CWE-113 – Improper Neutralization of CRLF Sequences in HTTP Headers (‘HTTP Response Splitting’)
Description The software receives data from an upstream component, but does not neutralize or incorrectly neutralizes CR and LF characters before the data is included...
CWE-114 – Process Control
Description Executing commands or loading libraries from an untrusted source or in an untrusted environment can cause an application to execute malicious commands (and payloads)...
CWE-115 – Misinterpretation of Input
Description The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion. Modes of Introduction: - Architecture and Design ...
CWE-116 – Improper Encoding or Escaping of Output
Description The software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly....
CWE-1164 – Irrelevant Code
Description The program contains code that is not essential for execution, i.e. makes no state changes and has no side effects that alter data or...
CWE-117 – Improper Output Neutralization for Logs
Description The software does not neutralize or incorrectly neutralizes output that is written to logs. Applications typically use log files to store a history of...
CWE-1173 – Improper Use of Validation Framework
Description The application does not use, or incorrectly uses, an input validation framework that is provided by the source language or an independent library. Many...
CWE-1174 – ASP.NET Misconfiguration: Improper Model Validation
Description The ASP.NET application does not use, or incorrectly uses, the model validation framework. Modes of Introduction: - Architecture and Design Related Weaknesses...
CWE-1176 – Inefficient CPU Computation
Description The program performs CPU computations using algorithms that are not as efficient as they could be for the needs of the developer, i.e., the...
CWE-1177 – Use of Prohibited Code
Description The software uses a function, library, or third party component that has been explicitly prohibited, whether by the developer or the customer. Modes of...