CWE-217 – DEPRECATED: Failure to Protect Stored Data from Modification
Description This entry has been deprecated because it incorporated and confused multiple weaknesses. The issues formerly covered in this entry can be found at CWE-766...
CWE-218 – DEPRECATED: Failure to provide confidentiality for stored data
Description This weakness has been deprecated because it was a duplicate of CWE-493. All content has been transferred to CWE-493. Modes of Introduction: ...
CWE-219 – Storage of File with Sensitive Data Under Web Root
Description The application stores sensitive data under the web document root with insufficient access control, which might make it accessible to untrusted parties. Besides public-facing...
CWE-179 – Incorrect Behavior Order: Early Validation
Description The software validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs...
CWE-180 – Incorrect Behavior Order: Validate Before Canonicalize
Description The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step. This can...
CWE-181 – Incorrect Behavior Order: Validate Before Filter
Description The software validates data before it has been filtered, which prevents the software from detecting data that becomes invalid after the filtering step. This...
CWE-182 – Collapse of Data into Unsafe Value
Description The software filters data in a way that causes it to be reduced or "collapsed" into an unsafe value that violates an expected security...
CWE-183 – Permissive List of Allowed Inputs
Description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because...
CWE-184 – Incomplete List of Disallowed Inputs
Description The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or...
CWE-185 – Incorrect Regular Expression
Description The software specifies a regular expression in a way that causes data to be improperly matched or compared. When the regular expression is used...