@mitre/hdf-converters 2.6.18 → 2.6.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/lib/index.d.ts +7 -0
- package/lib/index.js +20 -0
- package/lib/index.js.map +1 -1
- package/lib/package.json +1 -1
- package/lib/src/asff-mapper.d.ts +20 -10
- package/lib/src/asff-mapper.js +481 -173
- package/lib/src/asff-mapper.js.map +1 -1
- package/lib/src/base-converter.d.ts +5 -4
- package/lib/src/base-converter.js +41 -22
- package/lib/src/base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.d.ts +1 -1
- package/lib/src/converters-from-hdf/asff/transformers.js +66 -64
- package/lib/src/converters-from-hdf/asff/transformers.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-any-base-converter.d.ts +2 -2
- package/lib/src/converters-from-hdf/reverse-any-base-converter.js.map +1 -1
- package/lib/src/converters-from-hdf/reverse-base-converter.d.ts +2 -2
- package/lib/src/converters-from-hdf/reverse-base-converter.js.map +1 -1
- package/lib/src/mappings/AwsConfigMapping.js +2 -2
- package/lib/src/mappings/AwsConfigMapping.js.map +1 -1
- package/lib/src/mappings/AwsConfigMappingData.d.ts +6 -0
- package/lib/src/mappings/AwsConfigMappingData.js +642 -0
- package/lib/src/mappings/AwsConfigMappingData.js.map +1 -0
- package/lib/src/mappings/CciNistMapping.js +3 -6
- package/lib/src/mappings/CciNistMapping.js.map +1 -1
- package/lib/src/mappings/CciNistMappingData.d.ts +5100 -0
- package/lib/src/mappings/CciNistMappingData.js +5104 -0
- package/lib/src/mappings/CciNistMappingData.js.map +1 -0
- package/lib/src/mappings/CweNistMapping.js +3 -6
- package/lib/src/mappings/CweNistMapping.js.map +1 -1
- package/lib/src/mappings/CweNistMappingData.d.ts +7 -0
- package/lib/src/mappings/CweNistMappingData.js +1420 -0
- package/lib/src/mappings/CweNistMappingData.js.map +1 -0
- package/lib/src/mappings/NessusPluginNistMappingData.d.ts +9 -0
- package/lib/src/mappings/NessusPluginNistMappingData.js +436 -0
- package/lib/src/mappings/NessusPluginNistMappingData.js.map +1 -0
- package/lib/src/mappings/NessusPluginsNistMapping.d.ts +0 -1
- package/lib/src/mappings/NessusPluginsNistMapping.js +3 -9
- package/lib/src/mappings/NessusPluginsNistMapping.js.map +1 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.d.ts +0 -1
- package/lib/src/mappings/NessusPluginsNistMappingItem.js +0 -6
- package/lib/src/mappings/NessusPluginsNistMappingItem.js.map +1 -1
- package/lib/src/mappings/NiktoNistMapping.d.ts +0 -3
- package/lib/src/mappings/NiktoNistMapping.js +4 -18
- package/lib/src/mappings/NiktoNistMapping.js.map +1 -1
- package/lib/src/mappings/NiktoNistMappingData.d.ts +8943 -0
- package/lib/src/mappings/NiktoNistMappingData.js +8947 -0
- package/lib/src/mappings/NiktoNistMappingData.js.map +1 -0
- package/lib/src/mappings/OWaspNistMappingData.d.ts +7 -0
- package/lib/src/mappings/OWaspNistMappingData.js +76 -0
- package/lib/src/mappings/OWaspNistMappingData.js.map +1 -0
- package/lib/src/mappings/OwaspNistMapping.js +3 -6
- package/lib/src/mappings/OwaspNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMapping.js +3 -6
- package/lib/src/mappings/ScoutsuiteNistMapping.js.map +1 -1
- package/lib/src/mappings/ScoutsuiteNistMappingData.d.ts +4 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.js +562 -0
- package/lib/src/mappings/ScoutsuiteNistMappingData.js.map +1 -0
- package/lib/src/sonarqube-mapper.js +1 -1
- package/lib/src/sonarqube-mapper.js.map +1 -1
- package/package.json +1 -1
- package/lib/data/aws-config-mapping.json +0 -638
- package/lib/data/cci-nist-mapping.json +0 -5100
- package/lib/data/cwe-nist-mapping.json +0 -1416
- package/lib/data/nessus-plugins-nist-mapping.json +0 -644
- package/lib/data/nikto-nist-mapping.json +0 -53648
- package/lib/data/owasp-nist-mapping.json +0 -72
- package/lib/data/scoutsuite-nist-mapping.json +0 -558
- package/lib/src/mappings/AwsConfigMappingItem.d.ts +0 -7
- package/lib/src/mappings/AwsConfigMappingItem.js +0 -28
- package/lib/src/mappings/AwsConfigMappingItem.js.map +0 -1
|
@@ -0,0 +1,1420 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.data = void 0;
|
|
4
|
+
exports.data = [
|
|
5
|
+
{
|
|
6
|
+
'CWE-ID': 5,
|
|
7
|
+
'CWE Name': 'J2EE Misconfiguration: Data Transmission Without Encryption',
|
|
8
|
+
'NIST-ID': 'SC-8',
|
|
9
|
+
Rev: 4,
|
|
10
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
11
|
+
},
|
|
12
|
+
{
|
|
13
|
+
'CWE-ID': 6,
|
|
14
|
+
'CWE Name': ' J2EE Misconfiguration: Insufficient Session-ID Length',
|
|
15
|
+
'NIST-ID': 'SC-23',
|
|
16
|
+
Rev: 4,
|
|
17
|
+
'NIST Name': 'Session Authenticity'
|
|
18
|
+
},
|
|
19
|
+
{
|
|
20
|
+
'CWE-ID': 7,
|
|
21
|
+
'CWE Name': ' J2EE Misconfiguration: Missing Custom Error Page',
|
|
22
|
+
'NIST-ID': 'SI-11',
|
|
23
|
+
Rev: 4,
|
|
24
|
+
'NIST Name': 'Error Handling'
|
|
25
|
+
},
|
|
26
|
+
{
|
|
27
|
+
'CWE-ID': 8,
|
|
28
|
+
'CWE Name': ' J2EE Misconfiguration: Entity Bean Declared Remote',
|
|
29
|
+
'NIST-ID': 'AC-3',
|
|
30
|
+
Rev: 4,
|
|
31
|
+
'NIST Name': 'Access Enforcement'
|
|
32
|
+
},
|
|
33
|
+
{
|
|
34
|
+
'CWE-ID': 9,
|
|
35
|
+
'CWE Name': ' J2EE Misconfiguration: Weak Access Permissions for EJB Methods',
|
|
36
|
+
'NIST-ID': 'AC-3',
|
|
37
|
+
Rev: 4,
|
|
38
|
+
'NIST Name': 'Access Enforcement'
|
|
39
|
+
},
|
|
40
|
+
{
|
|
41
|
+
'CWE-ID': 11,
|
|
42
|
+
'CWE Name': ' ASP.NET Misconfiguration: Creating Debug Binary',
|
|
43
|
+
'NIST-ID': 'SI-11',
|
|
44
|
+
Rev: 4,
|
|
45
|
+
'NIST Name': 'Error Handling'
|
|
46
|
+
},
|
|
47
|
+
{
|
|
48
|
+
'CWE-ID': 14,
|
|
49
|
+
'CWE Name': ' Compiler Removal of Code to Clear Buffers',
|
|
50
|
+
'NIST-ID': 'SI-16',
|
|
51
|
+
Rev: 4,
|
|
52
|
+
'NIST Name': 'Memory Protection'
|
|
53
|
+
},
|
|
54
|
+
{
|
|
55
|
+
'CWE-ID': 15,
|
|
56
|
+
'CWE Name': ' External Control of System or Configuration Setting',
|
|
57
|
+
'NIST-ID': 'SI-10',
|
|
58
|
+
Rev: 4,
|
|
59
|
+
'NIST Name': 'Information Input Validation'
|
|
60
|
+
},
|
|
61
|
+
{
|
|
62
|
+
'CWE-ID': 20,
|
|
63
|
+
'CWE Name': ' Improper Input Validation',
|
|
64
|
+
'NIST-ID': 'SI-10',
