)"
531 ],
532 [
533 "",
534 "EN-Reliance on Package-level Scope (Type: Variant)"
535 ],
536 [
537 "",
538 "EN-Use of Inner Class Containing Sensitive Data (Type: Variant)"
539 ],
540 [
541 "",
542 "EN-Download of Code Without Integrity Check (Type: Base)"
543 ],
544 [
545 "",
546 "EN-Cloneable Class Containing Sensitive Information (Type: Variant)"
547 ],
548 [
549 "",
550 "EN-Deserialization of Untrusted Data (Type: Variant)"
551 ],
552 [
553 "",
554 "EN-Information Exposure Through Log Files (Type: Variant)"
555 ],
556 [
557 "",
558 "EN-Client-Side Enforcement of Server-Side Security (Type: Base)"
559 ],
560 [
561 "",
562 "EN-Improper Initialization (Type: Base)"
563 ],
564 [
565 "",
566 "EN-Improper Check for Unusual or Exceptional Conditions (Type: Class)"
567 ],
568 [
569 "",
570 "EN-Insufficient Logging (Type: Base)"
571 ],
572 [
573 "",
574 "EN-Use of RSA Algorithm without OAEP (Type: Variant)"
575 ],
576 [
577 "",
578 "EN-Use of Uninitialized Resource (Type: Base)"
579 ],
580 [
581 "",
582 "EN-Missing Initialization of Resource (Type: Base)"
583 ],
584 [
585 "",
586 "EN-Use of Expired File Descriptor (Type: Base)"
587 ],
588 [
589 "",
590 "EN-Improper Update of Reference Count (Type: Base)"
591 ],
592 [
593 "",
594 "EN-Improper Control of Generation of Code (Code Injection) (Type: Class)"
595 ],
596 [
597 "",
598 "EN-Improper Neutralization of Directives in Dynamically Evaluated Code (Eval Injection) (Type: Base)"
599 ],
600 [
601 "",
602 "EN-Improper Authentication (Type: Class)"
603 ],
604 [
605 "",
606 "EN-Missing Authentication for Critical Function (Type: Variant)"
607 ],
608 [
609 "",
610 "EN-Cleartext Transmission of Sensitive Information (Type: Base)"
611 ],
612 [
613 "",
614 "EN-Use of a Broken or Risky Cryptographic Algorithm (Type: Base)"
615 ],
616 [
617 "",
618 "EN-Use of Insufficiently Random Values (Type: Class)"
619 ],
620 [
621 "",
622 "EN-Uncontrolled Resource Consumption (Resource Exhaustion) (Type: Base)"
623 ],
624 [
625 "",
626 "EN-Unrestricted Upload of File with Dangerous Type (Type: Base)"
627 ],
628 [
629 "",
630 "EN-Windows Shortcut Following (.LNK) (Type: Variant)"
631 ],
632 [
633 "",
634 "EN-Incorrect Conversion between Numeric Types (Type: Base)"
635 ],
636 [
637 "",
638 "EN-Incorrect Permission Assignment for Critical Resource (Type: Class)"
639 ],
640 [
641 "",
642 "EN-Allocation of Resources Without Limits or Throttling (Type: Base)"
643 ],
644 [
645 "",
646 "EN-Missing Reference to Active Allocated Resource (Type: Base)"
647 ],
648 [
649 "",
650 "EN-Missing Release of Resource after Effective Lifetime (Type: Base)"
651 ],
652 [
653 "",
654 "EN-Missing Reference to Active File Descriptor or Handle (Type: Variant)"
655 ],
656 [
657 "",
658 "EN-Allocation of File Descriptors or Handles Without Limits or Throttling (Type: Variant)"
659 ],
660 [
661 "",
662 "EN-Missing Release of File Descriptor or Handle after Effective Lifetime (Type: Variant)"
663 ],
664 [
665 "",
666 "EN-Guessable CAPTCHA (Type: Base)"
667 ],
668 [
669 "",
670 "EN-Buffer Access with Incorrect Length Value (Type: Base)"
671 ],
672 [
673 "",
674 "EN-Buffer Access Using Size of Source Buffer (Type: Variant)"
675 ],
676 [
677 "",
678 "EN-Reliance on Untrusted Inputs in a Security Decision (Type: Base)"
679 ],
680 [
681 "",
682 "EN-Improper Neutralization of CRLF Sequences (CRLF Injection) (Type: Base)"
683 ],
684 [
685 "",
686 "EN-Struts: Duplicate Validation Forms (Type: Variant)"
687 ],
688 [
689 "",
690 "EN-Struts: Incomplete validate() Method Definition (Type: Variant)"
691 ],
692 [
693 "",
694 "EN-Struts: Form Bean Does Not Extend Validation Class (Type: Variant)"
695 ],
696 [
697 "",
698 "EN-Struts: Form Field Without Validator (Type: Variant)"
699 ],
700 [
701 "",
702 "EN-Struts: Plug-in Framework not in Use (Type: Variant)"
703 ],
704 [
705 "",
706 "EN-Struts: Unused Validation Form (Type: Variant)"
707 ],
708 [
709 "",
710 "EN-Struts: Unvalidated Action Form (Type: Variant)"
711 ],
712 [
713 "",
714 "EN-Struts: Validator Turned Off (Type: Variant)"
715 ],
716 [
717 "",
718 "EN-ASP.NET Misconfiguration: Creating Debug Binary (Type: Variant)"
719 ],
720 [
721 "",
722 "EN-Struts: Validator Without Form Field (Type: Variant)"
723 ],
724 [
725 "",
726 "EN-Direct Use of Unsafe JNI (Type: Base)"
727 ],
728 [
729 "",
730 "EN-Missing XML Validation (Type: Base)"
731 ],
732 [
733 "",
734 "EN-Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Response Splitting) (Type: Base)"
735 ],
736 [
737 "",
738 "EN-Process Control (Type: Base)"
739 ],
740 [
741 "",
742 "EN-Misinterpretation of Input (Type: Base)"
743 ],
744 [
745 "",
746 "EN-Improper Access of Indexable Resource (Range Error) (Type: Class)"
747 ],
748 [
749 "",
750 "EN-ASP.NET Misconfiguration: Missing Custom Error Page (Type: Variant)"
751 ],
752 [
753 "",
754 "EN-Out-of-bounds Read (Type: Base)"
755 ],
756 [
757 "",
758 "EN-Buffer Over-read (Type: Variant)"
759 ],
760 [
761 "",
762 "EN-Buffer Under-read (Type: Variant)"
763 ],
764 [
765 "",
766 "EN-ASP.NET Misconfiguration: Password in Configuration File (Type: Variant)"
767 ],
768 [
769 "",
770 "EN-Improper Handling of Length Parameter Inconsistency (Type: Variant)"
771 ],
772 [
773 "",
774 "EN-DEPRECATED (Duplicate): Miscalculated Null Termination (Type: Base)"
775 ],
776 [
777 "",
778 "EN-Incorrect Calculation of Multi-Byte String Length (Type: Base)"
779 ],
780 [
781 "",
782 "EN-Improper Neutralization of Special Elements (Type: Class)"
783 ],
784 [
785 "",
786 "EN-Compiler Removal of Code to Clear Buffers (Type: Base)"
787 ],
788 [
789 "",
790 "EN-Improper Neutralization of Delimiters (Type: Base)"
791 ],
792 [
793 "",
794 "EN-Improper Neutralization of Parameter/Argument Delimiters (Type: Variant)"
795 ],
796 [
797 "",
798 "EN-Improper Neutralization of Value Delimiters (Type: Variant)"
799 ],
800 [
801 "",
802 "EN-Improper Neutralization of Record Delimiters (Type: Variant)"
803 ],
804 [
805 "",
806 "EN-Improper Neutralization of Line Delimiters (Type: Variant)"
807 ],
808 [
809 "",
810 "EN-Improper Neutralization of Section Delimiters (Type: Variant)"
811 ],
812 [
813 "",
814 "EN-Improper Neutralization of Expression/Command Delimiters (Type: Variant)"
815 ],
816 [
817 "",
818 "EN-Improper Neutralization of Input Terminators (Type: Variant)"
819 ],
820 [
821 "",
822 "EN-Improper Neutralization of Input Leaders (Type: Variant)"
823 ],
824 [
825 "",
826 "EN-Improper Neutralization of Quoting Syntax (Type: Variant)"
827 ],
828 [
829 "",
830 "EN-External Control of System or Configuration Setting (Type: Base)"
831 ],
832 [
833 "",
834 "EN-Improper Neutralization of Escape, Meta, or Control Sequences (Type: Variant)"
835 ],
836 [
837 "",
838 "EN-Improper Neutralization of Comment Delimiters (Type: Variant)"
839 ],
840 [
841 "",
842 "EN-Improper Neutralization of Macro Symbols (Type: Variant)"
843 ],
844 [
845 "",
846 "EN-Improper Neutralization of Substitution Characters (Type: Variant)"
847 ],
848 [
849 "",
850 "EN-Improper Neutralization of Variable Name Delimiters (Type: Variant)"
851 ],
852 [
853 "",
854 "EN-Improper Neutralization of Wildcards or Matching Symbols (Type: Variant)"
855 ],
856 [
857 "",
858 "EN-Improper Neutralization of Whitespace (Type: Variant)"
859 ],
860 [
861 "",
862 "EN-Failure to Sanitize Paired Delimiters (Type: Variant)"
863 ],
864 [
865 "",
866 "EN-Improper Neutralization of Null Byte or NUL Character (Type: Variant)"
867 ],
868 [
869 "",
870 "EN-Failure to Sanitize Special Element (Type: Class)"
871 ],
872 [
873 "",
874 "EN-Improper Neutralization of Leading Special Elements (Type: Variant)"
875 ],
876 [
877 "",
878 "EN-Improper Neutralization of Multiple Leading Special Elements (Type: Variant)"
879 ],
880 [
881 "",
