CWE-352 – Cross-Site Request Forgery (CSRF)
Description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted...
CWE-351 – Insufficient Type Distinction
Description The software does not properly distinguish between different types of elements in a way that leads to insecure behavior. Modes of Introduction: - Implementation...
CWE-350 – Reliance on Reverse DNS Resolution for a Security-Critical Action
Description The software performs reverse DNS resolution on an IP address to obtain the hostname and make a security decision, but it does not properly...
CWE-35 – Path Traversal: ‘…/…//’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled...
CWE-349 – Acceptance of Extraneous Untrusted Data With Trusted Data
Description The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if...
CWE-348 – Use of Less Trusted Source
Description The software has two different sources of the same data or information, but it uses the source that has less support for verification, is...
CWE-347 – Improper Verification of Cryptographic Signature
Description The software does not verify, or incorrectly verifies, the cryptographic signature for data. Modes of Introduction: - Architecture and Design Related Weaknesses...
CWE-346 – Origin Validation Error
Description The software does not properly verify that the source of data or communication is valid. Modes of Introduction: - Architecture and Design ...
CWE-345 – Insufficient Verification of Data Authenticity
Description The software does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. Modes of...
CWE-344 – Use of Invariant Value in Dynamically Changing Context
Description The product uses a constant value, name, or reference, but this value can (or should) vary across different environments. Modes of Introduction: - Architecture...