CWE-551 – Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Description If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to...
CWE-552 – Files or Directories Accessible to External Parties
Description The product makes files or directories accessible to unauthorized actors, even though they should not be. Web servers, FTP servers, and similar servers may...
CWE-553 – Command Shell in Externally Accessible Directory
Description A possible shell file exists in /cgi-bin/ or other accessible directories. This is extremely dangerous and can be used by an attacker to execute...
CWE-554 – ASP.NET Misconfiguration: Not Using Input Validation Framework
Description The ASP.NET application does not use an input validation framework. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-1173 Consequences...
CWE-555 – J2EE Misconfiguration: Plaintext Password in Configuration File
Description The J2EE application stores a plaintext password in a configuration file. Storing a plaintext password in a configuration file allows anyone who can read...
CWE-556 – ASP.NET Misconfiguration: Use of Identity Impersonation
Description Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. The use of impersonated credentials allows an ASP.NET application...
CWE-558 – Use of getlogin() in Multithreaded Application
Description The application uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values. The getlogin() function returns a pointer to...
CWE-56 – Path Equivalence: ‘filedir*’ (Wildcard)
Description A software system that accepts path input in the form of asterisk wildcard ('filedir*') without appropriate validation can lead to ambiguous path resolution and...
CWE-560 – Use of umask() with chmod-style Argument
Description The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod(). Modes of Introduction: - Implementation...
CWE-561 – Dead Code
Description The software contains dead code, which can never be executed. Dead code is source code that can never be executed in a running program....