882 "EN-Improper Neutralization of Trailing Special Elements (Type: Variant)"
883 ],
884 [
885 "",
886 "EN-Improper Neutralization of Multiple Trailing Special Elements (Type: Variant)"
887 ],
888 [
889 "",
890 "EN-Improper Neutralization of Internal Special Elements (Type: Variant)"
891 ],
892 [
893 "",
894 "EN-Improper Neutralization of Multiple Internal Special Elements (Type: Variant)"
895 ],
896 [
897 "",
898 "EN-Improper Handling of Missing Special Element (Type: Base)"
899 ],
900 [
901 "",
902 "EN-Improper Handling of Additional Special Element (Type: Base)"
903 ],
904 [
905 "",
906 "EN-Improper Handling of Inconsistent Special Elements (Type: Base)"
907 ],
908 [
909 "",
910 "EN-Encoding Error (Type: Class)"
911 ],
912 [
913 "",
914 "EN-Improper Handling of Alternate Encoding (Type: Variant)"
915 ],
916 [
917 "",
918 "EN-Double Decoding of the Same Data (Type: Variant)"
919 ],
920 [
921 "",
922 "EN-Improper Handling of Mixed Encoding (Type: Variant)"
923 ],
924 [
925 "",
926 "EN-Improper Handling of Unicode Encoding (Type: Variant)"
927 ],
928 [
929 "",
930 "EN-Improper Handling of URL Encoding (Hex Encoding) (Type: Variant)"
931 ],
932 [
933 "",
934 "EN-Improper Handling of Case Sensitivity (Type: Base)"
935 ],
936 [
937 "",
938 "EN-Incorrect Behavior Order: Early Validation (Type: Base)"
939 ],
940 [
941 "",
942 "EN-Incorrect Behavior Order: Validate Before Canonicalize (Type: Base)"
943 ],
944 [
945 "",
946 "EN-Incorrect Behavior Order: Validate Before Filter (Type: Base)"
947 ],
948 [
949 "",
950 "EN-Collapse of Data into Unsafe Value (Type: Base)"
951 ],
952 [
953 "",
954 "EN-Permissive Whitelist (Type: Base)"
955 ],
956 [
957 "",
958 "EN-Incomplete Blacklist (Type: Base)"
959 ],
960 [
961 "",
962 "EN-Incorrect Regular Expression (Type: Class)"
963 ],
964 [
965 "",
966 "EN-Overly Restrictive Regular Expression (Type: Base)"
967 ],
968 [
969 "",
970 "EN-Partial Comparison (Type: Base)"
971 ],
972 [
973 "",
974 "EN-Integer Underflow (Wrap or Wraparound) (Type: Base)"
975 ],
976 [
977 "",
978 "EN-Off-by-one Error (Type: Base)"
979 ],
980 [
981 "",
982 "EN-Signed to Unsigned Conversion Error (Type: Variant)"
983 ],
984 [
985 "",
986 "EN-Use of Incorrect Byte Ordering (Type: Base)"
987 ],
988 [
989 "",
990 "EN-Information Exposure Through Sent Data (Type: Variant)"
991 ],
992 [
993 "",
994 "EN-Information Exposure Through Discrepancy (Type: Class)"
995 ],
996 [
997 "",
998 "EN-Response Discrepancy Information Exposure (Type: Base)"
999 ],
1000 [
1001 "",
1002 "EN-Information Exposure Through Behavioral Discrepancy (Type: Base)"
1003 ],
1004 [
1005 "",
1006 "EN-Information Exposure of Internal State Through Behavioral Inconsistency (Type: Variant)"
1007 ],
1008 [
1009 "",
1010 "EN-Information Exposure Through an External Behavioral Inconsistency (Type: Variant)"
1011 ],
1012 [
1013 "",
1014 "EN-Information Exposure Through Timing Discrepancy (Type: Base)"
1015 ],
1016 [
1017 "",
1018 "EN-Information Exposure Through Self-generated Error Message (Type: Base)"
1019 ],
1020 [
1021 "",
1022 "EN-Information Exposure Through Externally-generated Error Message (Type: Base)"
1023 ],
1024 [
1025 "",
1026 "EN-Improper Cross-boundary Removal of Sensitive Data (Type: Base)"
1027 ],
1028 [
1029 "",
1030 "EN-Intentional Information Exposure (Type: Base)"
1031 ],
1032 [
1033 "",
1034 "EN-Information Exposure Through Process Environment (Type: Variant)"
1035 ],
1036 [
1037 "",
1038 "EN-Information Exposure Through Debug Information (Type: Variant)"
1039 ],
1040 [
1041 "",
1042 "EN-Containment Errors (Container Errors) (Type: Class)"
1043 ],
1044 [
1045 "",
1046 "EN-DEPRECATED: Failure to Protect Stored Data from Modification (Type: Base)"
1047 ],
1048 [
1049 "",
1050 "EN-DEPRECATED (Duplicate): Failure to provide confidentiality for stored data (Type: Base)"
1051 ],
1052 [
1053 "",
1054 "EN-Sensitive Data Under Web Root (Type: Variant)"
1055 ],
1056 [
1057 "",
1058 "EN-Sensitive Data Under FTP Root (Type: Variant)"
1059 ],
1060 [
1061 "",
1062 "EN-Information Loss or Omission (Type: Class)"
1063 ],
1064 [
1065 "",
1066 "EN-Truncation of Security-relevant Information (Type: Base)"
1067 ],
1068 [
1069 "",
1070 "EN-Omission of Security-relevant Information (Type: Base)"
1071 ],
1072 [
1073 "",
1074 "EN-Obscured Security-relevant Information by Alternate Name (Type: Base)"
1075 ],
1076 [
1077 "",
1078 "EN-DEPRECATED (Duplicate): General Information Management Problems (Type: Base)"
1079 ],
1080 [
1081 "",
1082 "EN-Sensitive Information Uncleared Before Release (Type: Base)"
1083 ],
1084 [
1085 "",
1086 "EN-Improper Fulfillment of API Contract (API Abuse) (Type: Class)"
1087 ],
1088 [
1089 "",
1090 "EN-Improper Handling of Syntactically Invalid Structure (Type: Class)"
1091 ],
1092 [
1093 "",
1094 "EN-Improper Handling of Values (Type: Base)"
1095 ],
1096 [
1097 "",
1098 "EN-Relative Path Traversal (Type: Base)"
1099 ],
1100 [
1101 "",
1102 "EN-Improper Handling of Missing Values (Type: Variant)"
1103 ],
1104 [
1105 "",
1106 "EN-Improper Handling of Extra Values (Type: Variant)"
1107 ],
1108 [
1109 "",
1110 "EN-Improper Handling of Undefined Values (Type: Variant)"
1111 ],
1112 [
1113 "",
1114 "EN-Improper Handling of Parameters (Type: Base)"
1115 ],
1116 [
1117 "",
1118 "EN-Improper Handling of Extra Parameters (Type: Variant)"
1119 ],
1120 [
1121 "",
1122 "EN-Improper Handling of Undefined Parameters (Type: Variant)"
1123 ],
1124 [
1125 "",
1126 "EN-Improper Handling of Structural Elements (Type: Base)"
1127 ],
1128 [
1129 "",
1130 "EN-Improper Handling of Incomplete Structural Elements (Type: Variant)"
1131 ],
1132 [
1133 "",
1134 "EN-Failure to Handle Incomplete Element (Type: Variant)"
1135 ],
1136 [
1137 "",
1138 "EN-Path Traversal: ../filedir (Type: Variant)"
1139 ],
1140 [
1141 "",
1142 "EN-Improper Handling of Inconsistent Structural Elements (Type: Variant)"
1143 ],
1144 [
1145 "",
1146 "EN-Improper Handling of Unexpected Data Type (Type: Base)"
1147 ],
1148 [
1149 "",
1150 "EN-Improper Clearing of Heap Memory Before Release (Heap Inspection) (Type: Variant)"
1151 ],
1152 [
1153 "",
1154 "EN-J2EE Bad Practices: Direct Management of Connections (Type: Variant)"
1155 ],
1156 [
1157 "",
1158 "EN-J2EE Bad Practices: Direct Use of Sockets (Type: Variant)"
1159 ],
1160 [
1161 "",
1162 "EN-DEPRECATED (Duplicate): Reliance on DNS Lookups in a Security Decision (Type: Base)"
1163 ],
1164 [
1165 "",
1166 "EN-Uncaught Exception (Type: Base)"
1167 ],
1168 [
1169 "",
1170 "EN-DEPRECATED: Often Misused: Path Manipulation (Type: Variant)"
1171 ],
1172 [
1173 "",
1174 "EN-Path Traversal: /../filedir (Type: Variant)"
1175 ],
1176 [
1177 "",
1178 "EN-Path Traversal: /dir/../filename (Type: Variant)"
1179 ],
1180 [
1181 "",
1182 "EN-Password in Configuration File (Type: Variant)"
1183 ],
1184 [
1185 "",
1186 "EN-Weak Cryptography for Passwords (Type: Variant)"
1187 ],
1188 [
1189 "",
1190 "EN-Incorrect Privilege Assignment (Type: Base)"
1191 ],
1192 [
1193 "",
1194 "EN-Privilege Defined With Unsafe Actions (Type: Base)"
1195 ],
1196 [
1197 "",
1198 "EN-Path Traversal: dir/../../filename (Type: Variant)"
1199 ],
1200 [
1201 "",
1202 "EN-Privilege Context Switching Error (Type: Base)"
1203 ],
1204 [
1205 "",
1206 "EN-Least Privilege Violation (Type: Base)"
1207 ],
1208 [
1209 "",
1210 "EN-Improper Handling of Insufficient Privileges (Type: Base)"
1211 ],
1212 [
1213 "",
1214 "EN-Insecure Inherited Permissions (Type: Variant)"
1215 ],
1216 [
1217 "",
1218 "EN-Insecure Preserved Inherited Permissions (Type: Variant)"
1219 ],
1220 [
1221 "",
1222 "EN-Incorrect Execution-Assigned Permissions (Type: Variant)"
1223 ],
1224 [
1225 "",
1226 "EN-Path Traversal: ..\\filedir (Type: Variant)"
1227 ],
1228 [
1229 "",
1230 "EN-Improper Handling of Insufficient Permissions or Privileges (Type: Base)"
