CWE-462 – Duplicate Key in Associative List (Alist)
Description Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error. A duplicate key entry -- if the alist is...
CWE-463 – Deletion of Data Structure Sentinel
Description The accidental deletion of a data-structure sentinel can cause serious programming logic problems. Often times data-structure sentinels are used to mark structure of the...
CWE-422 – Unprotected Windows Messaging Channel (‘Shatter’)
Description The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate...
CWE-423 – DEPRECATED: Proxied Trusted Channel
Description This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441. Modes of Introduction: ...
CWE-424 – Improper Protection of Alternate Path
Description The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. Modes of Introduction: -...
CWE-425 – Direct Request (‘Forced Browsing’)
Description The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. Web applications susceptible to direct request attacks often...
CWE-426 – Untrusted Search Path
Description The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control....
CWE-427 – Uncontrolled Search Path Element
Description The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the...
CWE-428 – Unquoted Search Path or Element
Description The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the...
CWE-43 – Path Equivalence: ‘filename….’ (Multiple Trailing Dot)
Description A software system that accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation can lead to ambiguous path resolution...