|
|
65
|
+
Rev: 4,
|
|
66
|
+
'NIST Name': 'Information Input Validation'
|
|
67
|
+
},
|
|
68
|
+
{
|
|
69
|
+
'CWE-ID': 22,
|
|
70
|
+
'CWE Name': " Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
|
|
71
|
+
'NIST-ID': 'SI-10',
|
|
72
|
+
Rev: 4,
|
|
73
|
+
'NIST Name': 'Information Input Validation'
|
|
74
|
+
},
|
|
75
|
+
{
|
|
76
|
+
'CWE-ID': 23,
|
|
77
|
+
'CWE Name': ' Relative Path Traversal',
|
|
78
|
+
'NIST-ID': 'SI-10',
|
|
79
|
+
Rev: 4,
|
|
80
|
+
'NIST Name': 'Information Input Validation'
|
|
81
|
+
},
|
|
82
|
+
{
|
|
83
|
+
'CWE-ID': 36,
|
|
84
|
+
'CWE Name': ' Absolute Path Traversal',
|
|
85
|
+
'NIST-ID': 'SI-10',
|
|
86
|
+
Rev: 4,
|
|
87
|
+
'NIST Name': 'Information Input Validation'
|
|
88
|
+
},
|
|
89
|
+
{
|
|
90
|
+
'CWE-ID': 73,
|
|
91
|
+
'CWE Name': ' External Control of File Name or Path',
|
|
92
|
+
'NIST-ID': 'SI-10',
|
|
93
|
+
Rev: 4,
|
|
94
|
+
'NIST Name': 'Information Input Validation'
|
|
95
|
+
},
|
|
96
|
+
{
|
|
97
|
+
'CWE-ID': 77,
|
|
98
|
+
'CWE Name': " Improper Neutralization of Special Elements used in a Command ('Command Injection')",
|
|
99
|
+
'NIST-ID': 'SI-10',
|
|
100
|
+
Rev: 4,
|
|
101
|
+
'NIST Name': 'Information Input Validation'
|
|
102
|
+
},
|
|
103
|
+
{
|
|
104
|
+
'CWE-ID': 78,
|
|
105
|
+
'CWE Name': " Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')",
|
|
106
|
+
'NIST-ID': 'SI-10',
|
|
107
|
+
Rev: 4,
|
|
108
|
+
'NIST Name': 'Information Input Validation'
|
|
109
|
+
},
|
|
110
|
+
{
|
|
111
|
+
'CWE-ID': 79,
|
|
112
|
+
'CWE Name': " Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
|
|
113
|
+
'NIST-ID': 'SI-10',
|
|
114
|
+
Rev: 4,
|
|
115
|
+
'NIST Name': 'Information Input Validation'
|
|
116
|
+
},
|
|
117
|
+
{
|
|
118
|
+
'CWE-ID': 89,
|
|
119
|
+
'CWE Name': " Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
|
|
120
|
+
'NIST-ID': 'SI-10',
|
|
121
|
+
Rev: 4,
|
|
122
|
+
'NIST Name': 'Information Input Validation'
|
|
123
|
+
},
|
|
124
|
+
{
|
|
125
|
+
'CWE-ID': 90,
|
|
126
|
+
'CWE Name': " Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')",
|
|
127
|
+
'NIST-ID': 'SI-10',
|
|
128
|
+
Rev: 4,
|
|
129
|
+
'NIST Name': 'Information Input Validation'
|
|
130
|
+
},
|
|
131
|
+
{
|
|
132
|
+
'CWE-ID': 91,
|
|
133
|
+
'CWE Name': ' XML Injection (aka Blind XPath Injection)',
|
|
134
|
+
'NIST-ID': 'SI-10',
|
|
135
|
+
Rev: 4,
|
|
136
|
+
'NIST Name': 'Information Input Validation'
|
|
137
|
+
},
|
|
138
|
+
{
|
|
139
|
+
'CWE-ID': 94,
|
|
140
|
+
'CWE Name': " Improper Control of Generation of Code ('Code Injection')",
|
|
141
|
+
'NIST-ID': 'SI-10',
|
|
142
|
+
Rev: 4,
|
|
143
|
+
'NIST Name': 'Information Input Validation'
|
|
144
|
+
},
|
|
145
|
+
{
|
|
146
|
+
'CWE-ID': 95,
|
|
147
|
+
'CWE Name': " Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')",
|
|
148
|
+
'NIST-ID': 'SI-10',
|
|
149
|
+
Rev: 4,
|
|
150
|
+
'NIST Name': 'Information Input Validation'
|
|
151
|
+
},
|
|
152
|
+
{
|
|
153
|
+
'CWE-ID': 99,
|
|
154
|
+
'CWE Name': " Improper Control of Resource Identifiers ('Resource Injection')",
|
|
155
|
+
'NIST-ID': 'SI-10',
|
|
156
|
+
Rev: 4,
|
|
157
|
+
'NIST Name': 'Information Input Validation'
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
'CWE-ID': 101,
|
|
161
|
+
'CWE Name': ' Struts Validation Problems',
|
|
162
|
+
'NIST-ID': 'SI-10',
|
|
163
|
+
Rev: 4,
|
|
164
|
+
'NIST Name': 'Information Input Validation'
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
'CWE-ID': 102,
|
|
168
|
+
'CWE Name': ' Struts: Duplicate Validation Forms',
|
|
169
|
+
'NIST-ID': 'SI-10',
|
|
170
|
+
Rev: 4,
|
|
171
|
+
'NIST Name': 'Information Input Validation'
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
'CWE-ID': 103,
|
|
175
|
+
'CWE Name': ' Struts: Incomplete validate() Method Definition',
|
|
176
|
+
'NIST-ID': 'SI-10',
|
|
177
|
+
Rev: 4,
|
|
178
|
+
'NIST Name': 'Information Input Validation'
|
|
179
|
+
},
|
|
180
|
+
{
|
|
181
|
+
'CWE-ID': 104,
|
|
182
|
+
'CWE Name': ' Struts: Form Bean Does Not Extend Validation Class',
|
|
183
|
+
'NIST-ID': 'SI-10',
|
|
184
|
+
Rev: 4,
|
|
185
|
+
'NIST Name': 'Information Input Validation'
|
|
186
|
+
},
|
|
187
|
+
{
|
|
188
|
+
'CWE-ID': 105,
|
|
189
|
+
'CWE Name': ' Struts: Form Field Without Validator',
|
|
190
|
+
'NIST-ID': 'SI-10',
|
|
191
|
+
Rev: 4,
|
|
192
|
+
'NIST Name': 'Information Input Validation'
|
|
193
|
+
},
|
|
194
|
+
{
|
|
195
|
+
'CWE-ID': 106,
|
|
196
|
+
'CWE Name': ' Struts: Plug-in Framework not in Use',
|
|
197
|
+
'NIST-ID': 'SI-10',
|
|
198
|
+
Rev: 4,
|
|
199
|
+
'NIST Name': 'Information Input Validation'
|
|
200
|
+
},
|
|
201
|
+
{
|
|
202
|
+
'CWE-ID': 107,
|
|
203
|
+
'CWE Name': ' Struts: Unused Validation Form',
|
|
204
|
+
'NIST-ID': 'SI-10',
|
|
205
|
+
Rev: 4,
|
|
206
|
+
'NIST Name': 'Information Input Validation'
|
|
207
|
+
},
|
|
208
|
+
{
|
|
209
|
+
'CWE-ID': 108,
|
|
210
|
+
'CWE Name': ' Struts: Unvalidated Action Form',
|
|
211
|
+
'NIST-ID': 'SI-10',
|
|
212
|
+
Rev: 4,
|
|
213
|
+
'NIST Name': 'Information Input Validation'
|
|
214
|
+
},
|
|
215
|
+
{
|
|
216
|
+
'CWE-ID': 109,
|
|
217
|
+
'CWE Name': ' Struts: Validator Turned Off',
|
|
218
|
+
'NIST-ID': 'SI-10',
|
|
219
|
+
Rev: 4,
|
|
220
|
+
'NIST Name': 'Information Input Validation'
|
|
221
|
+
},
|
|
222
|
+
{
|
|
223
|
+
'CWE-ID': 110,
|
|
224
|
+
'CWE Name': ' Struts: Validator Without Form Field',
|
|
225
|
+
'NIST-ID': 'SI-10',
|
|
226
|
+
Rev: 4,
|
|
227
|
+
'NIST Name': 'Information Input Validation'
|
|
228
|
+
},
|
|
229
|
+
{
|
|
230
|
+
'CWE-ID': 111,
|
|
231
|
+
'CWE Name': ' Direct Use of Unsafe JNI',
|
|
232
|
+
'NIST-ID': 'SI-10',
|
|
233
|
+
Rev: 4,
|
|
234
|
+
'NIST Name': 'Information Input Validation'
|
|
235
|
+
},
|
|
236
|
+
{
|
|
237
|
+
'CWE-ID': 112,
|
|
238
|
+
'CWE Name': ' Missing XML Validation',
|
|
239
|
+
'NIST-ID': 'SI-10',
|
|
240
|
+
Rev: 4,
|
|
241
|
+
'NIST Name': 'Information Input Validation'
|
|
242
|
+
},
|
|
243
|
+
{
|
|
244
|
+
'CWE-ID': 113,
|
|
245
|
+
