CWE-1037 – Processor Optimization Removal or Modification of Security-critical Code
Description The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is...
CWE-103 – Struts: Incomplete validate() Method Definition
Description The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate()....
CWE-1025 – Comparison Using Wrong Factors
Description The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to...
CWE-1024 – Comparison of Incompatible Types
Description The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results...
CWE-1023 – Incomplete Comparison with Missing Factors
Description The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one...
CWE-1022 – Use of Web Link to Untrusted Target with window.opener Access
Description The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site...
CWE-1021 – Improper Restriction of Rendered UI Layers or Frames
Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead...
CWE-102 – Struts: Duplicate Validation Forms
Description The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does...
CWE-1007 – Insufficient Visual Distinction of Homoglyphs Presented to User
Description The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between...
CWE-1004 – Sensitive Cookie Without ‘HttpOnly’ Flag
Description The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. The HttpOnly flag directs compatible...
