CWE-99 Improper Control of Resource Identifiers ('Resource Injection') – Detailed Weakness Analysis

Explore CAPEC attack patterns referencing this CWE.

What is CWE (Common Weakness Enumeration)?

The Common Weakness Enumeration (CWE) is a community-developed list of common software and hardware weaknesses. By identifying these weaknesses, developers and security practitioners can prioritize and address potential vulnerabilities early in the development cycle. Explore our comprehensive CWE list below to better understand and mitigate common security issues.

CAPEC Patterns referencing CWE-99

Below is a list of CAPEC attack patterns associated with this CWE-99. Click on each CAPEC to learn more. The right column shows the related weaknesses (including this one).

CAPEC Related Weaknesses
Buffer Overflow via Environment Variables
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Resource Injection
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
Manipulating Writeable Configuration Files
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-346 Origin Validation Error
CWE-349 Acceptance of Extraneous Untrusted Data With Trusted Data
CWE-353 Missing Support for Integrity Check
CWE-354 Improper Validation of Integrity Check Value

About CWE-99: Improper Control of Resource Identifiers ('Resource Injection')

CWE-99 is one of the established Common Weakness Enumerations that identifies a specific type of vulnerability in software. Detailed analysis of CWE-99 helps organizations understand the risks associated with this weakness and implement effective countermeasures.

Explore related attack patterns, best practices, and expert recommendations on this page. By understanding CWE-99, you can enhance your security posture and better protect your applications against exploitation.