'CWE Name': " Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')",
|
|
246
|
+
'NIST-ID': 'SI-10',
|
|
247
|
+
Rev: 4,
|
|
248
|
+
'NIST Name': 'Information Input Validation'
|
|
249
|
+
},
|
|
250
|
+
{
|
|
251
|
+
'CWE-ID': 114,
|
|
252
|
+
'CWE Name': ' Process Control',
|
|
253
|
+
'NIST-ID': 'SI-10',
|
|
254
|
+
Rev: 4,
|
|
255
|
+
'NIST Name': 'Information Input Validation'
|
|
256
|
+
},
|
|
257
|
+
{
|
|
258
|
+
'CWE-ID': 117,
|
|
259
|
+
'CWE Name': ' Improper Output Neutralization for Logs',
|
|
260
|
+
'NIST-ID': 'SI-10',
|
|
261
|
+
Rev: 4,
|
|
262
|
+
'NIST Name': 'Information Input Validation'
|
|
263
|
+
},
|
|
264
|
+
{
|
|
265
|
+
'CWE-ID': 119,
|
|
266
|
+
'CWE Name': ' Improper Restriction of Operations within the Bounds of a Memory Buffer',
|
|
267
|
+
'NIST-ID': 'SI-10',
|
|
268
|
+
Rev: 4,
|
|
269
|
+
'NIST Name': 'Information Input Validation'
|
|
270
|
+
},
|
|
271
|
+
{
|
|
272
|
+
'CWE-ID': 120,
|
|
273
|
+
'CWE Name': " Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')",
|
|
274
|
+
'NIST-ID': 'SI-10',
|
|
275
|
+
Rev: 4,
|
|
276
|
+
'NIST Name': 'Information Input Validation'
|
|
277
|
+
},
|
|
278
|
+
{
|
|
279
|
+
'CWE-ID': 125,
|
|
280
|
+
'CWE Name': ' Out-of-bounds Read',
|
|
281
|
+
'NIST-ID': 'SI-10',
|
|
282
|
+
Rev: 4,
|
|
283
|
+
'NIST Name': 'Information Input Validation'
|
|
284
|
+
},
|
|
285
|
+
{
|
|
286
|
+
'CWE-ID': 126,
|
|
287
|
+
'CWE Name': ' Buffer Over-read',
|
|
288
|
+
'NIST-ID': 'SI-10',
|
|
289
|
+
Rev: 4,
|
|
290
|
+
'NIST Name': 'Information Input Validation'
|
|
291
|
+
},
|
|
292
|
+
{
|
|
293
|
+
'CWE-ID': 129,
|
|
294
|
+
'CWE Name': ' Improper Validation of Array Index',
|
|
295
|
+
'NIST-ID': '',
|
|
296
|
+
Rev: 4,
|
|
297
|
+
'NIST Name': ''
|
|
298
|
+
},
|
|
299
|
+
{
|
|
300
|
+
'CWE-ID': 131,
|
|
301
|
+
'CWE Name': ' Incorrect Calculation of Buffer Size',
|
|
302
|
+
'NIST-ID': 'SI-10',
|
|
303
|
+
Rev: 4,
|
|
304
|
+
'NIST Name': 'Information Input Validation'
|
|
305
|
+
},
|
|
306
|
+
{
|
|
307
|
+
'CWE-ID': 134,
|
|
308
|
+
'CWE Name': ' Uncontrolled Format String',
|
|
309
|
+
'NIST-ID': 'SI-10',
|
|
310
|
+
Rev: 4,
|
|
311
|
+
'NIST Name': 'Information Input Validation'
|
|
312
|
+
},
|
|
313
|
+
{
|
|
314
|
+
'CWE-ID': 170,
|
|
315
|
+
'CWE Name': ' Improper Null Termination',
|
|
316
|
+
'NIST-ID': 'SI-10',
|
|
317
|
+
Rev: 4,
|
|
318
|
+
'NIST Name': 'Information Input Validation'
|
|
319
|
+
},
|
|
320
|
+
{
|
|
321
|
+
'CWE-ID': 176,
|
|
322
|
+
'CWE Name': ' Improper Handling of Unicode Encoding',
|
|
323
|
+
'NIST-ID': '',
|
|
324
|
+
Rev: 4,
|
|
325
|
+
'NIST Name': ''
|
|
326
|
+
},
|
|
327
|
+
{
|
|
328
|
+
'CWE-ID': 185,
|
|
329
|
+
'CWE Name': ' Incorrect Regular Expression',
|
|
330
|
+
'NIST-ID': '',
|
|
331
|
+
Rev: 4,
|
|
332
|
+
'NIST Name': ''
|
|
333
|
+
},
|
|
334
|
+
{
|
|
335
|
+
'CWE-ID': 189,
|
|
336
|
+
'CWE Name': ' Numeric Errors',
|
|
337
|
+
'NIST-ID': 'SA-11',
|
|
338
|
+
Rev: 4,
|
|
339
|
+
'NIST Name': 'Developer Security Testing and Evaluation'
|
|
340
|
+
},
|
|
341
|
+
{
|
|
342
|
+
'CWE-ID': 190,
|
|
343
|
+
'CWE Name': ' Integer Overflow or Wraparound',
|
|
344
|
+
'NIST-ID': 'SI-10',
|
|
345
|
+
Rev: 4,
|
|
346
|
+
'NIST Name': 'Information Input Validation'
|
|
347
|
+
},
|
|
348
|
+
{
|
|
349
|
+
'CWE-ID': 195,
|
|
350
|
+
'CWE Name': ' Signed to Unsigned Conversion Error',
|
|
351
|
+
'NIST-ID': '',
|
|
352
|
+
Rev: 4,
|
|
353
|
+
'NIST Name': ''
|
|
354
|
+
},
|
|
355
|
+
{
|
|
356
|
+
'CWE-ID': 200,
|
|
357
|
+
'CWE Name': ' Information Exposure',
|
|
358
|
+
'NIST-ID': 'SC-8',
|
|
359
|
+
Rev: 4,
|
|
360
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
361
|
+
},
|
|
362
|
+
{
|
|
363
|
+
'CWE-ID': 209,
|
|
364
|
+
'CWE Name': ' Information Exposure Through an Error Message',
|
|
365
|
+
'NIST-ID': '',
|
|
366
|
+
Rev: 4,
|
|
367
|
+
'NIST Name': ''
|
|
368
|
+
},
|
|
369
|
+
{
|
|
370
|
+
'CWE-ID': 215,
|
|
371
|
+
'CWE Name': ' Information Exposure Through Debug Information',
|
|
372
|
+
'NIST-ID': 'SI-11',
|
|
373
|
+
Rev: 4,
|
|
374
|
+
'NIST Name': 'Error Handling'
|
|
375
|
+
},
|
|
376
|
+
{
|
|
377
|
+
'CWE-ID': 226,
|
|
378
|
+
'CWE Name': ' Sensitive Information Uncleared Before Release',
|
|
379
|
+
'NIST-ID': 'SC-4',
|
|
380
|
+
Rev: 4,
|
|
381
|
+
'NIST Name': 'Information in Shared Resources'
|
|
382
|
+
},
|
|
383
|
+
{
|
|
384
|
+
'CWE-ID': 235,
|
|
385
|
+
'CWE Name': ' Improper Handling of Extra Parameters',
|
|
386
|
+
'NIST-ID': 'SI-10',
|
|
387
|
+
Rev: 4,
|
|
388
|
+
'NIST Name': 'Information Input Validation'
|
|
389
|
+
},
|
|
390
|
+
{
|
|
391
|
+
'CWE-ID': 242,
|
|
392
|
+
'CWE Name': ' Use of Inherently Dangerous Function',
|
|
393
|
+
'NIST-ID': '',
|
|
394
|
+
Rev: 4,
|
|
395
|
+
'NIST Name': ''
|
|
396
|
+
},
|
|
397
|
+
{
|
|
398
|
+
'CWE-ID': 243,
|
|
399
|
+
'CWE Name': ' Creation of chroot Jail Without Changing Working Directory',
|
|
400
|
+
'NIST-ID': 'AC-3',
|
|
401
|
+
Rev: 4,
|
|
402
|
+
'NIST Name': 'Access Enforcement'
|
|
403
|
+
},
|
|
404
|
+
{
|
|
405
|
+
'CWE-ID': 244,
|
|
406
|
+
'CWE Name': ' Improper Cleaning of Heap Memory',
|
|
407
|
+
'NIST-ID': 'SC-4',
|
|
408
|
+
Rev: 4,
|
|
409
|
+
'NIST Name': 'Information in Shared Resources'
|
|
410
|
+
},
|
|
411
|
+
{
|
|
412
|
+
'CWE-ID': 245,
|
|
413
|
+
'CWE Name': ' J2EE Bad Practices: Direct Management of Connections',
|
|
414
|
+
'NIST-ID': '',
|
|
415
|
+
Rev: 4,
|
|
416
|
+
'NIST Name': ''
|
|
417
|
+
},
|
|
418
|
+
{
|
|
419
|
+
'CWE-ID': 246,
|
|
420
|
+
'CWE Name': ' J2EE Bad Practices: Direct Use of Sockets',
|
|
421
|
+
'NIST-ID': '',
|
|
422
|
+
Rev: 4,
|
|
423
|
+
'NIST Name': ''
|
|
424
|
+
},
|
|
425
|
+
{
|
|
426
|
+
'CWE-ID': 248,
|
|
427
|
+
'CWE Name': ' Uncaught Exception',
|
|
428
|
+
'NIST-ID': '',
|
|
429
|
+
Rev: 4,
|
|
430
|
+
'NIST Name': ''
|
|
431
|
+
},
|
|
432
|
+
{
|
|
433
|
+
'CWE-ID': 250,
|
|
434
|
+
'CWE Name': ' Execution with Unnecessary Privileges',
|
|
435
|
+
'NIST-ID': 'AC-6',
|
|
436
|
+
Rev: 4,
|
|
437
|
+
'NIST Name': 'Least Privilege: Privilege Levels for Code Execution'
|
|
438
|
+
},
|
|
439
|
+
{
|
|
440
|
+
'CWE-ID': 251,
|
|
441
|
+
'CWE Name': ' Often Misused: String Management',
|
|
442
|
+
'NIST-ID': '',
|
|
443
|
+
Rev: 4,
|
|
444
|
+
'NIST Name': ''
|
|
445
|
+
},
|
|
446
|
+
{
|
|
447
|
+
'CWE-ID': 252,
|
|
448
|
+
'CWE Name': ' Unchecked Return Value',
|
|
449
|
+
'NIST-ID': '',
|
|
450
|
+
Rev: 4,
|
|
451
|
+
'NIST Name': ''
|
|
452
|
+
},
|
|
453
|
+
{
|
|
454
|
+
'CWE-ID': 256,
|
|
455
|
+
'CWE Name': ' Plaintext Storage of a Password',
|
|
456
|
+
'NIST-ID': 'SC-28',
|
|
457
|
+
Rev: 4,
|
|
458
|
+
'NIST Name': 'Protection of Information at Rest'
|
|
459
|
+
},
|
|
460
|
+
{
|
|
461
|
+
'CWE-ID': 257,
|
|
462
|
+
'CWE Name': ' Storing Passwords in a Recoverable Format',
|
|
463
|
+
'NIST-ID': 'IA-5',
|
|
464
|
+
Rev: 4,
|
|
465
|
+
'NIST Name': 'Authenticator Management'
|
|
466
|
+
},
|
|
467
|
+
{
|
|
468
|
+
'CWE-ID': 258,
|
|
469
|
+
'CWE Name': ' Empty Password in Configuration File',
|
|
470
|
+
'NIST-ID': 'SC-28',
|
|
471
|
+
Rev: 4,
|
|
472
|
+
'NIST Name': 'Protection of Information at Rest'
|
|
473
|
+
},
|
|
474
|
+
{
|
|
475
|
+
'CWE-ID': 259,
|
|
476
|
+
'CWE Name': ' Use of Hard-coded Password',
|
|
477
|
+
'NIST-ID': '',
|
|
478
|
+
Rev: 4,
|
|
479
|
+
'NIST Name': ''
|
|
480
|
+
},
|
|
481
|
+
{
|
|
482
|
+
'CWE-ID': 260,
|
|
483
|
+
'CWE Name': ' Password in Configuration File',
|
|
484
|
+
'NIST-ID': 'SC-28',
|
|
485
|
+
Rev: 4,
|
|
486
|
+
'NIST Name': 'Protection of Information at Rest'
|
|
487
|
+
},
|
|
488
|
+
{
|
|
489
|
+
'CWE-ID': 261,
|
|
490
|
+
'CWE Name': ' Weak Cryptography for Passwords',
|
|
491
|
+
'NIST-ID': 'SC-13',
|
|
492
|
+
Rev: 4,
|
|
493
|
+
'NIST Name': 'Cryptographic Protection'
|
|
494
|
+
},
|
|
495
|
+
{
|
|
496
|
+
'CWE-ID': 262,
|
|
497
|
+
'CWE Name': ' Not Using Password Aging',
|
|
498
|
+
'NIST-ID': 'IA-5',
|
|
499
|
+
Rev: 4,
|
|
500
|
+
'NIST Name': 'Authenticator Management'
|
|
501
|
+
},
|
|
502
|
+
{
|
|
503
|
+
'CWE-ID': 263,
|
|
504
|
+
'CWE Name': ' Password Aging with Long Expiration',
|
|
505
|
+
'NIST-ID': 'IA-5',
|
|
506
|
+
Rev: 4,
|
|
507
|
+
'NIST Name': 'Authenticator Management'
|
|
508
|
+
},
|
|
509
|
+
{
|
|
510
|
+
'CWE-ID': 265,
|
|
511
|
+
'CWE Name': ' Privilege / Sandbox Issues',
|
|
512
|
+
'NIST-ID': 'AC-6',
|
|
513
|
+
Rev: 4,
|
|
514
|
+
'NIST Name': 'Least Privilege'
|
|
515
|
+
},
|
|
516
|
+
{
|
|
517
|
+
'CWE-ID': 269,
|
|
518
|
+
'CWE Name': ' Improper Privilege Management',
|
|
519
|
+
'NIST-ID': 'AC-4',
|
|
520
|
+
Rev: 4,
|
|
521
|
+
'NIST Name': 'Information Flow Enforcement'
|
|
522
|
+
},
|
|
523
|
+
{
|
|
524
|
+
'CWE-ID': 272,
|
|
525
|
+
'CWE Name': ' Least Privilege Violation',
|
|
526
|
+
'NIST-ID': 'AC-6',
|
|
527
|
+
Rev: 4,
|
|
528
|
+
'NIST Name': 'Least Privilege: Privilege Levels for Code Execution -8'
|
|
529
|
+
},
|
|
530
|
+
{
|
|
531
|
+
'CWE-ID': 275,
|
|
532
|
+
'CWE Name': ' Permission Issues',
|
|
533
|
+
'NIST-ID': 'AC-3',
|
|
534
|
+
Rev: 4,
|
|
535
|
+
'NIST Name': 'Access Enforcement'
|
|
536
|
+
},
|
|
537
|
+
{
|
|
538
|
+
'CWE-ID': 284,
|
|
539
|
+
'CWE Name': ' Improper Access Control',
|
|
540
|
+
'NIST-ID': 'AC-3',
|
|
541
|
+
Rev: 4,
|
|
542
|
+
'NIST Name': 'Access Enforcement'
|
|
543
|
+
},
|
|
544
|
+
{
|
|
545
|
+
'CWE-ID': 285,
|
|
546
|
+
'CWE Name': ' Improper Authorization',
|
|
547
|
+
'NIST-ID': 'AC-3',
|
|
548
|
+
Rev: 4,
|
|
549
|
+
'NIST Name': 'Access Enforcement'
|
|
550
|
+
},
|
|
551
|
+
{
|
|
552
|
+
'CWE-ID': 288,
|
|
553
|
+
'CWE Name': ' Authentication Bypass Using an Alternate Path or Channel',
|
|
554
|
+
'NIST-ID': 'IA-8',
|
|
555
|
+
Rev: 4,
|
|
556
|
+
'NIST Name': 'Identification and Authentication (Non-Organizational Users)'
|
|
557
|
+
},
|
|
558
|
+
{
|
|
559
|
+
'CWE-ID': 297,
|
|
560
|
+
'CWE Name': ' Improper Validation of Certificate with Host Mismatch',
|
|
561
|
+
'NIST-ID': 'SC-8',
|
|
562
|
+
Rev: 4,
|
|
563
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
564
|
+
},
|
|
565
|
+
{
|
|
566
|
+
'CWE-ID': 302,
|
|
567
|
+
'CWE Name': ' Authentication Bypass by Assumed-Immutable Data',
|
|
568
|
+
'NIST-ID': 'SC-23',
|
|
569
|
+
Rev: 4,
|
|
570
|
+
'NIST Name': 'Session Authenticity'
|
|
571
|
+
},
|
|
572
|
+
{
|
|
573
|
+
'CWE-ID': 305,
|
|
574
|
+
'CWE Name': ' Authentication Bypass by Primary Weakness',
|
|
575
|
+
'NIST-ID': 'IA-8',
|
|
576
|
+
Rev: 4,
|
|
577
|
+
'NIST Name': 'Identification and Authentication (Non-Organizational Users)'
|
|
578
|
+
},
|
|
579
|
+
{
|
|
580
|
+
'CWE-ID': 306,
|
|
581
|
+
'CWE Name': ' Missing Authentication for Critical Function',
|
|
582
|
+
'NIST-ID': 'AC-3',
|
|
583
|
+
Rev: 4,
|
|
584
|
+
'NIST Name': 'Access Enforcement'
|
|
585
|
+
},
|
|
586
|
+
{
|
|
587
|
+
'CWE-ID': 307,
|
|
588
|
+
'CWE Name': ' Improper Restriction of Excessive Authentication Attempts',
|
|
589
|
+
'NIST-ID': 'AC-7',
|
|
590
|
+
Rev: 4,
|
|
591
|
+
'NIST Name': 'Unsuccessful Logon Attempts'
|
|
592
|
+
},
|
|
593
|
+
{
|
|
594
|
+
'CWE-ID': 310,
|
|
595
|
+
'CWE Name': ' Cryptographic Issues',
|
|
596
|
+
'NIST-ID': 'SC-13',
|
|
597
|
+
Rev: 4,
|
|
598
|
+
'NIST Name': 'Cryptographic Protection'
|
|
599
|
+
},
|
|
600
|
+
{
|
|
601
|
+
'CWE-ID': 311,
|
|
602
|
+
'CWE Name': ' Missing Encryption of Sensitive Data',
|
|
603
|
+
'NIST-ID': 'SC-8',
|
|
604
|
+
Rev: 4,
|
|
605
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
606
|
+
},
|
|
607
|
+
{
|
|
608
|
+
'CWE-ID': 321,
|
|
609
|
+
'CWE Name': ' Use of Hard-coded Cryptographic Key',
|
|
610
|
+
'NIST-ID': 'SC-12',
|
|
611
|
+
Rev: 4,
|
|
612
|
+
'NIST Name': 'Cryptographic Key Establishment and Management'
|
|
613
|
+
},
|
|
614
|
+
{
|
|
615
|
+
'CWE-ID': 325,
|
|
616
|
+
'CWE Name': ' Missing Required Cryptographic Step',
|
|
617
|
+
'NIST-ID': 'SC-13',
|
|
618
|
+
Rev: 4,
|
|
619
|
+
'NIST Name': 'Cryptographic Protection'
|
|
620
|
+
},
|
|
621
|
+
{
|
|
622
|
+
'CWE-ID': 326,
|
|
623
|
+
'CWE Name': ' Inadequate Encryption Strength',
|
|
624
|
+
'NIST-ID': 'SC-12',
|
|
625
|
+
Rev: 4,
|
|
626
|
+
'NIST Name': 'Cryptographic Key Establishment and Management'
|
|
627
|
+
},
|
|
628
|
+
{
|
|
629
|
+
'CWE-ID': 327,
|
|
630
|
+
'CWE Name': ' Use of a Broken or Risky Cryptographic Algorithm',
|
|
631
|
+
'NIST-ID': 'SC-13',
|
|
632
|
+
Rev: 4,
|
|
633
|
+
'NIST Name': 'Cryptographic Protection'
|
|
634
|
+
},
|
|
635
|
+
{
|
|
636
|
+
'CWE-ID': 328,
|
|
637
|
+
'CWE Name': ' Reversible One-Way Hash',
|
|
638
|
+
'NIST-ID': 'SC-13',
|
|
639
|
+
Rev: 4,
|
|
640
|
+
'NIST Name': 'Cryptographic Protection'
|
|
641
|
+
},
|
|
642
|
+
{
|
|
643
|
+
'CWE-ID': 329,
|
|
644
|
+
'CWE Name': ' Not Using a Random IV with CBC Mode',
|
|
645
|
+
'NIST-ID': 'SC-12',
|
|
646
|
+
Rev: 4,
|
|
647
|
+
'NIST Name': 'Cryptographic Key Establishment and Management'
|
|
648
|
+
},
|
|
649
|
+
{
|
|
650
|
+
'CWE-ID': 330,
|
|
651
|
+
'CWE Name': ' Use of Insufficiently Random Values',
|
|
652
|
+
'NIST-ID': 'SC-13',
|
|
653
|
+
Rev: 4,
|
|
654
|
+
'NIST Name': 'Cryptographic Protection'
|
|
655
|
+
},
|
|
656
|
+
{
|
|
657
|
+
'CWE-ID': 331,
|
|
658
|
+
'CWE Name': ' Insufficient Entropy',
|
|
659
|
+
'NIST-ID': 'SC-13',
|
|
660
|
+
Rev: 4,
|
|
661
|
+
'NIST Name': 'Cryptographic Protection'
|
|
662
|
+
},
|
|
663
|
+
{
|
|
664
|
+
'CWE-ID': 335,
|
|
665
|
+
'CWE Name': ' PRNG Seed Error',
|
|
666
|
+
'NIST-ID': 'SC-13',
|
|
667
|
+
Rev: 4,
|
|
668
|
+
'NIST Name': 'Cryptographic Protection'
|
|
669
|
+
},
|
|
670
|
+
{
|
|
671
|
+
'CWE-ID': 336,
|
|
672
|
+
'CWE Name': ' Same Seed in PRNG',
|
|
673
|
+
'NIST-ID': 'SC-13',
|
|
674
|
+
Rev: 4,
|
|
675
|
+
'NIST Name': 'Cryptographic Protection'
|
|
676
|
+
},
|
|
677
|
+
{
|
|
678
|
+
'CWE-ID': 338,
|
|
679
|
+
'CWE Name': ' Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)',
|
|
680
|
+
'NIST-ID': 'SC-13',
|
|
681
|
+
Rev: 4,
|
|
682
|
+
'NIST Name': 'Cryptographic Protection'
|
|
683
|
+
},
|
|
684
|
+
{
|
|
685
|
+
'CWE-ID': 345,
|
|
686
|
+
'CWE Name': ' Insufficient Verification of Data Authenticity',
|
|
687
|
+
'NIST-ID': 'SC-8',
|
|
688
|
+
Rev: 4,
|
|
689
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
690
|
+
},
|
|
691
|
+
{
|
|
692
|
+
'CWE-ID': 350,
|
|
693
|
+
'CWE Name': ' Reliance on Reverse DNS Resolution for a Security-Critical Function',
|
|
694
|
+
'NIST-ID': 'SI-10',
|
|
695
|
+
Rev: 4,
|
|
696
|
+
'NIST Name': 'Information Input Validation'
|
|
697
|
+
},
|
|
698
|
+
{
|
|
699
|
+
'CWE-ID': 352,
|
|
700
|
+
'CWE Name': ' Cross-Site Request Forgery (CSRF)',
|
|
701
|
+
'NIST-ID': 'AC-3',
|
|
702
|
+
Rev: 4,
|
|
703
|
+
'NIST Name': 'Access Enforcement'
|
|
704
|
+
},
|
|
705
|
+
{
|
|
706
|
+
'CWE-ID': 358,
|
|
707
|
+
'CWE Name': ' Improperly Implemented Security Check for Standard',
|
|
708
|
+
'NIST-ID': 'AC-3',
|
|
709
|
+
Rev: 4,
|
|
710
|
+
'NIST Name': 'Access Enforcement'
|
|
711
|
+
},
|
|
712
|
+
{
|
|
713
|
+
'CWE-ID': 359,
|
|
714
|
+
'CWE Name': " Exposure of Private Information ('Privacy Violation')",
|
|
715
|
+
'NIST-ID': 'SC-28',
|
|
716
|
+
Rev: 4,
|
|
717
|
+
'NIST Name': 'Protection of Information at Rest'
|
|
718
|
+
},
|
|
719
|
+
{
|
|
720
|
+
'CWE-ID': 362,
|
|
721
|
+
'CWE Name': " Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')",
|
|
722
|
+
'NIST-ID': 'SC-4',
|
|
723
|
+
Rev: 4,
|
|
724
|
+
'NIST Name': 'Information in Shared Resources'
|
|
725
|
+
},
|
|
726
|
+
{
|
|
727
|
+
'CWE-ID': 364,
|
|
728
|
+
'CWE Name': ' Signal Handler Race Condition',
|
|
729
|
+
'NIST-ID': '',
|
|
730
|
+
Rev: 4,
|
|
731
|
+
'NIST Name': ''
|
|
732
|
+
},
|
|
733
|
+
{
|
|
734
|
+
'CWE-ID': 369,
|
|
735
|
+
'CWE Name': ' Divide by Zero',
|
|
736
|
+
'NIST-ID': '',
|
|
737
|
+
Rev: 4,
|
|
738
|
+
'NIST Name': ''
|
|
739
|
+
},
|
|
740
|
+
{
|
|
741
|
+
'CWE-ID': 377,
|
|
742
|
+
'CWE Name': ' Insecure Temporary File',
|
|
743
|
+
'NIST-ID': 'SC-4',
|
|
744
|
+
Rev: 4,
|
|
745
|
+
'NIST Name': 'Information in Shared Resources (P1)'
|
|
746
|
+
},
|
|
747
|
+
{
|
|
748
|
+
'CWE-ID': 382,
|
|
749
|
+
'CWE Name': ' J2EE Bad Practices: Use of System.exit()',
|
|
750
|
+
'NIST-ID': '',
|
|
751
|
+
Rev: 4,
|
|
752
|
+
'NIST Name': ''
|
|
753
|
+
},
|
|
754
|
+
{
|
|
755
|
+
'CWE-ID': 383,
|
|
756
|
+
'CWE Name': ' J2EE Bad Practices: Direct Use of Threads',
|
|
757
|
+
'NIST-ID': '',
|
|
758
|
+
Rev: 4,
|
|
759
|
+
'NIST Name': ''
|
|
760
|
+
},
|
|
761
|
+
{
|
|
762
|
+
'CWE-ID': 384,
|
|
763
|
+
'CWE Name': ' Session Fixation',
|
|
764
|
+
'NIST-ID': 'SC-23',
|
|
765
|
+
Rev: 4,
|
|
766
|
+
'NIST Name': 'Session Authenticity'
|
|
767
|
+
},
|
|
768
|
+
{
|
|
769
|
+
'CWE-ID': 388,
|
|
770
|
+
'CWE Name': ' Error Handling',
|
|
771
|
+
'NIST-ID': 'SI-11',
|
|
772
|
+
Rev: 4,
|
|
773
|
+
'NIST Name': 'Error Handling'
|
|
774
|
+
},
|
|
775
|
+
{
|
|
776
|
+
'CWE-ID': 391,
|
|
777
|
+
'CWE Name': ' Unchecked Error Condition',
|
|
778
|
+
'NIST-ID': 'SI-11',
|
|
779
|
+
Rev: 4,
|
|
780
|
+
'NIST Name': 'Error Handling'
|
|
781
|
+
},
|
|
782
|
+
{
|
|
783
|
+
'CWE-ID': 395,
|
|
784
|
+
'CWE Name': ' Use of NullPointerException Catch to Detect NULL Pointer Dereference',
|
|
785
|
+
'NIST-ID': 'SI-11',
|
|
786
|
+
Rev: 4,
|
|
787
|
+
'NIST Name': 'Error Handling'
|
|
788
|
+
},
|
|
789
|
+
{
|
|
790
|
+
'CWE-ID': 396,
|
|
791
|
+
'CWE Name': ' Declaration of Catch for Generic Exception',
|
|
792
|
+
'NIST-ID': 'SI-11',
|
|
793
|
+
Rev: 4,
|
|
794
|
+
'NIST Name': 'Error Handling'
|
|
795
|
+
},
|
|
796
|
+
{
|
|
797
|
+
'CWE-ID': 397,
|
|
798
|
+
'CWE Name': ' Declaration of Throws for Generic Exception',
|
|
799
|
+
'NIST-ID': 'SI-11',
|
|
800
|
+
Rev: 4,
|
|
801
|
+
'NIST Name': 'Error Handling'
|
|
802
|
+
},
|
|
803
|
+
{
|
|
804
|
+
'CWE-ID': 398,
|
|
805
|
+
'CWE Name': ' Indicator of Poor Code Quality',
|
|
806
|
+
'NIST-ID': '',
|
|
807
|
+
Rev: 4,
|
|
808
|
+
'NIST Name': ''
|
|
809
|
+
},
|
|
810
|
+
{
|
|
811
|
+
'CWE-ID': 400,
|
|
812
|
+
'CWE Name': " Uncontrolled Resource Consumption ('Resource Exhaustion')",
|
|
813
|
+
'NIST-ID': 'SI-10',
|
|
814
|
+
Rev: 4,
|
|
815
|
+
'NIST Name': 'Information Input Validation'
|
|
816
|
+
},
|
|
817
|
+
{
|
|
818
|
+
'CWE-ID': 401,
|
|
819
|
+
'CWE Name': ' Improper Release of Memory Before Removing Last Reference',
|
|
820
|
+
'NIST-ID': '',
|
|
821
|
+
Rev: 4,
|
|
822
|
+
'NIST Name': ''
|
|
823
|
+
},
|
|
824
|
+
{
|
|
825
|
+
'CWE-ID': 404,
|
|
826
|
+
'CWE Name': ' Improper Resource Shutdown or Release',
|
|
827
|
+
'NIST-ID': '',
|
|
828
|
+
Rev: 4,
|
|
829
|
+
'NIST Name': ''
|
|
830
|
+
},
|
|
831
|
+
{
|
|
832
|
+
'CWE-ID': 415,
|
|
833
|
+
'CWE Name': ' Double Free',
|
|
834
|
+
'NIST-ID': '',
|
|
835
|
+
Rev: 4,
|
|
836
|
+
'NIST Name': ''
|
|
837
|
+
},
|
|
838
|
+
{
|
|
839
|
+
'CWE-ID': 416,
|
|
840
|
+
'CWE Name': ' Use after Free',
|
|
841
|
+
'NIST-ID': 'SC-4',
|
|
842
|
+
Rev: 4,
|
|
843
|
+
'NIST Name': 'Information in Shared Resources'
|
|
844
|
+
},
|
|
845
|
+
{
|
|
846
|
+
'CWE-ID': 434,
|
|
847
|
+
'CWE Name': ' Unrestricted Upload of File with Dangerous Type',
|
|
848
|
+
'NIST-ID': 'AC-6',
|
|
849
|
+
Rev: 4,
|
|
850
|
+
'NIST Name': 'Least Privilege: Privilege Levels for Code Execution'
|
|
851
|
+
},
|
|
852
|
+
{
|
|
853
|
+
'CWE-ID': 444,
|
|
854
|
+
'CWE Name': " Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')",
|
|
855
|
+
'NIST-ID': 'SI-10',
|
|
856
|
+
Rev: 4,
|
|
857
|
+
'NIST Name': 'Information Input Validation'
|
|
858
|
+
},
|
|
859
|
+
{
|
|
860
|
+
'CWE-ID': 457,
|
|
861
|
+
'CWE Name': ' Use of Uninitialized Variable',
|
|
862
|
+
'NIST-ID': '',
|
|
863
|
+
Rev: 4,
|
|
864
|
+
'NIST Name': ''
|
|
865
|
+
},
|
|
866
|
+
{
|
|
867
|
+
'CWE-ID': 466,
|
|
868
|
+
'CWE Name': ' Return of Pointer Value Outside of Expected Range',
|
|
869
|
+
'NIST-ID': '',
|
|
870
|
+
Rev: 4,
|
|
871
|
+
'NIST Name': ''
|
|
872
|
+
},
|
|
873
|
+
{
|
|
874
|
+
'CWE-ID': 470,
|
|
875
|
+
'CWE Name': " Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')",
|
|
876
|
+
'NIST-ID': 'SI-10',
|
|
877
|
+
Rev: 4,
|
|
878
|
+
'NIST Name': 'Information Input Validation'
|
|
879
|
+
},
|
|
880
|
+
{
|
|
881
|
+
'CWE-ID': 471,
|
|
882
|
+
'CWE Name': ' Modification of Assumed-Immutable DATA (MAID)',
|
|
883
|
+
'NIST-ID': 'AC-3',
|
|
884
|
+
Rev: 4,
|
|
885
|
+
'NIST Name': 'Access Enforcement'
|
|
886
|
+
},
|
|
887
|
+
{
|
|
888
|
+
'CWE-ID': 474,
|
|
889
|
+
'CWE Name': ' Use of Function with Inconsistent Implementations',
|
|
890
|
+
'NIST-ID': '',
|
|
891
|
+
Rev: 4,
|
|
892
|
+
'NIST Name': ''
|
|
893
|
+
},
|
|
894
|
+
{
|
|
895
|
+
'CWE-ID': 475,
|
|
896
|
+
'CWE Name': ' Undefined Behavior for Input to API',
|
|
897
|
+
'NIST-ID': '',
|
|
898
|
+
Rev: 4,
|
|
899
|
+
'NIST Name': ''
|
|
900
|
+
},
|
|
901
|
+
{
|
|
902
|
+
'CWE-ID': 476,
|
|
903
|
+
'CWE Name': ' NULL Pointer Dereference',
|
|
904
|
+
'NIST-ID': 'SI-10',
|
|
905
|
+
Rev: 4,
|
|
906
|
+
'NIST Name': 'Information Input Validation'
|
|
907
|
+
},
|
|
908
|
+
{
|
|
909
|
+
'CWE-ID': 477,
|
|
910
|
+
'CWE Name': ' Use of Obsolete Functions',
|
|
911
|
+
'NIST-ID': '',
|
|
912
|
+
Rev: 4,
|
|
913
|
+
'NIST Name': ''
|
|
914
|
+
},
|
|
915
|
+
{
|
|
916
|
+
'CWE-ID': 478,
|
|
917
|
+
'CWE Name': ' Missing Default Case in Switch Statement',
|
|
918
|
+
'NIST-ID': '',
|
|
919
|
+
Rev: 4,
|
|
920
|
+
'NIST Name': ''
|
|
921
|
+
},
|
|
922
|
+
{
|
|
923
|
+
'CWE-ID': 492,
|
|
924
|
+
'CWE Name': ' Use of Inner Class Containing Sensitive Data',
|
|
925
|
+
'NIST-ID': 'AC-3',
|
|
926
|
+
Rev: 4,
|
|
927
|
+
'NIST Name': 'Access Enforcement'
|
|
928
|
+
},
|
|
929
|
+
{
|
|
930
|
+
'CWE-ID': 493,
|
|
931
|
+
'CWE Name': ' Critical Public Variable Without Final Modifier',
|
|
932
|
+
'NIST-ID': 'SI-11',
|
|
933
|
+
Rev: 4,
|
|
934
|
+
'NIST Name': 'Error Handling'
|
|
935
|
+
},
|
|
936
|
+
{
|
|
937
|
+
'CWE-ID': 494,
|
|
938
|
+
'CWE Name': ' Download of Code Without Integrity Check',
|
|
939
|
+
'NIST-ID': 'SI-10',
|
|
940
|
+
Rev: 4,
|
|
941
|
+
'NIST Name': 'Information Input Validation'
|
|
942
|
+
},
|
|
943
|
+
{
|
|
944
|
+
'CWE-ID': 495,
|
|
945
|
+
'CWE Name': ' Private Array-Typed Field Returned From A Public Method',
|
|
946
|
+
'NIST-ID': 'AC-3',
|
|
947
|
+
Rev: 4,
|
|
948
|
+
'NIST Name': 'Access Enforcement'
|
|
949
|
+
},
|
|
950
|
+
{
|
|
951
|
+
'CWE-ID': 497,
|
|
952
|
+
'CWE Name': ' Exposure of System Data to an Unauthorized Control Sphere',
|
|
953
|
+
'NIST-ID': 'SI-11',
|
|
954
|
+
Rev: 4,
|
|
955
|
+
'NIST Name': 'Error Handling'
|
|
956
|
+
},
|
|
957
|
+
{
|
|
958
|
+
'CWE-ID': 501,
|
|
959
|
+
'CWE Name': ' Trust Boundary Violation',
|
|
960
|
+
'NIST-ID': 'SI-10',
|
|
961
|
+
Rev: 4,
|
|
962
|
+
'NIST Name': 'Information Input Validation'
|
|
963
|
+
},
|
|
964
|
+
{
|
|
965
|
+
'CWE-ID': 502,
|
|
966
|
+
'CWE Name': ' Deserialization of Untrusted Data',
|
|
967
|
+
'NIST-ID': 'SI-10',
|
|
968
|
+
Rev: 4,
|
|
969
|
+
'NIST Name': 'Information Input Validation '
|
|
970
|
+
},
|
|
971
|
+
{
|
|
972
|
+
'CWE-ID': 521,
|
|
973
|
+
'CWE Name': ' Weak Password Requirements',
|
|
974
|
+
'NIST-ID': 'IA-5',
|
|
975
|
+
Rev: 4,
|
|
976
|
+
'NIST Name': 'Authenticator Management : -1 Password-based Authentication'
|
|
977
|
+
},
|
|
978
|
+
{
|
|
979
|
+
'CWE-ID': 522,
|
|
980
|
+
'CWE Name': ' Insufficiently Protected Credentials',
|
|
981
|
+
'NIST-ID': 'SC-8',
|
|
982
|
+
Rev: 4,
|
|
983
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
984
|
+
},
|
|
985
|
+
{
|
|
986
|
+
'CWE-ID': 539,
|
|
987
|
+
'CWE Name': ' Information Exposure Through Persistent Cookies',
|
|
988
|
+
'NIST-ID': 'SC-23',
|
|
989
|
+
Rev: 4,
|
|
990
|
+
'NIST Name': 'Session Authenticity'
|
|
991
|
+
},
|
|
992
|
+
{
|
|
993
|
+
'CWE-ID': 546,
|
|
994
|
+
'CWE Name': ' Suspicious Comment',
|
|
995
|
+
'NIST-ID': '',
|
|
996
|
+
Rev: 4,
|
|
997
|
+
'NIST Name': ''
|
|
998
|
+
},
|
|
999
|
+
{
|
|
1000
|
+
'CWE-ID': 557,
|
|
1001
|
+
'CWE Name': ' Concurrency Issues',
|
|
1002
|
+
'NIST-ID': '',
|
|
1003
|
+
Rev: 4,
|
|
1004
|
+
'NIST Name': ''
|
|
1005
|
+
},
|
|
1006
|
+
{
|
|
1007
|
+
'CWE-ID': 560,
|
|
1008
|
+
'CWE Name': ' Use of umask() with chmod-style Argument',
|
|
1009
|
+
'NIST-ID': '',
|
|
1010
|
+
Rev: 4,
|
|
1011
|
+
'NIST Name': ''
|
|