1231 ],
1232 [
1233 "",
1234 "EN-Improper Preservation of Permissions (Type: Base)"
1235 ],
1236 [
1237 "",
1238 "EN-Improper Ownership Management (Type: Class)"
1239 ],
1240 [
1241 "",
1242 "EN-Unverified Ownership (Type: Base)"
1243 ],
1244 [
1245 "",
1246 "EN-Improper Access Control (Type: Class)"
1247 ],
1248 [
1249 "",
1250 "EN-Incorrect User Management (Type: Class)"
1251 ],
1252 [
1253 "",
1254 "EN-Authentication Bypass Using an Alternate Path or Channel (Type: Base)"
1255 ],
1256 [
1257 "",
1258 "EN-Authentication Bypass by Alternate Name (Type: Variant)"
1259 ],
1260 [
1261 "",
1262 "EN-Path Traversal: \\..\\filename (Type: Variant)"
1263 ],
1264 [
1265 "",
1266 "EN-Authentication Bypass by Spoofing (Type: Base)"
1267 ],
1268 [
1269 "",
1270 "EN-Improper Certificate Validation (Type: Base)"
1271 ],
1272 [
1273 "",
1274 "EN-Path Traversal: \\dir\\..\\filename (Type: Variant)"
1275 ],
1276 [
1277 "",
1278 "EN-Channel Accessible by Non-Endpoint (Man-in-the-Middle) (Type: Class)"
1279 ],
1280 [
1281 "",
1282 "EN-Authentication Bypass by Assumed-Immutable Data (Type: Variant)"
1283 ],
1284 [
1285 "",
1286 "EN-Incorrect Implementation of Authentication Algorithm (Type: Base)"
1287 ],
1288 [
1289 "",
1290 "EN-Missing Critical Step in Authentication (Type: Base)"
1291 ],
1292 [
1293 "",
1294 "EN-Authentication Bypass by Primary Weakness (Type: Base)"
1295 ],
1296 [
1297 "",
1298 "EN-Improper Restriction of Excessive Authentication Attempts (Type: Base)"
1299 ],
1300 [
1301 "",
1302 "EN-Path Traversal: dir\\..\\..\\filename (Type: Variant)"
1303 ],
1304 [
1305 "",
1306 "EN-Cleartext Storage of Sensitive Information (Type: Base)"
1307 ],
1308 [
1309 "",
1310 "EN-Cleartext Storage in a File or on Disk (Type: Variant)"
1311 ],
1312 [
1313 "",
1314 "EN-Cleartext Storage in the Registry (Type: Variant)"
1315 ],
1316 [
1317 "",
1318 "EN-Cleartext Storage of Sensitive Information in a Cookie (Type: Variant)"
1319 ],
1320 [
1321 "",
1322 "EN-Cleartext Storage of Sensitive Information in Memory (Type: Variant)"
1323 ],
1324 [
1325 "",
1326 "EN-Cleartext Storage of Sensitive Information in GUI (Type: Variant)"
1327 ],
1328 [
1329 "",
1330 "EN-Cleartext Storage of Sensitive Information in Executable (Type: Variant)"
1331 ],
1332 [
1333 "",
1334 "EN-Path Traversal: ... (Triple Dot) (Type: Variant)"
1335 ],
1336 [
1337 "",
1338 "EN-Missing Required Cryptographic Step (Type: Base)"
1339 ],
1340 [
1341 "",
1342 "EN-Inadequate Encryption Strength (Type: Class)"
1343 ],
1344 [
1345 "",
1346 "EN-Reversible One-Way Hash (Type: Base)"
1347 ],
1348 [
1349 "",
1350 "EN-Path Traversal: .... (Multiple Dot) (Type: Variant)"
1351 ],
1352 [
1353 "",
1354 "EN-Insufficient Entropy (Type: Base)"
1355 ],
1356 [
1357 "",
1358 "EN-Small Space of Random Values (Type: Base)"
1359 ],
1360 [
1361 "",
1362 "EN-PRNG Seed Error (Type: Class)"
1363 ],
1364 [
1365 "",
1366 "EN-Same Seed in PRNG (Type: Base)"
1367 ],
1368 [
1369 "",
1370 "EN-Predictable Seed in PRNG (Type: Base)"
1371 ],
1372 [
1373 "",
1374 "EN-Small Seed Space in PRNG (Type: Base)"
1375 ],
1376 [
1377 "",
1378 "EN-Path Traversal: ....// (Type: Variant)"
1379 ],
1380 [
1381 "",
1382 "EN-Predictability Problems (Type: Class)"
1383 ],
1384 [
1385 "",
1386 "EN-Predictable from Observable State (Type: Base)"
1387 ],
1388 [
1389 "",
1390 "EN-Predictable Exact Value from Previous Values (Type: Base)"
1391 ],
1392 [
1393 "",
1394 "EN-Predictable Value Range from Previous Values (Type: Base)"
1395 ],
1396 [
1397 "",
1398 "EN-Use of Invariant Value in Dynamically Changing Context (Type: Base)"
1399 ],
1400 [
1401 "",
1402 "EN-Insufficient Verification of Data Authenticity (Type: Class)"
1403 ],
1404 [
1405 "",
1406 "EN-Origin Validation Error (Type: Base)"
1407 ],
1408 [
1409 "",
1410 "EN-Improper Verification of Cryptographic Signature (Type: Base)"
1411 ],
1412 [
1413 "",
1414 "EN-Use of Less Trusted Source (Type: Base)"
1415 ],
1416 [
1417 "",
1418 "EN-Acceptance of Extraneous Untrusted Data With Trusted Data (Type: Base)"
1419 ],
1420 [
1421 "",
1422 "EN-Path Traversal: .../...// (Type: Variant)"
1423 ],
1424 [
1425 "",
1426 "EN-Reliance on Reverse DNS Resolution for a Security-Critical Action (Type: Variant)"
1427 ],
1428 [
1429 "",
1430 "EN-Insufficient Type Distinction (Type: Base)"
1431 ],
1432 [
1433 "",
1434 "EN-Product UI does not Warn User of Unsafe Actions (Type: Base)"
1435 ],
1436 [
1437 "",
1438 "EN-Insufficient UI Warning of Dangerous Operations (Type: Base)"
1439 ],
1440 [
1441 "",
1442 "EN-Improperly Implemented Security Check for Standard (Type: Base)"
1443 ],
1444 [
1445 "",
1446 "EN-Privacy Violation (Type: Class)"
1447 ],
1448 [
1449 "",
1450 "EN-Absolute Path Traversal (Type: Base)"
1451 ],
1452 [
1453 "",
1454 "EN-Race Condition Enabling Link Following (Type: Base)"
1455 ],
1456 [
1457 "",
1458 "EN-Context Switching Race Condition (Type: Base)"
1459 ],
1460 [
1461 "",
1462 "EN-Path Traversal: /absolute/pathname/here (Type: Variant)"
1463 ],
1464 [
1465 "",
1466 "EN-Incomplete Internal State Distinction (Type: Base)"
1467 ],
1468 [
1469 "",
1470 "EN-DEPRECATED: State Synchronization Error (Type: Base)"
1471 ],
1472 [
1473 "",
1474 "EN-Insecure Temporary File (Type: Base)"
1475 ],
1476 [
1477 "",
1478 "EN-Path Traversal: \\absolute\\pathname\\here (Type: Variant)"
1479 ],
1480 [
1481 "",
1482 "EN-J2EE Bad Practices: Use of System.exit() (Type: Variant)"
1483 ],
1484 [
1485 "",
1486 "EN-J2EE Bad Practices: Direct Use of Threads (Type: Variant)"
1487 ],
1488 [
1489 "",
1490 "EN-Symbolic Name not Mapping to Correct Object (Type: Base)"
1491 ],
1492 [
1493 "",
1494 "EN-Path Traversal: C:dirname (Type: Variant)"
1495 ],
1496 [
1497 "",
1498 "EN-Missing Report of Error Condition (Type: Base)"
1499 ],
1500 [
1501 "",
1502 "EN-Return of Wrong Status Code (Type: Base)"
1503 ],
1504 [
1505 "",
1506 "EN-Unexpected Status Code or Return Value (Type: Base)"
1507 ],
1508 [
1509 "",
1510 "EN-Use of NullPointerException Catch to Detect NULL Pointer Dereference (Type: Base)"
1511 ],
1512 [
1513 "",
1514 "EN-Declaration of Catch for Generic Exception (Type: Base)"
1515 ],
1516 [
1517 "",
1518 "EN-Declaration of Throws for Generic Exception (Type: Base)"
1519 ],
1520 [
1521 "",
1522 "EN-Indicator of Poor Code Quality (Type: Class)"
1523 ],
1524 [
1525 "",
1526 "EN-Path Traversal: \\\\UNC\\share\\name\\ (Windows UNC Share) (Type: Variant)"
1527 ],
1528 [
1529 "",
1530 "EN-Transmission of Private Resources into a New Sphere (Resource Leak) (Type: Class)"
1531 ],
1532 [
1533 "",
1534 "EN-Exposure of File Descriptor to Unintended Control Sphere (File Descriptor Leak) (Type: Base)"
1535 ],
1536 [
1537 "",
1538 "EN-Asymmetric Resource Consumption (Amplification) (Type: Class)"
1539 ],
1540 [
1541 "",
1542 "EN-Insufficient Control of Network Message Volume (Network Amplification) (Type: Base)"
1543 ],
1544 [
1545 "",
1546 "EN-Incorrect Behavior Order: Early Amplification (Type: Base)"
1547 ],
1548 [
1549 "",
1550 "EN-Improper Handling of Highly Compressed Data (Data Amplification) (Type: Base)"
1551 ],
1552 [
1553 "",
1554 "EN-Improper Resolution of Path Equivalence (Type: Base)"
1555 ],
1556 [
1557 "",
1558 "EN-Insufficient Resource Pool (Type: Base)"
1559 ],
1560 [
1561 "",
1562 "EN-Unrestricted Externally Accessible Lock (Type: Base)"
1563 ],
1564 [
1565 "",
1566 "EN-Improper Resource Locking (Type: Base)"
1567 ],
1568 [
1569 "",
1570 "EN-Missing Lock Check (Type: Base)"
1571 ],
1572 [
1573 "",
1574 "EN-Unprotected Primary Channel (Type: Base)"
1575 ],
1576 [
1577 "",
1578 "EN-Path Equivalence: filename. (Trailing Dot) (Type: Variant)"
1579 ],
1580 [
1581 "",
1582 "EN-Unprotected Alternate Channel (Type: Base)"
1583 ],
1584 [
1585 "",
1586 "EN-Race Condition During Access to Alternate Channel (Type: Base)"
1587 ],
1588 [
1589 "",
1590 "EN-Unprotected Windows Messaging Channel (Shatter) (Type: Variant)"
1591 ],
1592 [
1593 "",
1594 "EN-DEPRECATED (Duplicate): Proxied Trusted Channel (Type: Base)"
1595 ],
1596 [
1597 "",
1598 "EN-Improper Protection of Alternate Path (Type: Class)"
1599 ],
1600 [
1601 "",
1602 "EN-Direct Request (Forced Browsing) (Type: Base)"
1603 ],
1604 [
1605 "",
1606 "EN-Uncontrolled Search Path Element (Type: Base)"
1607 ],
1608 [
1609 "",
1610 "EN-Unquoted Search Path or Element (Type: Base)"
1611 ],
1612 [
1613 "",
1614 "EN-Path Equivalence: filename.... (Multiple Trailing Dot) (Type: Variant)"
1615 ],
1616 [
1617 "",
1618 "EN-Deployment of Wrong Handler (Type: Base)"
1619 ],
1620 [
1621 "",
1622 "EN-Missing Handler (Type: Base)"
1623 ],
1624 [
1625 "",
1626 "EN-Dangerous Signal Handler not Disabled During Sensitive Operations (Type: Base)"
1627 ],
1628 [
1629 "",
1630 "EN-Unparsed Raw Web Content Delivery (Type: Variant)"
1631 ],
1632 [
1633 "",
1634 "EN-Interaction Error (Type: Class)"
1635 ],
1636 [
1637 "",
1638 "EN-Interpretation Conflict (Type: Base)"
1639 ],
1640 [
1641 "",
1642 "EN-Incomplete Model of Endpoint Features (Type: Base)"
1643 ],
1644 [
1645 "",
1646 "EN-Behavioral Change in New Version or Environment (Type: Base)"
1647 ],
1648 [
1649 "",
1650 "EN-Path Equivalence: file.name (Internal Dot) (Type: Variant)"
1651 ],
1652 [
1653 "",
1654 "EN-Expected Behavior Violation (Type: Base)"
1655 ],
1656 [
1657 "",
1658 "EN-Unintended Proxy or Intermediary (Confused Deputy) (Type: Class)"
1659 ],
1660 [
1661 "",
1662 "EN-DEPRECATED (Duplicate): HTTP response splitting (Type: Base)"
1663 ],
1664 [
1665 "",
1666 "EN-Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) (Type: Base)"
1667 ],
1668 [
1669 "",
1670 "EN-UI Discrepancy for Security Feature (Type: Base)"
1671 ],
1672 [
1673 "",
1674 "EN-Unimplemented or Unsupported Feature in UI (Type: Base)"
1675 ],
1676 [
1677 "",
1678 "EN-Obsolete Feature in UI (Type: Base)"
1679 ],
1680 [
1681 "",
1682 "EN-The UI Performs the Wrong Action (Type: Base)"
1683 ],
1684 [
1685 "",
1686 "EN-Path Equivalence: file...name (Multiple Internal Dot) (Type: Variant)"
1687 ],
1688 [
1689 "",
1690 "EN-Multiple Interpretations of UI Input (Type: Base)"
1691 ],
1692 [
1693 "",
1694 "EN-UI Misrepresentation of Critical Information (Type: Base)"
1695 ],
1696 [
1697 "",
1698 "EN-Insecure Default Variable Initialization (Type: Base)"
1699 ],
1700 [
1701 "",
1702 "EN-External Initialization of Trusted Variables or Data Stores (Type: Base)"
1703 ],
1704 [
1705 "",
1706 "EN-Non-exit on Failed Initialization (Type: Base)"
1707 ],
1708 [
1709 "",
1710 "EN-Missing Initialization of a Variable (Type: Base)"
1711 ],
1712 [
1713 "",
1714 "EN-DEPRECATED: Incorrect Initialization (Type: Base)"
1715 ],
1716 [
1717 "",
1718 "EN-Incomplete Cleanup (Type: Base)"
1719 ],
1720 [
1721 "",
1722 "EN-Path Equivalence: filename (Trailing Space) (Type: Variant)"
1723 ],
1724 [
1725 "",
1726 "EN-Deletion of Data Structure Sentinel (Type: Base)"
1727 ],
1728 [
1729 "",
1730 "EN-Return of Pointer Value Outside of Expected Range (Type: Base)"
1731 ],
1732 [
1733 "",
1734 "EN-Path Equivalence: filename (Leading Space) (Type: Variant)"
1735 ],
1736 [
1737 "",
1738 "EN-Use of Externally-Controlled Input to Select Classes or Code (Unsafe Reflection) (Type: Base)"
1739 ],
1740 [
1741 "",
1742 "EN-Modification of Assumed-Immutable Data (MAID) (Type: Base)"
1743 ],
1744 [
1745 "",
1746 "EN-External Control of Assumed-Immutable Web Parameter (Type: Base)"
1747 ],
1748 [
1749 "",
1750 "EN-PHP External Variable Modification (Type: Variant)"
1751 ],
1752 [
1753 "",
1754 "EN-Use of Function with Inconsistent Implementations (Type: Base)"
1755 ],
1756 [
1757 "",
1758 "EN-Undefined Behavior for Input to API (Type: Base)"
1759 ],
1760 [
1761 "",
1762 "EN-Use of Obsolete Functions (Type: Base)"
1763 ],
1764 [
1765 "",
1766 "EN-Missing Default Case in Switch Statement (Type: Variant)"
1767 ],
1768 [
1769 "",
1770 "EN-Path Equivalence: file name (Internal Whitespace) (Type: Variant)"
1771 ],
1772 [
1773 "",
1774 "EN-Insufficient Encapsulation (Type: Class)"
1775 ],
1776 [
1777 "",
1778 "EN-Exposure of Data Element to Wrong Session (Type: Variant)"
1779 ],
1780 [
1781 "",
1782 "EN-Leftover Debug Code (Type: Base)"
1783 ],
1784 [
1785 "",
1786 "EN-Path Equivalence: filename/ (Trailing Slash) (Type: Variant)"
1787 ],
1788 [
1789 "",
1790 "EN-Public cloneable() Method Without Final (Object Hijack) (Type: Variant)"
1791 ],
1792 [
1793 "",
1794 "EN-Private Array-Typed Field Returned From A Public Method (Type: Variant)"
1795 ],
1796 [
1797 "",
1798 "EN-Public Data Assigned to Private Array-Typed Field (Type: Variant)"
1799 ],
1800 [
1801 "",
1802 "EN-Exposure of System Data to an Unauthorized Control Sphere (Type: Variant)"
1803 ],
1804 [
1805 "",
1806 "EN-J2EE Misconfiguration: Data Transmission Without Encryption (Type: Variant)"
1807 ],
1808 [
1809 "",
1810 "EN-Path Equivalence: //multiple/leading/slash (Type: Variant)"
1811 ],
1812 [
1813 "",
1814 "EN-Trust Boundary Violation (Type: Base)"
1815 ],
1816 [
1817 "",
1818 "EN-Embedded Malicious Code (Type: Class)"
1819 ],
1820 [
1821 "",
1822 "EN-Trojan Horse (Type: Base)"
1823 ],
1824 [
1825 "",
1826 "EN-Non-Replicating Malicious Code (Type: Base)"
1827 ],
1828 [
1829 "",
1830 "EN-Replicating Malicious Code (Virus or Worm) (Type: Base)"
1831 ],
1832 [
1833 "",
1834 "EN-Path Equivalence: /multiple//internal/slash (Type: Variant)"
1835 ],
1836 [
1837 "",
1838 "EN-Trapdoor (Type: Base)"
1839 ],
1840 [
1841 "",
1842 "EN-Logic/Time Bomb (Type: Base)"
1843 ],
1844 [
1845 "",
1846 "EN-Spyware (Type: Base)"
1847 ],
1848 [
1849 "",
1850 "EN-Covert Channel (Type: Class)"
1851 ],
1852 [
1853 "",
1854 "EN-DEPRECATED (Duplicate): Covert Timing Channel (Type: Base)"
1855 ],
1856 [
1857 "",
1858 "EN-Path Equivalence: /multiple/trailing/slash// (Type: Variant)"
1859 ],
1860 [
1861 "",
1862 "EN-.NET Misconfiguration: Use of Impersonation (Type: Variant)"
1863 ],
1864 [
1865 "",
1866 "EN-Weak Password Requirements (Type: Base)"
1867 ],
1868 [
1869 "",
1870 "EN-Insufficiently Protected Credentials (Type: Base)"
1871 ],
1872 [
1873 "",
1874 "EN-Unprotected Transport of Credentials (Type: Variant)"
1875 ],
1876 [
1877 "",
1878 "EN-Information Exposure Through Caching (Type: Variant)"
1879 ],
1880 [
1881 "",
1882 "EN-Information Exposure Through Browser Caching (Type: Variant)"
1883 ],
1884 [
1885 "",
1886 "EN-Information Exposure Through Environmental Variables (Type: Variant)"
1887 ],
1888 [
1889 "",
1890 "EN-Exposure of CVS Repository to an Unauthorized Control Sphere (Type: Variant)"
1891 ],
1892 [
1893 "",
1894 "EN-Exposure of Core Dump File to an Unauthorized Control Sphere (Type: Variant)"
1895 ],
1896 [
1897 "",
1898 "EN-Exposure of Access Control List Files to an Unauthorized Control Sphere (Type: Variant)"
1899 ],
1900 [
1901 "",
1902 "EN-Path Equivalence: \\multiple\\\\internal\\backslash (Type: Variant)"
1903 ],
1904 [
1905 "",
1906 "EN-Exposure of Backup File to an Unauthorized Control Sphere (Type: Variant)"
1907 ],
1908 [
1909 "",
1910 "EN-Information Exposure Through Test Code (Type: Variant)"
1911 ],
1912 [
1913 "",
1914 "EN-Information Exposure Through Server Log Files (Type: Variant)"
1915 ],
1916 [
1917 "",
1918 "EN-Information Exposure Through Debug Log Files (Type: Variant)"
1919 ],
1920 [
1921 "",
1922 "EN-Information Exposure Through Shell Error Message (Type: Variant)"
1923 ],
1924 [
1925 "",
1926 "EN-Information Exposure Through Servlet Runtime Error Message (Type: Variant)"
1927 ],
1928 [
1929 "",
1930 "EN-Information Exposure Through Java Runtime Error Message (Type: Variant)"
