CWE-42 – Path Equivalence: ‘filename.’ (Trailing Dot)
Description A software system that accepts path input in the form of trailing dot ('filedir.') without appropriate validation can lead to ambiguous path resolution and...
CWE-420 – Unprotected Alternate Channel
Description The software protects a primary channel, but it does not use the same level of protection for an alternate channel. Modes of Introduction: -...
CWE-421 – Race Condition During Access to Alternate Channel
Description The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race...
CWE-377 – Insecure Temporary File
Description Creating and using insecure temporary files can leave application and system data vulnerable to attack. Modes of Introduction: - Architecture and Design ...
CWE-378 – Creation of Temporary File With Insecure Permissions
Description Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. Modes...
CWE-379 – Creation of Temporary File in Directory with Insecure Permissions
Description The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file....
CWE-38 – Path Traversal: ‘absolutepathnamehere’
Description A software system that accepts input in the form of a backslash absolute path ('absolutepathnamehere') without appropriate validation can allow an attacker to traverse...
CWE-382 – J2EE Bad Practices: Use of System.exit()
Description A J2EE application uses System.exit(), which also shuts down its container. It is never a good idea for a web application to attempt to...
CWE-383 – J2EE Bad Practices: Direct Use of Threads
Description Thread management in a Web application is forbidden in some circumstances and is always highly error prone. Thread management in a web application is...
CWE-384 – Session Fixation
Description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated...