CWE-76 – Improper Neutralization of Equivalent Special Elements
Description The software properly neutralizes certain special elements, but it improperly neutralizes equivalent special elements. The software may have a fixed list of special characters...
CWE-759 – Use of a One-Way Hash without a Salt
Description The software uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the software does not...
CWE-758 – Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Description The software uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to...
CWE-757 – Selection of Less-Secure Algorithm During Negotiation (‘Algorithm Downgrade’)
Description A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection...
CWE-756 – Missing Custom Error Page
Description The software does not return custom error pages to the user, possibly exposing sensitive information. Modes of Introduction: Likelihood of Exploit: Related Weaknesses...
CWE-755 – Improper Handling of Exceptional Conditions
Description The software does not handle or incorrectly handles an exceptional condition. Modes of Introduction: - Implementation Likelihood of Exploit: Medium Related Weaknesses CWE-703...
CWE-754 – Improper Check for Unusual or Exceptional Conditions
Description The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day...
CWE-75 – Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Description The software does not adequately filter user-controlled input for special elements with control implications. Modes of Introduction: - Architecture and Design Likelihood of Exploit:...
CWE-749 – Exposed Dangerous Method or Function
Description The software provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or...
CWE-74 – Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
Description The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not...