1931 ],
1932 [
1933 "",
1934 "EN-File and Directory Information Exposure (Type: Base)"
1935 ],
1936 [
1937 "",
1938 "EN-Information Exposure Through Persistent Cookies (Type: Variant)"
1939 ],
1940 [
1941 "",
1942 "EN-Path Equivalence: filedir\\ (Trailing Backslash) (Type: Variant)"
1943 ],
1944 [
1945 "",
1946 "EN-Information Exposure Through Source Code (Type: Variant)"
1947 ],
1948 [
1949 "",
1950 "EN-Information Exposure Through Include Source Code (Type: Variant)"
1951 ],
1952 [
1953 "",
1954 "EN-Information Exposure Through Cleanup Log Files (Type: Variant)"
1955 ],
1956 [
1957 "",
1958 "EN-Use of Singleton Pattern Without Synchronization in a Multithreaded Context (Type: Variant)"
1959 ],
1960 [
1961 "",
1962 "EN-Missing Standardized Error Handling Mechanism (Type: Base)"
1963 ],
1964 [
1965 "",
1966 "EN-Use of Dynamic Class Loading (Type: Variant)"
1967 ],
1968 [
1969 "",
1970 "EN-Suspicious Comment (Type: Variant)"
1971 ],
1972 [
1973 "",
1974 "EN-Use of Hard-coded, Security-relevant Constants (Type: Variant)"
1975 ],
1976 [
1977 "",
1978 "EN-Information Exposure Through Directory Listing (Type: Variant)"
1979 ],
1980 [
1981 "",
1982 "EN-Missing Password Field Masking (Type: Variant)"
1983 ],
1984 [
1985 "",
1986 "EN-Path Equivalence: /./ (Single Dot Directory) (Type: Variant)"
1987 ],
1988 [
1989 "",
1990 "EN-Information Exposure Through Server Error Message (Type: Variant)"
1991 ],
1992 [
1993 "",
1994 "EN-Incorrect Behavior Order: Authorization Before Parsing and Canonicalization (Type: Base)"
1995 ],
1996 [
1997 "",
1998 "EN-Files or Directories Accessible to External Parties (Type: Base)"
1999 ],
2000 [
2001 "",
2002 "EN-Command Shell in Externally Accessible Directory (Type: Variant)"
2003 ],
2004 [
2005 "",
2006 "EN-ASP.NET Misconfiguration: Not Using Input Validation Framework (Type: Variant)"
2007 ],
2008 [
2009 "",
2010 "EN-J2EE Misconfiguration: Plaintext Password in Configuration File (Type: Variant)"
2011 ],
2012 [
2013 "",
2014 "EN-ASP.NET Misconfiguration: Use of Identity Impersonation (Type: Variant)"
2015 ],
2016 [
2017 "",
2018 "EN-Use of getlogin() in Multithreaded Application (Type: Variant)"
2019 ],
2020 [
2021 "",
2022 "EN-Path Equivalence: filedir* (Wildcard) (Type: Variant)"
2023 ],
2024 [
2025 "",
2026 "EN-Use of umask() with chmod-style Argument (Type: Variant)"
2027 ],
2028 [
2029 "",
2030 "EN-Dead Code (Type: Variant)"
2031 ],
2032 [
2033 "",
2034 "EN-Return of Stack Variable Address (Type: Base)"
2035 ],
2036 [
2037 "",
2038 "EN-Unused Variable (Type: Variant)"
2039 ],
2040 [
2041 "",
2042 "EN-SQL Injection: Hibernate (Type: Variant)"
2043 ],
2044 [
2045 "",
2046 "EN-Reliance on Cookies without Validation and Integrity Checking (Type: Base)"
2047 ],
2048 [
2049 "",
2050 "EN-Authorization Bypass Through User-Controlled SQL Primary Key (Type: Variant)"
2051 ],
2052 [
2053 "",
2054 "EN-Unsynchronized Access to Shared Data in a Multithreaded Context (Type: Base)"
2055 ],
2056 [
2057 "",
2058 "EN-finalize() Method Without super.finalize() (Type: Variant)"
2059 ],
2060 [
2061 "",
2062 "EN-Path Equivalence: fakedir/../realdir/filename (Type: Variant)"
2063 ],
2064 [
2065 "",
2066 "EN-Expression is Always False (Type: Variant)"
2067 ],
2068 [
2069 "",
2070 "EN-Expression is Always True (Type: Variant)"
2071 ],
2072 [
2073 "",
2074 "EN-Call to Thread run() instead of start() (Type: Variant)"
2075 ],
2076 [
2077 "",
2078 "EN-Improper Following of Specification by Caller (Type: Class)"
2079 ],
2080 [
2081 "",
2082 "EN-EJB Bad Practices: Use of Synchronization Primitives (Type: Variant)"
2083 ],
2084 [
2085 "",
2086 "EN-EJB Bad Practices: Use of AWT Swing (Type: Variant)"
2087 ],
2088 [
2089 "",
2090 "EN-EJB Bad Practices: Use of Java I/O (Type: Variant)"
2091 ],
2092 [
2093 "",
2094 "EN-EJB Bad Practices: Use of Sockets (Type: Variant)"
2095 ],
2096 [
2097 "",
2098 "EN-EJB Bad Practices: Use of Class Loader (Type: Variant)"
2099 ],
2100 [
2101 "",
2102 "EN-J2EE Bad Practices: Non-serializable Object Stored in Session (Type: Variant)"
2103 ],
2104 [
2105 "",
2106 "EN-Path Equivalence: Windows 8.3 Filename (Type: Variant)"
2107 ],
2108 [
2109 "",
2110 "EN-clone() Method Without super.clone() (Type: Variant)"
2111 ],
2112 [
2113 "",
2114 "EN-Object Model Violation: Just One of Equals and Hashcode Defined (Type: Base)"
2115 ],
2116 [
2117 "",
2118 "EN-Array Declared Public, Final, and Static (Type: Variant)"
2119 ],
2120 [
2121 "",
2122 "EN-finalize() Method Declared Public (Type: Variant)"
2123 ],
2124 [
2125 "",
2126 "EN-Return Inside Finally Block (Type: Base)"
2127 ],
2128 [
2129 "",
2130 "EN-Empty Synchronized Block (Type: Variant)"
2131 ],
2132 [
2133 "",
2134 "EN-Explicit Call to Finalize() (Type: Variant)"
2135 ],
2136 [
2137 "",
2138 "EN-Assignment of a Fixed Address to a Pointer (Type: Base)"
2139 ],
2140 [
2141 "",
2142 "EN-Attempt to Access Child of a Non-structure Pointer (Type: Variant)"
2143 ],
2144 [
2145 "",
2146 "EN-Call to Non-ubiquitous API (Type: Variant)"
2147 ],
2148 [
2149 "",
2150 "EN-Free of Memory not on the Heap (Type: Variant)"
2151 ],
2152 [
2153 "",
2154 "EN-Sensitive Data Storage in Improperly Locked Memory (Type: Variant)"
2155 ],
2156 [
2157 "",
2158 "EN-Authentication Bypass Issues (Type: Class)"
2159 ],
2160 [
2161 "",
2162 "EN-Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created (Type: Variant)"
2163 ],
2164 [
2165 "",
2166 "EN-J2EE Framework: Saving Unserializable Objects to Disk (Type: Variant)"
2167 ],
2168 [
2169 "",
2170 "EN-Comparison of Object References Instead of Object Contents (Type: Base)"
2171 ],
2172 [
2173 "",
2174 "EN-Incorrect Semantic Object Comparison (Type: Base)"
2175 ],
2176 [
2177 "",
2178 "EN-Use of Wrong Operator in String Comparison (Type: Variant)"
2179 ],
2180 [
2181 "",
2182 "EN-Information Exposure Through Query Strings in GET Request (Type: Variant)"
2183 ],
2184 [
2185 "",
2186 "EN-Missing Validation of OpenSSL Certificate (Type: Variant)"
2187 ],
2188 [
2189 "",
2190 "EN-J2EE Misconfiguration: Insufficient Session-ID Length (Type: Variant)"
2191 ],
2192 [
2193 "",
2194 "EN-Uncaught Exception in Servlet (Type: Base)"
2195 ],
2196 [
2197 "",
2198 "EN-Use of Client-Side Authentication (Type: Base)"
2199 ],
2200 [
2201 "",
2202 "EN-Multiple Binds to the Same Port (Type: Base)"
2203 ],
2204 [
2205 "",
2206 "EN-Unchecked Input for Loop Condition (Type: Base)"
2207 ],
2208 [
2209 "",
2210 "EN-Public Static Final Field References Mutable Object (Type: Variant)"
2211 ],
2212 [
2213 "",
2214 "EN-Struts: Non-private Field in ActionForm Class (Type: Variant)"
2215 ],
2216 [
2217 "",
2218 "EN-Double-Checked Locking (Type: Base)"
2219 ],
2220 [
2221 "",
2222 "EN-Externally Controlled Reference to a Resource in Another Sphere (Type: Class)"
2223 ],
2224 [
2225 "",
2226 "EN-Improper Restriction of XML External Entity Reference (XXE) (Type: Variant)"
2227 ],
2228 [
2229 "",
2230 "EN-Information Exposure Through Indexing of Private Data (Type: Variant)"
2231 ],
2232 [
2233 "",
2234 "EN-Insufficient Session Expiration (Type: Base)"
2235 ],
2236 [
2237 "",
2238 "EN-Sensitive Cookie in HTTPS Session Without Secure Attribute (Type: Variant)"
2239 ],
2240 [
2241 "",
2242 "EN-Information Exposure Through Comments (Type: Variant)"
2243 ],
2244 [
2245 "",
2246 "EN-Incomplete Identification of Uploaded File Variables (PHP) (Type: Variant)"
2247 ],
2248 [
2249 "",
2250 "EN-Reachable Assertion (Type: Variant)"
2251 ],
2252 [
2253 "",
2254 "EN-Exposed Unsafe ActiveX Method (Type: Base)"
2255 ],
2256 [
2257 "",
2258 "EN-Dangling Database Cursor (Cursor Injection) (Type: Base)"
2259 ],
2260 [
2261 "",
2262 "EN-UNIX Hard Link (Type: Variant)"
2263 ],
2264 [
2265 "",
2266 "EN-Unverified Password Change (Type: Variant)"
2267 ],
