|
JSON Hijacking (aka JavaScript Hijacking)
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-352
|
Cross-Site Request Forgery (CSRF)
|
|
|
Cache Poisoning
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
|
DNS Cache Poisoning
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
|
|
Exploit Script-Based APIs
|
|
|
Exploitation of Trusted Identifiers
|
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-302
|
Authentication Bypass by Assumed-Immutable Data
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
CWE-642
|
External Control of Critical State Data
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
|
Application API Message Manipulation via Man-in-the-Middle
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Transaction or Event Tampering via Application API Manipulation
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Application API Navigation Remapping
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Navigation Remapping To Propagate Malicious Content
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
Application API Button Hijacking
|
|
CWE-311
|
Missing Encryption of Sensitive Data
|
|
CWE-345
|
Insufficient Verification of Data Authenticity
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-471
|
Modification of Assumed-Immutable Data (MAID)
|
|
CWE-602
|
Client-Side Enforcement of Server-Side Security
|
|
|
SaaS User Request Forgery
|
|
|
Session Credential Falsification through Prediction
|
|
CWE-6
|
J2EE Misconfiguration: Insufficient Session-ID Length
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-330
|
Use of Insufficiently Random Values
|
|
CWE-331
|
Insufficient Entropy
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-693
|
Protection Mechanism Failure
|
|
|
Reusing Session IDs (aka Session Replay)
|
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
|
CWE-285
|
Improper Authorization
|
|
CWE-290
|
Authentication Bypass by Spoofing
|
|
CWE-294
|
Authentication Bypass by Capture-replay
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-384
|
Session Fixation
|
|
CWE-488
|
Exposure of Data Element to Wrong Session
|
|
CWE-539
|
Use of Persistent Cookies Containing Sensitive Information
|
|
CWE-664
|
Improper Control of a Resource Through its Lifetime
|
|
CWE-732
|
Incorrect Permission Assignment for Critical Resource
|
|
|
Manipulating Writeable Configuration Files
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-99
|
Improper Control of Resource Identifiers ('Resource Injection')
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-349
|
Acceptance of Extraneous Untrusted Data With Trusted Data
|
|
CWE-353
|
Missing Support for Integrity Check
|
|
CWE-354
|
Improper Validation of Integrity Check Value
|
|
|
Manipulating Web Input to File System Calls
|
|
CWE-15
|
External Control of System or Configuration Setting
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
|
CWE-23
|
Relative Path Traversal
|
|
CWE-59
|
Improper Link Resolution Before File Access ('Link Following')
|
|
CWE-73
|
External Control of File Name or Path
|
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
|
CWE-272
|
Least Privilege Violation
|
|
CWE-285
|
Improper Authorization
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-348
|
Use of Less Trusted Source
|
|
|
Pharming
|
|
CWE-346
|
Origin Validation Error
|
|
CWE-350
|
Reliance on Reverse DNS Resolution for a Security-Critical Action
|
|