CWE-43 – Path Equivalence: ‘filename….’ (Multiple Trailing Dot)
Description A software system that accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation can lead to ambiguous path resolution...
CWE-428 – Unquoted Search Path or Element
Description The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the...
CWE-427 – Uncontrolled Search Path Element
Description The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the...
CWE-426 – Untrusted Search Path
Description The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control....
CWE-425 – Direct Request (‘Forced Browsing’)
Description The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. Web applications susceptible to direct request attacks often...
CWE-424 – Improper Protection of Alternate Path
Description The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. Modes of Introduction: -...
CWE-423 – DEPRECATED: Proxied Trusted Channel
Description This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441. Modes of Introduction: ...
CWE-422 – Unprotected Windows Messaging Channel (‘Shatter’)
Description The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate...
CWE-421 – Race Condition During Access to Alternate Channel
Description The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race...
CWE-420 – Unprotected Alternate Channel
Description The software protects a primary channel, but it does not use the same level of protection for an alternate channel. Modes of Introduction: -...