2268 [
2269 "",
2270 "EN-Variable Extraction Error (Type: Base)"
2271 ],
2272 [
2273 "",
2274 "EN-Improper Validation of Function Hook Arguments (Type: Variant)"
2275 ],
2276 [
2277 "",
2278 "EN-Unsafe ActiveX Control Marked Safe For Scripting (Type: Variant)"
2279 ],
2280 [
2281 "",
2282 "EN-Executable Regular Expression Error (Type: Base)"
2283 ],
2284 [
2285 "",
2286 "EN-Permissive Regular Expression (Type: Base)"
2287 ],
2288 [
2289 "",
2290 "EN-Null Byte Interaction Error (Poison Null Byte) (Type: Variant)"
2291 ],
2292 [
2293 "",
2294 "EN-Dynamic Variable Evaluation (Type: Base)"
2295 ],
2296 [
2297 "",
2298 "EN-Function Call with Incorrectly Specified Arguments (Type: Base)"
2299 ],
2300 [
2301 "",
2302 "EN-Not Failing Securely (Failing Open) (Type: Class)"
2303 ],
2304 [
2305 "",
2306 "EN-Unnecessary Complexity in Protection Mechanism (Not Using Economy of Mechanism) (Type: Class)"
2307 ],
2308 [
2309 "",
2310 "EN-Not Using Complete Mediation (Type: Class)"
2311 ],
2312 [
2313 "",
2314 "EN-Windows Hard Link (Type: Variant)"
2315 ],
2316 [
2317 "",
2318 "EN-Information Exposure Through WSDL File (Type: Variant)"
2319 ],
2320 [
2321 "",
2322 "EN-Insufficient Compartmentalization (Type: Base)"
2323 ],
2324 [
2325 "",
2326 "EN-Reliance on a Single Factor in a Security Decision (Type: Base)"
2327 ],
2328 [
2329 "",
2330 "EN-Insufficient Psychological Acceptability (Type: Base)"
2331 ],
2332 [
2333 "",
2334 "EN-Reliance on Security Through Obscurity (Type: Base)"
2335 ],
2336 [
2337 "",
2338 "EN-Violation of Secure Design Principles (Type: Class)"
2339 ],
2340 [
2341 "",
2342 "EN-Improper Handling of File Names that Identify Virtual Resources (Type: Base)"
2343 ],
2344 [
2345 "",
2346 "EN-Improper Synchronization (Type: Base)"
2347 ],
2348 [
2349 "",
2350 "EN-Use of a Non-reentrant Function in a Concurrent Context (Type: Base)"
2351 ],
2352 [
2353 "",
2354 "EN-Improper Control of a Resource Through its Lifetime (Type: Class)"
2355 ],
2356 [
2357 "",
2358 "EN-Operation on Resource in Wrong Phase of Lifetime (Type: Base)"
2359 ],
2360 [
2361 "",
2362 "EN-Improper Locking (Type: Base)"
2363 ],
2364 [
2365 "",
2366 "EN-Exposure of Resource to Wrong Sphere (Type: Class)"
2367 ],
2368 [
2369 "",
2370 "EN-Incorrect Resource Transfer Between Spheres (Type: Class)"
2371 ],
2372 [
2373 "",
2374 "EN-Always-Incorrect Control Flow Implementation (Type: Class)"
2375 ],
2376 [
2377 "",
2378 "EN-Lack of Administrator Control over Security (Type: Class)"
2379 ],
2380 [
2381 "",
2382 "EN-Operation on a Resource after Expiration or Release (Type: Base)"
2383 ],
2384 [
2385 "",
2386 "EN-External Influence of Sphere Definition (Type: Class)"
2387 ],
2388 [
2389 "",
2390 "EN-Uncontrolled Recursion (Type: Base)"
2391 ],
2392 [
2393 "",
2394 "EN-Duplicate Operations on Resource (Type: Class)"
2395 ],
2396 [
2397 "",
2398 "EN-Function Call With Incorrect Order of Arguments (Type: Variant)"
2399 ],
2400 [
2401 "",
2402 "EN-Incorrect Provision of Specified Functionality (Type: Base)"
2403 ],
2404 [
2405 "",
2406 "EN-Function Call With Incorrect Number of Arguments (Type: Variant)"
2407 ],
2408 [
2409 "",
2410 "EN-Function Call With Incorrect Argument Type (Type: Variant)"
2411 ],
2412 [
2413 "",
2414 "EN-Function Call With Incorrectly Specified Argument Value (Type: Variant)"
2415 ],
2416 [
2417 "",
2418 "EN-Function Call With Incorrect Variable or Reference as Argument (Type: Variant)"
2419 ],
2420 [
2421 "",
2422 "EN-Improper Handling of Windows ::DATA Alternate Data Stream (Type: Variant)"
2423 ],
2424 [
2425 "",
2426 "EN-Insufficient Control Flow Management (Type: Class)"
2427 ],
2428 [
2429 "",
2430 "EN-Protection Mechanism Failure (Type: Class)"
2431 ],
2432 [
2433 "",
2434 "EN-Use of Multiple Resources with Duplicate Identifier (Type: Base)"
2435 ],
2436 [
2437 "",
2438 "EN-Use of Low-Level Functionality (Type: Base)"
2439 ],
2440 [
2441 "",
2442 "EN-Incorrect Behavior Order (Type: Class)"
2443 ],
2444 [
2445 "",
2446 "EN-Insufficient Comparison (Type: Class)"
2447 ],
2448 [
2449 "",
2450 "EN-Execution After Redirect (EAR) (Type: Base)"
2451 ],
2452 [
2453 "",
2454 "EN-J2EE Misconfiguration: Missing Custom Error Page (Type: Variant)"
2455 ],
2456 [
2457 "",
2458 "EN-Improper Check or Handling of Exceptional Conditions (Type: Class)"
2459 ],
2460 [
2461 "",
2462 "EN-Incorrect Type Conversion or Cast (Type: Class)"
2463 ],
2464 [
2465 "",
2466 "EN-Incorrect Control Flow Scoping (Type: Class)"
2467 ],
2468 [
2469 "",
2470 "EN-Use of Incorrectly-Resolved Name or Reference (Type: Class)"
2471 ],
2472 [
2473 "",
2474 "EN-Improper Enforcement of Message or Data Structure (Type: Class)"
2475 ],
2476 [
2477 "",
2478 "EN-Incorrect Ownership Assignment (Type: Base)"
2479 ],
2480 [
2481 "",
2482 "EN-Apple .DS_Store (Type: Variant)"
2483 ],
2484 [
2485 "",
2486 "EN-Coding Standards Violation (Type: Class)"
2487 ],
2488 [
2489 "",
2490 "EN-Improper Handling of Apple HFS+ Alternate Data Stream Path (Type: Variant)"
2491 ],
2492 [
2493 "",
2494 "EN-Compiler Optimization Removal or Modification of Security-critical Code (Type: Base)"
2495 ],
2496 [
2497 "",
2498 "EN-Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) (Type: Class)"
2499 ],
2500 [
2501 "",
2502 "EN-Missing Custom Error Page (Type: Class)"
2503 ],
2504 [
2505 "",
2506 "EN-Selection of Less-Secure Algorithm During Negotiation (Algorithm Downgrade) (Type: Class)"
2507 ],
2508 [
2509 "",
2510 "EN-Reliance on Undefined, Unspecified, or Implementation-Defined Behavior (Type: Class)"
2511 ],
2512 [
2513 "",
2514 "EN-Use of a One-Way Hash without a Salt (Type: Base)"
2515 ],
2516 [
2517 "",
2518 "EN-Use of a One-Way Hash with a Predictable Salt (Type: Base)"
2519 ],
2520 [
2521 "",
2522 "EN-Free of Pointer not at Start of Buffer (Type: Variant)"
2523 ],
2524 [
2525 "",
2526 "EN-Release of Invalid Pointer or Reference (Type: Base)"
2527 ],
2528 [
2529 "",
2530 "EN-Multiple Locks of a Critical Resource (Type: Variant)"
2531 ],
2532 [
2533 "",
2534 "EN-Multiple Unlocks of a Critical Resource (Type: Variant)"
2535 ],
2536 [
2537 "",
2538 "EN-Use of Path Manipulation Function without Maximum-sized Buffer (Type: Variant)"
2539 ],
2540 [
2541 "",
2542 "EN-Access of Memory Location Before Start of Buffer (Type: Base)"
2543 ],
2544 [
2545 "",
2546 "EN-Out-of-bounds Write (Type: Base)"
2547 ],
2548 [
2549 "",
2550 "EN-Access of Memory Location After End of Buffer (Type: Base)"
2551 ],
2552 [
2553 "",
2554 "EN-Improper Filtering of Special Elements (Type: Class)"
2555 ],
2556 [
2557 "",
2558 "EN-Incomplete Filtering of Special Elements (Type: Base)"
2559 ],
2560 [
2561 "",
2562 "EN-Incomplete Filtering of One or More Instances of Special Elements (Type: Variant)"
2563 ],
2564 [
2565 "",
2566 "EN-Only Filtering One Instance of a Special Element (Type: Variant)"
2567 ],
2568 [
2569 "",
2570 "EN-Incomplete Filtering of Multiple Instances of Special Elements (Type: Variant)"
2571 ],
2572 [
2573 "",
2574 "EN-Only Filtering Special Elements at a Specified Location (Type: Base)"
2575 ],
2576 [
2577 "",
2578 "EN-Only Filtering Special Elements Relative to a Marker (Type: Variant)"
2579 ],
2580 [
2581 "",
2582 "EN-Only Filtering Special Elements at an Absolute Position (Type: Variant)"
2583 ],
2584 [
2585 "",
2586 "EN-Improper Control of Interaction Frequency (Type: Class)"
2587 ],
2588 [
2589 "",
2590 "EN-J2EE Misconfiguration: Entity Bean Declared Remote (Type: Variant)"
2591 ],
2592 [
2593 "",
2594 "EN-Improper Neutralization of Script in an Error Message Web Page (Type: Variant)"
2595 ],
2596 [
2597 "",
2598 "EN-Improper Neutralization of Script in Attributes of IMG Tags in a Web Page (Type: Variant)"
2599 ],
2600 [
2601 "",
2602 "EN-Missing Synchronization (Type: Base)"
2603 ],
2604 [