1012
|
+
},
|
|
1013
|
+
{
|
|
1014
|
+
'CWE-ID': 561,
|
|
1015
|
+
'CWE Name': ' Dead Code',
|
|
1016
|
+
'NIST-ID': '',
|
|
1017
|
+
Rev: 4,
|
|
1018
|
+
'NIST Name': ''
|
|
1019
|
+
},
|
|
1020
|
+
{
|
|
1021
|
+
'CWE-ID': 562,
|
|
1022
|
+
'CWE Name': ' Return of Stack Variable Address',
|
|
1023
|
+
'NIST-ID': '',
|
|
1024
|
+
Rev: 4,
|
|
1025
|
+
'NIST Name': ''
|
|
1026
|
+
},
|
|
1027
|
+
{
|
|
1028
|
+
'CWE-ID': 563,
|
|
1029
|
+
'CWE Name': ' Assigntment to Variable without Use',
|
|
1030
|
+
'NIST-ID': '',
|
|
1031
|
+
Rev: 4,
|
|
1032
|
+
'NIST Name': ''
|
|
1033
|
+
},
|
|
1034
|
+
{
|
|
1035
|
+
'CWE-ID': 564,
|
|
1036
|
+
'CWE Name': ' SQL Injection: Hibernate',
|
|
1037
|
+
'NIST-ID': 'SI-10',
|
|
1038
|
+
Rev: 4,
|
|
1039
|
+
'NIST Name': 'Information Input Validation'
|
|
1040
|
+
},
|
|
1041
|
+
{
|
|
1042
|
+
'CWE-ID': 566,
|
|
1043
|
+
'CWE Name': ' Authorization Bypass Through User-Controlled SQL Primary Key',
|
|
1044
|
+
'NIST-ID': 'AC-3',
|
|
1045
|
+
Rev: 4,
|
|
1046
|
+
'NIST Name': 'Access Enforcement'
|
|
1047
|
+
},
|
|
1048
|
+
{
|
|
1049
|
+
'CWE-ID': 568,
|
|
1050
|
+
'CWE Name': ' finalize() Method without super.finalize()',
|
|
1051
|
+
'NIST-ID': '',
|
|
1052
|
+
Rev: 4,
|
|
1053
|
+
'NIST Name': ''
|
|
1054
|
+
},
|
|
1055
|
+
{
|
|
1056
|
+
'CWE-ID': 574,
|
|
1057
|
+
'CWE Name': ' EJB Bad Practices: Use of Synchronization Primitives',
|
|
1058
|
+
'NIST-ID': '',
|
|
1059
|
+
Rev: 4,
|
|
1060
|
+
'NIST Name': ''
|
|
1061
|
+
},
|
|
1062
|
+
{
|
|
1063
|
+
'CWE-ID': 575,
|
|
1064
|
+
'CWE Name': ' EJB Bad Practices: Use of AWT Swing',
|
|
1065
|
+
'NIST-ID': '',
|
|
1066
|
+
Rev: 4,
|
|
1067
|
+
'NIST Name': ''
|
|
1068
|
+
},
|
|
1069
|
+
{
|
|
1070
|
+
'CWE-ID': 576,
|
|
1071
|
+
'CWE Name': ' EJB Bad Practices: Use of java I/O',
|
|
1072
|
+
'NIST-ID': '',
|
|
1073
|
+
Rev: 4,
|
|
1074
|
+
'NIST Name': ''
|
|
1075
|
+
},
|
|
1076
|
+
{
|
|
1077
|
+
'CWE-ID': 577,
|
|
1078
|
+
'CWE Name': ' EJB Bad Practices: Use of Sockets',
|
|
1079
|
+
'NIST-ID': '',
|
|
1080
|
+
Rev: 4,
|
|
1081
|
+
'NIST Name': ''
|
|
1082
|
+
},
|
|
1083
|
+
{
|
|
1084
|
+
'CWE-ID': 578,
|
|
1085
|
+
'CWE Name': ' EJB Bad Practices: Use of Class Loader',
|
|
1086
|
+
'NIST-ID': '',
|
|
1087
|
+
Rev: 4,
|
|
1088
|
+
'NIST Name': ''
|
|
1089
|
+
},
|
|
1090
|
+
{
|
|
1091
|
+
'CWE-ID': 579,
|
|
1092
|
+
'CWE Name': ' J2EE Bad Practices: Non-serializable Object Stored in Session',
|
|
1093
|
+
'NIST-ID': '',
|
|
1094
|
+
Rev: 4,
|
|
1095
|
+
'NIST Name': ''
|
|
1096
|
+
},
|
|
1097
|
+
{
|
|
1098
|
+
'CWE-ID': 580,
|
|
1099
|
+
'CWE Name': ' clone() Method Without super.clone()',
|
|
1100
|
+
'NIST-ID': '',
|
|
1101
|
+
Rev: 4,
|
|
1102
|
+
'NIST Name': ''
|
|
1103
|
+
},
|
|
1104
|
+
{
|
|
1105
|
+
'CWE-ID': 581,
|
|
1106
|
+
'CWE Name': ' Object Model Violation: Just One of Equals and Hashcode Defined',
|
|
1107
|
+
'NIST-ID': '',
|
|
1108
|
+
Rev: 4,
|
|
1109
|
+
'NIST Name': ''
|
|
1110
|
+
},
|
|
1111
|
+
{
|
|
1112
|
+
'CWE-ID': 582,
|
|
1113
|
+
'CWE Name': ' Array Declared Public',
|
|
1114
|
+
'NIST-ID': 'AC-3',
|
|
1115
|
+
Rev: 4,
|
|
1116
|
+
'NIST Name': 'Access Enforcement'
|
|
1117
|
+
},
|
|
1118
|
+
{
|
|
1119
|
+
'CWE-ID': 583,
|
|
1120
|
+
'CWE Name': ' finalize() Method Declared Public',
|
|
1121
|
+
'NIST-ID': 'AC-3',
|
|
1122
|
+
Rev: 4,
|
|
1123
|
+
'NIST Name': 'Access Enforcement'
|
|
1124
|
+
},
|
|
1125
|
+
{
|
|
1126
|
+
'CWE-ID': 584,
|
|
1127
|
+
'CWE Name': ' Return Inside Finally Block',
|
|
1128
|
+
'NIST-ID': 'SI-11',
|
|
1129
|
+
Rev: 4,
|
|
1130
|
+
'NIST Name': 'Error Handling'
|
|
1131
|
+
},
|
|
1132
|
+
{
|
|
1133
|
+
'CWE-ID': 586,
|
|
1134
|
+
'CWE Name': ' Explicit Call to Finalize()',
|
|
1135
|
+
'NIST-ID': '',
|
|
1136
|
+
Rev: 4,
|
|
1137
|
+
'NIST Name': ''
|
|
1138
|
+
},
|
|
1139
|
+
{
|
|
1140
|
+
'CWE-ID': 590,
|
|
1141
|
+
'CWE Name': ' Free of Memory not on the Heap',
|
|
1142
|
+
'NIST-ID': '',
|
|
1143
|
+
Rev: 4,
|
|
1144
|
+
'NIST Name': ''
|
|
1145
|
+
},
|
|
1146
|
+
{
|
|
1147
|
+
'CWE-ID': 591,
|
|
1148
|
+
'CWE Name': ' Sensitive Data Storage in Improperly Locked Memory',
|
|
1149
|
+
'NIST-ID': 'SC-4',
|
|
1150
|
+
Rev: 4,
|
|
1151
|
+
'NIST Name': 'Information in Shared Resources'
|
|
1152
|
+
},
|
|
1153
|
+
{
|
|
1154
|
+
'CWE-ID': 601,
|
|
1155
|
+
'CWE Name': " URL Redirection to Untrusted Site ('Open Redirect')",
|
|
1156
|
+
'NIST-ID': 'SI-10',
|
|
1157
|
+
Rev: 4,
|
|
1158
|
+
'NIST Name': 'Information Input Validation'
|
|
1159
|
+
},
|
|
1160
|
+
{
|
|
1161
|
+
'CWE-ID': 607,
|
|
1162
|
+
'CWE Name': ' Public Static Final Field References Mutable Object',
|
|
1163
|
+
'NIST-ID': '',
|
|
1164
|
+
Rev: 4,
|
|
1165
|
+
'NIST Name': ''
|
|
1166
|
+
},
|
|
1167
|
+
{
|
|
1168
|
+
'CWE-ID': 609,
|
|
1169
|
+
'CWE Name': ' Double-Checked Locking',
|
|
1170
|
+
'NIST-ID': '',
|
|
1171
|
+
Rev: 4,
|
|
1172
|
+
'NIST Name': ''
|
|
1173
|
+
},
|
|
1174
|
+
{
|
|
1175
|
+
'CWE-ID': 611,
|
|
1176
|
+
'CWE Name': " Improper Restriction of XML External Entity Reference ('XXE')",
|
|
1177
|
+
'NIST-ID': 'SI-10',
|
|
1178
|
+
Rev: 4,
|
|
1179
|
+
'NIST Name': 'Information Input Validation'
|
|
1180
|
+
},
|
|
1181
|
+
{
|
|
1182
|
+
'CWE-ID': 613,
|
|
1183
|
+
'CWE Name': ' Insufficient Session Expiration',
|
|
1184
|
+
'NIST-ID': 'AC-12',
|
|
1185
|
+
Rev: 4,
|
|
1186
|
+
'NIST Name': 'Session Termination'
|
|
1187
|
+
},
|
|
1188
|
+
{
|
|
1189
|
+
'CWE-ID': 614,
|
|
1190
|
+
'CWE Name': " Sensitive Cookie in HTTPS Session Without 'Secure' Attribute",
|
|
1191
|
+
'NIST-ID': 'SC-8',
|
|
1192
|
+
Rev: 4,
|
|
1193
|
+
'NIST Name': 'Transmission Confidentiality and Integrity'
|
|
1194
|
+
},
|
|
1195
|
+
{
|
|
1196
|
+
'CWE-ID': 615,
|
|
1197
|
+
'CWE Name': ' Information Exposure Through Comments',
|
|
1198
|
+
'NIST-ID': 'AC-3',
|
|
1199
|
+
Rev: 4,
|
|
1200
|
+
'NIST Name': 'Access Enforcement : -5 Security-Relevant Information'
|
|
1201
|
+
},
|
|
1202
|
+
{
|
|
1203
|
+
'CWE-ID': 639,
|
|
1204
|
+
'CWE Name': ' Authorization Bypass Through User-Controlled Key',
