CWE-44 – Path Equivalence: ‘file.name’ (Internal Dot)
Description A software system that accepts path input in the form of internal dot ('file.ordir') without appropriate validation can lead to ambiguous path resolution and...
CWE-439 – Behavioral Change in New Version or Environment
Description A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B. Modes...
CWE-437 – Incomplete Model of Endpoint Features
Description A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's...
CWE-436 – Interpretation Conflict
Description Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B's state....
CWE-435 – Improper Interaction Between Multiple Correctly-Behaving Entities
Description An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in...
CWE-434 – Unrestricted Upload of File with Dangerous Type
Description The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment. Modes of...
CWE-433 – Unparsed Raw Web Content Delivery
Description The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server....
CWE-432 – Dangerous Signal Handler not Disabled During Sensitive Operations
Description The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers...
CWE-431 – Missing Handler
Description A handler is not available or implemented. When an exception is thrown and not caught, the process has given up an opportunity to decide...
CWE-430 – Deployment of Wrong Handler
Description The wrong "handler" is assigned to process an object. An example of deploying the wrong handler would be calling a servlet to reveal source...