2605 "",
2606 "EN-Incorrect Synchronization (Type: Base)"
2607 ],
2608 [
2609 "",
2610 "EN-Untrusted Pointer Dereference (Type: Base)"
2611 ],
2612 [
2613 "",
2614 "EN-Use of Out-of-range Pointer Offset (Type: Base)"
2615 ],
2616 [
2617 "",
2618 "EN-Access of Uninitialized Pointer (Type: Base)"
2619 ],
2620 [
2621 "",
2622 "EN-Expired Pointer Dereference (Type: Base)"
2623 ],
2624 [
2625 "",
2626 "EN-Premature Release of Resource During Expected Lifetime (Type: Base)"
2627 ],
2628 [
2629 "",
2630 "EN-Improper Control of Document Type Definition (Type: Base)"
2631 ],
2632 [
2633 "",
2634 "EN-Signal Handler with Functionality that is not Asynchronous-Safe (Type: Base)"
2635 ],
2636 [
2637 "",
2638 "EN-Inclusion of Functionality from Untrusted Control Sphere (Type: Class)"
2639 ],
2640 [
2641 "",
2642 "EN-Improper Neutralization of Script in Attributes in a Web Page (Type: Variant)"
2643 ],
2644 [
2645 "",
2646 "EN-Inclusion of Web Functionality from an Untrusted Source (Type: Base)"
2647 ],
2648 [
2649 "",
2650 "EN-Signal Handler Function Associated with Multiple Signals (Type: Base)"
2651 ],
2652 [
2653 "",
2654 "EN-Unlock of a Resource that is not Locked (Type: Base)"
2655 ],
2656 [
2657 "",
2658 "EN-Deadlock (Type: Base)"
2659 ],
2660 [
2661 "",
2662 "EN-Excessive Iteration (Type: Base)"
2663 ],
2664 [
2665 "",
2666 "EN-Loop with Unreachable Exit Condition (Infinite Loop) (Type: Base)"
2667 ],
2668 [
2669 "",
2670 "EN-Use of Password Hash Instead of Password for Authentication (Type: Base)"
2671 ],
2672 [
2673 "",
2674 "EN-Improper Enforcement of a Single, Unique Action (Type: Base)"
2675 ],
2676 [
2677 "",
2678 "EN-Inappropriate Encoding for Output Context (Type: Base)"
2679 ],
2680 [
2681 "",
2682 "EN-Numeric Range Comparison Without Minimum Check (Type: Base)"
2683 ],
2684 [
2685 "",
2686 "EN-Improper Neutralization of Encoded URI Schemes in a Web Page (Type: Variant)"
2687 ],
2688 [
2689 "",
2690 "EN-Improper Enforcement of Behavioral Workflow (Type: Base)"
2691 ],
2692 [
2693 "",
2694 "EN-Placement of User into Incorrect Group (Type: Base)"
2695 ],
2696 [
2697 "",
2698 "EN-Access of Resource Using Incompatible Type (Type Confusion) (Type: Base)"
2699 ],
2700 [
2701 "",
2702 "EN-Doubled Character XSS Manipulations (Type: Variant)"
2703 ],
2704 [
2705 "",
2706 "EN-Improper Neutralization of Invalid Characters in Identifiers in Web Pages (Type: Variant)"
2707 ],
2708 [
2709 "",
2710 "EN-Improper Neutralization of Alternate XSS Syntax (Type: Variant)"
2711 ],
2712 [
2713 "",
2714 "EN-Argument Injection or Modification (Type: Base)"
2715 ],
2716 [
2717 "",
2718 "EN-J2EE Misconfiguration: Weak Access Permissions for EJB Methods (Type: Variant)"
2719 ],
2720 [
2721 "",
2722 "EN-Improper Neutralization of Special Elements used in an LDAP Query (LDAP Injection) (Type: Base)"
2723 ],
2724 [
2725 "",
2726 "EN-XML Injection (aka Blind XPath Injection) (Type: Base)"
2727 ],
2728 [
2729 "",
2730 "EN-Hidden Functionality (Type: Class)"
2731 ],
2732 [
2733 "",
2734 "EN-Improper Control of Dynamically-Managed Code Resources (Type: Class)"
2735 ],
2736 [
2737 "",
2738 "EN-Improper Control of Dynamically-Identified Variables (Type: Base)"
2739 ],
2740 [
2741 "",
2742 "EN-Improperly Controlled Modification of Dynamically-Determined Object Attributes (Type: Base)"
2743 ],
2744 [
2745 "",
2746 "EN-Use of Password Hash With Insufficient Computational Effort (Type: Base)"
2747 ],
2748 [
2749 "",
2750 "EN-Improper Neutralization of Special Elements used in an Expression Language Statement (Expression Language Injection) (Type: Base)"
2751 ],
2752 [
2753 "",
2754 "EN-Server-Side Request Forgery (SSRF) (Type: Base)"
2755 ],
2756 [
2757 "",
2758 "EN-DEPRECATED: Improper Sanitization of Custom Special Characters (Type: Base)"
2759 ],
2760 [
2761 "",
2762 "EN-Improper Restriction of Power Consumption (Type: Base)"
2763 ],
2764 [
2765 "",
2766 "EN-Storage of Sensitive Data in a Mechanism without Access Control (Type: Base)"
2767 ],
2768 [
2769 "",
2770 "EN-Insecure Storage of Sensitive Information (Type: Class)"
2771 ],
2772 [
2773 "",
2774 "EN-Improper Authentication of Endpoint in a Communication Channel (Type: Class)"
2775 ],
2776 [
2777 "",
2778 "EN-Improper Enforcement of Message Integrity During Transmission in a Communication Channel (Type: Class)"
2779 ],
2780 [
2781 "",
2782 "EN-Improper Verification of Intent by Broadcast Receiver (Type: Variant)"
2783 ],
2784 [
2785 "",
2786 "EN-Improper Restriction of Content Provider Export to Other Applications (Type: Variant)"
2787 ],
2788 [
2789 "",
2790 "EN-Use of Implicit Intent for Sensitive Communication (Type: Variant)"
2791 ],
2792 [
2793 "",
2794 "EN-Improper Neutralization of Directives in Statically Saved Code (Static Code Injection) (Type: Base)"
2795 ],
2796 [
2797 "",
2798 "EN-Improper Neutralization of Server-Side Includes (SSI) Within a Web Page (Type: Variant)"
2799 ],
2800 [
2801 "",
2802 "EN-Improper Encoding or Escaping of Output (Type: Class)"
2803 ],
2804 [
2805 "",
2806 "EN-Stack-based Buffer Overflow (Type: Variant)"
2807 ],
2808 [
2809 "",
2810 "EN-Uncontrolled Format String (Type: Base)"
2811 ],
2812 [
2813 "",
2814 "EN-Plaintext Storage of a Password (Type: Variant)"
2815 ],
2816 [
2817 "",
2818 "EN-Storing Passwords in a Recoverable Format (Type: Base)"
2819 ],
2820 [
2821 "",
2822 "EN-Empty Password in Configuration File (Type: Variant)"
2823 ],
2824 [
2825 "",
2826 "EN-Use of Hard-coded Password (Type: Base)"
2827 ],
2828 [
2829 "",
2830 "EN-Use of Password System for Primary Authentication (Type: Base)"
2831 ],
2832 [
2833 "",
2834 "EN-Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection) (Type: Class)"
2835 ],
2836 [
2837 "",
2838 "EN-Improper Neutralization of Special Elements used in a Command (Command Injection) (Type: Class)"
2839 ],
2840 [
2841 "",
2842 "EN-Use of Hard-coded Credentials (Type: Base)"
2843 ],
2844 [
2845 "",
2846 "EN-Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) (Type: Base)"
2847 ],
2848 [
2849 "",
2850 "EN-Not Using Password Aging (Type: Variant)"
2851 ],
2852 [
2853 "",
2854 "EN-Password Aging with Long Expiration (Type: Base)"
2855 ],
2856 [
2857 "",
2858 "ES-Incorrect Short Circuit Evaluation (Type: Variant)"
2859 ],
2860 [
2861 "",
2862 "Metadatos"
2863 ],
2864 [
2865 "",
2866 "ES-Session Cookie without Secure flag set"
2867 ],
2868 [
2869 "",
2870 "ES-Session Cookie without HttpOnly flag Set"
2871 ],
2872 [
2873 "",
2874 "ES-Apache httpd Remote Denial of Service"
2875 ],
2876 [
2877 "",
2878 "ES-Robots.txt"
2879 ],
2880 [
2881 "",
2882 "ES-Typical Login Web"
2883 ],
2884 [
2885 "",
2886 "ES-Credentials en Texto Plano"
2887 ],
2888 [
2889 "",
2890 "ES-Parametro __VIEWSTATE sin encriptar"
2891 ],
2892 [
2893 "",
2894 "ES-Insecure Captcha"
2895 ],
2896 [
2897 "",
2898 "ES-Mensaje de error de la aplicacion\n(Application error message)"
2899 ],
2900 [
2901 "",
2902 "ES-Apache httpOnly Cookie Disclosure"
2903 ],
2904 [
2905 "",
2906 "ES-Input de Contraseña con Autocompletar"
2907 ],
2908 [
2909 "",
2910 "ES-Archivos de Backup"
2911 ],
2912 [
2913 "",
2914 "ES-Possible sensitive directories"
2915 ],
2916 [
2917 "",
2918 "ES-Slow HTTP Denial of Service Attack"
2919 ],
2920 [
2921 "",
2922 "ES-Clickjacking"
2923 ],
2924 [
2925 "",
2926 "ES-XSS Cross Site Scripting\n(Secuencias de comandos en sitios cruzados)"
2927 ],
2928 [
2929 "",
2930 "ES-SSL 2.0 Obsolete Protocol"
2931 ],
2932 [
2933 "",
2934 "ES-OPTIONS method is enabled\n(Metodo OPTIONS activado)"
2935 ],
2936 [
2937 "",
2938 "ES-TLS1/SSLv3 Renegotiation Vulnerability"
2939 ],
2940 [
2941 "",
2942 "ES-File Inclusion"
2943 ],
2944 [
2945 "",
2946 "ES-Credenciales enviadas por un canal en texto plano\n(User Credentials Sent in Clear Text)"
2947 ],
