CWE-551 – Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Description If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to...
CWE-550 – Server-generated Error Message Containing Sensitive Information
Description Certain conditions, such as network failure, will cause a server error message to be displayed. While error messages in and of themselves are not...
CWE-55 – Path Equivalence: ‘/./’ (Single Dot Directory)
Description A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path...
CWE-549 – Missing Password Field Masking
Description The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. Modes of Introduction: - Implementation ...
CWE-548 – Exposure of Information Through Directory Listing
Description A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all...
CWE-547 – Use of Hard-coded, Security-relevant Constants
Description The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy...
CWE-546 – Suspicious Comment
Description The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses. Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2,...
CWE-545 – DEPRECATED: Use of Dynamic Class Loading
Description This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into...
CWE-544 – Missing Standardized Error Handling Mechanism
Description The software does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. If...
CWE-543 – Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Description The software uses the singleton pattern when creating a resource within a multithreaded environment. The use of a singleton pattern may not be thread-safe....