2948 [
2949 "",
2950 "ES-URL Redirection"
2951 ],
2952 [
2953 "",
2954 "ES-Apache Server Status Enabled"
2955 ],
2956 [
2957 "",
2958 "ES-Microsoft IIS tilde directory enumeration"
2959 ],
2960 [
2961 "",
2962 "ES-SQL Injection"
2963 ],
2964 [
2965 "",
2966 "ES-ASP.NET debugging enabled"
2967 ],
2968 [
2969 "",
2970 "ES-Unicode tranfsormation Issues"
2971 ],
2972 [
2973 "",
2974 "ES-File Upload XSS\n(Subida dearchivo de secuencias de comandos de sitios curzados)"
2975 ],
2976 [
2977 "",
2978 "ES-jQuery cross site scripting"
2979 ],
2980 [
2981 "",
2982 "ES-Host Header Attack"
2983 ],
2984 [
2985 "",
2986 "ES-Login Page password-guessing attack"
2987 ],
2988 [
2989 "",
2990 "ES-Error page web server version disclosure (Pagina de error mostrando version de servidor )"
2991 ],
2992 [
2993 "",
2994 "ES-Weak SSL"
2995 ],
2996 [
2997 "",
2998 "ES-CRIME SSL/TLS attack"
2999 ],
3000 [
3001 "",
3002 "ES-Transaccion Insegura de HTTPS a HTTP en el form POST"
3003 ],
3004 [
3005 "",
3006 "ES-Trace Method is Enabled (Metodo TRACE activado)"
3007 ],
3008 [
3009 "",
3010 "ES-Public Key SSL < 2048 bits (Certificado de llave Publica SSL menor de 2048 Bits)"
3011 ],
3012 [
3013 "",
3014 "ES-Ruby on Rails CookieStore session cookie persistence"
3015 ],
3016 [
3017 "",
3018 "EN-Metadatos"
3019 ],
3020 [
3021 "",
3022 "EN-Session Cookie without Secure flag set"
3023 ],
3024 [
3025 "",
3026 "EN-Session Cookie without HttpOnly flag Set"
3027 ],
3028 [
3029 "",
3030 "EN-Apache httpd Remote Denial of Service"
3031 ],
3032 [
3033 "",
3034 "EN-Robots.txt"
3035 ],
3036 [
3037 "",
3038 "EN-Typical Login Web"
3039 ],
3040 [
3041 "",
3042 "EN-Credentials in Plain Text"
3043 ],
3044 [
3045 "",
3046 "EN-Unencrypted __VIEWSTATE parameter"
3047 ],
3048 [
3049 "",
3050 "EN-Insecure Captcha"
3051 ],
3052 [
3053 "",
3054 "EN-Application error message"
3055 ],
3056 [
3057 "",
3058 "EN-Apache httpOnly Cookie Disclosure"
3059 ],
3060 [
3061 "",
3062 "EN-Input Password with Autocomplete Enable"
3063 ],
3064 [
3065 "",
3066 "Backup FilesEN-"
3067 ],
3068 [
3069 "",
3070 "EN-Sesintive directory"
3071 ],
3072 [
3073 "",
3074 "EN-Slow HTTP Denial of Service Attack"
3075 ],
3076 [
3077 "",
3078 "EN-Clickjacking"
3079 ],
3080 [
3081 "",
3082 "EN-OPTIONS method is enabled"
3083 ],
3084 [
3085 "",
3086 "EN-TLS1/SSLv3 Renegotiation Vulnerability"
3087 ],
3088 [
3089 "",
3090 "EN-Email address found"
3091 ],
3092 [
3093 "",
3094 "EN-File Inclusion"
3095 ],
3096 [
3097 "",
3098 "EN-User Credentials Sent in Clear Text"
3099 ],
3100 [
3101 "",
3102 "EN-URL Redirection"
3103 ],
3104 [
3105 "",
3106 "EN-Microsoft IIS tilde directory enumeration"
3107 ],
3108 [
3109 "",
3110 "EN-SQL Injection"
3111 ],
3112 [
3113 "",
3114 "EN-ASP.NET debugging enabled"
3115 ],
3116 [
3117 "",
3118 "EN-Unicode tranformation Issues"
3119 ],
3120 [
3121 "",
3122 "EN-File Upload XSS"
3123 ],
3124 [
3125 "",
3126 "EN-Possible virtual host found"
3127 ],
3128 [
3129 "",
3130 "EN-Host header attack"
3131 ],
3132 [
3133 "",
3134 "EN-jQuery cross site scripting"
3135 ],
3136 [
3137 "",
3138 "EN-Login Page password-guessing attack"
3139 ],
3140 [
3141 "",
3142 "EN-Error page web server version disclosure"
3143 ],
3144 [
3145 "",
3146 "EN-SSL weak ciphers"
3147 ],
3148 [
3149 "",
3150 "EN-CRIME SSL/TLS attack"
3151 ],
3152 [
3153 "",
3154 "EN-Insecure transition from HTTPS to HTTP in form post"
3155 ],
3156 [
3157 "",
3158 "EN-TRACE method is enabled"
3159 ],
3160 [
3161 "",
3162 "EN-SSL certificate public key less than 2048 bit"
3163 ],
3164 [
3165 "",
3166 "EN-Ruby on Rails CookieStore session cookie persistence"
3167 ],
3168 [
3169 "",
3170 "EN-Remote Code Execution - ms_08_067 netapi"
3171 ],
3172 [
3173 "",
3174 "EN-Windows Print Spooler Components Vulnerability - MS13-001"
3175 ],
3176 [
3177 "",
3178 "ES-Credenciales Repetidas"
3179 ],
3180 [
3181 "",
3182 "ES-Ftp Anonimo"
3183 ],
3184 [
3185 "",
3186 "ES-Credenciales débiles Tomcat"
3187 ],
3188 [
3189 "",
3190 "ES-Wpad Spoofing"
3191 ],
3192 [
3193 "",
3194 "ES-Servicio de Telnet"
3195 ],
3196 [
3197 "",
3198 "ES-Tokens cacheados"
3199 ],
3200 [
3201 "",
3202 "ES-Denegacion de Servicios(DOS)"
3203 ],
3204 [
3205 "",
3206 "ES-Revelacion de Informacion (Information Disclosure)"
3207 ],
3208 [
3209 "",
3210 "ES-Sitio sin Informar"
3211 ],
3212 [
3213 "",
3214 "ES-Listado de Directorios"
3215 ],
3216 [
3217 "",
3218 "ES-Shell"
3219 ],
3220 [
3221 "",
3222 "ES-Path Disclosure"
3223 ],
3224 [
3225 "",
3226 "ES-File Upload"
3227 ],
3228 [
3229 "",
3230 "ES-Metodo Put habilitado (Put File Allow)"
3231 ],
3232 [
3233 "",
3234 "ES-Leer Archivos (Read files)"
3235 ],
3236 [
3237 "",
3238 "ES-Usuarios por defecto(default users)"
3239 ],
3240 [
3241 "",
3242 "ES-Sslstrip Attack"
3243 ],
3244 [
3245 "",
3246 "ES-Enumerar Usuarios"
3247 ],
3248 [
3249 "",
3250 "ES-Login User HTTP"
3251 ],
3252 [
3253 "",
3254 "ES-Falta de Control de Acceso"
3255 ],
3256 [
3257 "",
3258 "ES-Cookie Reutilization"
3259 ],
3260 [
3261 "",
3262 "ES-Credenciales Debiles md5"
3263 ],
3264 [
3265 "",
3266 "ES-CSRF"
3267 ],
3268 [
3269 "",
3270 "ES-SSL weak ciphers (Cifrado debil)"
3271 ],
3272 [
3273 "",
3274 "EN-Android Debugging Activated"
3275 ],
3276 [
3277 "",
3278 "EN-Flash Crossdomain policy"
3279 ],
3280 [
3281 "",
3282 "EN-Session Token in URL"
3283 ],
3284 [
3285 "",
3286 "ES-Token de Session en URL"
3287 ],
3288 [
3289 "",
3290 "ES-Autenticacion sin HTTPS"
3291 ],
3292 [
3293 "",
3294 "Es-Version Obsoleta / Desactualizada"
3295 ],
3296 [
3297 "",
3298 "ES-Numero de Tarjeta en Texto Plano"
3299 ],
3300 [
3301 "",
3302 "ES-Server Version Discloure"
3303 ],
3304 [
3305 "",
3306 "EN-Insecure crossdomain.xml file"
3307 ],
3308 [
3309 "",
3310 "ES-Archivo crossdomain.xml inseguro"
3311 ],
3312 [
3313 "",
3314 "EN-BREACH attack"
3315 ],
3316 [
3317 "",
3318 "ES-Archivos de backup en servidor de producción"
3319 ],
3320 [
3321 "",
3322 "ES-Exposición de información a través del listado de directorios"
3323 ],
3324 [
3325 "",
3326 "ES-Archivos con información sensible"
3327 ],
3328 [
3329 "",
3330 "ES-Revelación de IP interno"
3331 ],
3332 [
3333 "",
3334 "ES-Archivos e información de desarollo en ambientes productivos"
3335 ],
3336 [
3337 "",
3338 "ES-Sentencias SQL sin Prepared Statement"
3339 ],
3340 [
3341 "",
3342 "ES-Mysql lectura y escritura de archivos"
3343 ],
3344 [
3345 "",
3346 "ES-Servidor productivo y desarrollo"
3347 ],
3348 [
3349 "",
3350 "EN-Internal IP Address Disclosure"
3351 ],
3352 [
3353 "",
3354 "ES-Internal IP Address Disclosure"
3355 ],
3356 [
3357 "",
3358 "EN-ASP.NET MAC disabled"
3359 ],
3360 [
3361 "",
3362 "ES-Cisco ASA Error"
3363 ],
3364 [
3365 "",
3366 "ES-Listado de directorios"
3367 ],
3368 [
3369 "",
3370 "EN-Cifrado Debil (SSL weak ciphers)"
3371 ],
3372 [
3373 "",
3374 "EN-Privilege Escalation"
3375 ],
3376 [
3377 "",
3378 "EN-Default Credentials"
3379 ]
3380 ],
3381 "vulns_with_conflict": [],
3382 "vulns_with_errors": []
3383 },
3384 "status": 200,
3385 "statusText": "OK",
3386 "headers": {
3387 "connection": "close",
3388 "content-encoding": "gzip",
3389 "content-type": "application/json",
3390 "date": "Wed, 13 Jan 2021 20:18:41 GMT",
3391 "transfer-encoding": "chunked",
3392 "vary": "Accept-Encoding",
3393 "x-powered-by": "Express"
3394 },
3395 "config": {
3396 "url": "_api/v2/vulnerability_template/bulk_create/",
3397 "method": "post",
3398 "data": {},
3399 "headers": {
3400 "Accept": "application/json, text/plain, */*"
3401 },
3402 "transformRequest": [
3403 null
3404 ],
3405 "transformResponse": [
3406 null
3407 ],
3408 "timeout": 0,
3409 "xsrfCookieName": "XSRF-TOKEN",
3410 "xsrfHeaderName": "X-XSRF-TOKEN",
3411 "maxContentLength": -1,
3412 "cancelToken": {
3413 "promise": {}
3414 }
3415 },
3416 "request": {}
3417}