|
|
1205
|
+
'NIST-ID': 'AC-3',
|
|
1206
|
+
Rev: 4,
|
|
1207
|
+
'NIST Name': 'Access Enforcement'
|
|
1208
|
+
},
|
|
1209
|
+
{
|
|
1210
|
+
'CWE-ID': 642,
|
|
1211
|
+
'CWE Name': ' External Control of Critical State Data',
|
|
1212
|
+
'NIST-ID': '',
|
|
1213
|
+
Rev: 4,
|
|
1214
|
+
'NIST Name': ''
|
|
1215
|
+
},
|
|
1216
|
+
{
|
|
1217
|
+
'CWE-ID': 643,
|
|
1218
|
+
'CWE Name': " Improper Neutralization of Data within XPath Expressions ('XPath Injection')",
|
|
1219
|
+
'NIST-ID': 'SI-10',
|
|
1220
|
+
Rev: 4,
|
|
1221
|
+
'NIST Name': 'Information Input Validation'
|
|
1222
|
+
},
|
|
1223
|
+
{
|
|
1224
|
+
'CWE-ID': 651,
|
|
1225
|
+
'CWE Name': ' Information Exposure Through WSDL File',
|
|
1226
|
+
'NIST-ID': '',
|
|
1227
|
+
Rev: 4,
|
|
1228
|
+
'NIST Name': ''
|
|
1229
|
+
},
|
|
1230
|
+
{
|
|
1231
|
+
'CWE-ID': 652,
|
|
1232
|
+
'CWE Name': " Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')",
|
|
1233
|
+
'NIST-ID': 'SI-10',
|
|
1234
|
+
Rev: 4,
|
|
1235
|
+
'NIST Name': 'Information Input Validation'
|
|
1236
|
+
},
|
|
1237
|
+
{
|
|
1238
|
+
'CWE-ID': 662,
|
|
1239
|
+
'CWE Name': ' Improper Synchonization',
|
|
1240
|
+
'NIST-ID': '',
|
|
1241
|
+
Rev: 4,
|
|
1242
|
+
'NIST Name': ''
|
|
1243
|
+
},
|
|
1244
|
+
{
|
|
1245
|
+
'CWE-ID': 667,
|
|
1246
|
+
'CWE Name': ' Improper Locking',
|
|
1247
|
+
'NIST-ID': '',
|
|
1248
|
+
Rev: 4,
|
|
1249
|
+
'NIST Name': ''
|
|
1250
|
+
},
|
|
1251
|
+
{
|
|
1252
|
+
'CWE-ID': 676,
|
|
1253
|
+
'CWE Name': ' Use of Potentially Dangerous Function',
|
|
1254
|
+
'NIST-ID': '',
|
|
1255
|
+
Rev: 4,
|
|
1256
|
+
'NIST Name': ''
|
|
1257
|
+
},
|
|
1258
|
+
{
|
|
1259
|
+
'CWE-ID': 690,
|
|
1260
|
+
'CWE Name': ' Unchecked Return Value to NULL Pointer Dereference',
|
|
1261
|
+
'NIST-ID': '',
|
|
1262
|
+
Rev: 4,
|
|
1263
|
+
'NIST Name': ''
|
|
1264
|
+
},
|
|
1265
|
+
{
|
|
1266
|
+
'CWE-ID': 691,
|
|
1267
|
+
'CWE Name': ' Insufficient Control Flow Management',
|
|
1268
|
+
'NIST-ID': 'SI-11',
|
|
1269
|
+
Rev: 4,
|
|
1270
|
+
'NIST Name': 'Error Handling'
|
|
1271
|
+
},
|
|
1272
|
+
{
|
|
1273
|
+
'CWE-ID': 693,
|
|
1274
|
+
'CWE Name': ' Protection Mechanism Failure',
|
|
1275
|
+
'NIST-ID': 'IA-5',
|
|
1276
|
+
Rev: 4,
|
|
1277
|
+
'NIST Name': 'Authenticator Management'
|
|
1278
|
+
},
|
|
1279
|
+
{
|
|
1280
|
+
'CWE-ID': 694,
|
|
1281
|
+
'CWE Name': ' Use of Multiple Resources with Duplicate Identifier',
|
|
1282
|
+
'NIST-ID': '',
|
|
1283
|
+
Rev: 4,
|
|
1284
|
+
'NIST Name': ''
|
|
1285
|
+
},
|
|
1286
|
+
{
|
|
1287
|
+
'CWE-ID': 732,
|
|
1288
|
+
'CWE Name': ' Incorrect Permission Assignment for Critical Resource',
|
|
1289
|
+
'NIST-ID': 'AC-3',
|
|
1290
|
+
Rev: 4,
|
|
1291
|
+
'NIST Name': 'Access Enforcement'
|
|
1292
|
+
},
|
|
1293
|
+
{
|
|
1294
|
+
'CWE-ID': 733,
|
|
1295
|
+
'CWE Name': ' Compiler Optimization Removal or Modification of Security-critical Code',
|
|
1296
|
+
'NIST-ID': '',
|
|
1297
|
+
Rev: 4,
|
|
1298
|
+
'NIST Name': ''
|
|
1299
|
+
},
|
|
1300
|
+
{
|
|
1301
|
+
'CWE-ID': 759,
|
|
1302
|
+
'CWE Name': ' Use of a One-Way Hash without a Salt',
|
|
1303
|
+
'NIST-ID': 'SC-13',
|
|
1304
|
+
Rev: 4,
|
|
1305
|
+
'NIST Name': 'Cryptographic Protection'
|
|
1306
|
+
},
|
|
1307
|
+
{
|
|
1308
|
+
'CWE-ID': 760,
|
|
1309
|
+
'CWE Name': ' Use of a One-Way Hash with a Predictable Salt',
|
|
1310
|
+
'NIST-ID': 'SC-13',
|
|
1311
|
+
Rev: 4,
|
|
1312
|
+
'NIST Name': 'Cryptographic Protection'
|
|
1313
|
+
},
|
|
1314
|
+
{
|
|
1315
|
+
'CWE-ID': 776,
|
|
1316
|
+
'CWE Name': " Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')",
|
|
1317
|
+
'NIST-ID': '',
|
|
1318
|
+
Rev: 4,
|
|
1319
|
+
'NIST Name': ''
|
|
1320
|
+
},
|
|
1321
|
+
{
|
|
1322
|
+
'CWE-ID': 780,
|
|
1323
|
+
'CWE Name': ' Use of RSA Algorithm without OAEP',
|
|
1324
|
+
'NIST-ID': 'SC-13',
|
|
1325
|
+
Rev: 4,
|
|
1326
|
+
'NIST Name': 'Cryptographic Protection'
|
|
1327
|
+
},
|
|
1328
|
+
{
|
|
1329
|
+
'CWE-ID': 785,
|
|
1330
|
+
'CWE Name': ' Use of Path Manipulation Function without Maximum-sized Buffer',
|
|
1331
|
+
'NIST-ID': 'SI-10',
|
|
1332
|
+
Rev: 4,
|
|
1333
|
+
'NIST Name': 'Information Input Validation'
|
|
1334
|
+
},
|
|
1335
|
+
{
|
|
1336
|
+
'CWE-ID': 787,
|
|
1337
|
+
'CWE Name': ' Out-of-bounds Write',
|
|
1338
|
+
'NIST-ID': 'SI-10',
|
|
1339
|
+
Rev: 4,
|
|
1340
|
+
'NIST Name': 'Information Input Validation'
|
|
1341
|
+
},
|
|
1342
|
+
{
|
|
1343
|
+
'CWE-ID': 798,
|
|
1344
|
+
'CWE Name': ' Use of Hard-coded Credentials',
|
|
1345
|
+
'NIST-ID': '',
|
|
1346
|
+
Rev: 4,
|
|
1347
|
+
'NIST Name': ''
|
|
1348
|
+
},
|
|
1349
|
+
{
|
|
1350
|
+
'CWE-ID': 805,
|
|
1351
|
+
'CWE Name': ' Buffer Access with Incorrect Length Value',
|
|
1352
|
+
'NIST-ID': 'SI-10',
|
|
1353
|
+
Rev: 4,
|
|
1354
|
+
'NIST Name': 'Information Input Validation'
|
|
1355
|
+
},
|
|
1356
|
+
{
|
|
1357
|
+
'CWE-ID': 807,
|
|
1358
|
+
'CWE Name': ' Reliance on Untrusted Inputs in a Security Decision',
|
|
1359
|
+
'NIST-ID': 'SC-23',
|
|
1360
|
+
Rev: 4,
|
|
1361
|
+
'NIST Name': 'Session Authenticity'
|
|
1362
|
+
},
|
|
1363
|
+
{
|
|
1364
|
+
'CWE-ID': 820,
|
|
1365
|
+
'CWE Name': ' Missing Synchronization',
|
|
1366
|
+
'NIST-ID': '',
|
|
1367
|
+
Rev: 4,
|
|
1368
|
+
'NIST Name': ''
|
|
1369
|
+
},
|
|
1370
|
+
{
|
|
1371
|
+
'CWE-ID': 821,
|
|
1372
|
+
'CWE Name': ' Incorrect Synchronization',
|
|
1373
|
+
'NIST-ID': '',
|
|
1374
|
+
Rev: 4,
|
|
1375
|
+
'NIST Name': ''
|
|
1376
|
+
},
|
|
1377
|
+
{
|
|
1378
|
+
'CWE-ID': 829,
|
|
1379
|
+
'CWE Name': ' Inclusion of Functionality from Untrusted Control Sphere',
|
|
1380
|
+
'NIST-ID': '',
|
|
1381
|
+
Rev: 4,
|
|
1382
|
+
'NIST Name': ''
|
|
1383
|
+
},
|
|
1384
|
+
{
|
|
1385
|
+
'CWE-ID': 862,
|
|
1386
|
+
'CWE Name': ' Missing Authorization',
|
|
1387
|
+
'NIST-ID': 'AC-3',
|
|
1388
|
+
Rev: 4,
|
|
1389
|
+
'NIST Name': 'Access Enforcement'
|
|
1390
|
+
},
|
|
1391
|
+
{
|
|
1392
|
+
'CWE-ID': 863,
|
|
1393
|
+
'CWE Name': ' Incorrect Authorization',
|
|
1394
|
+
'NIST-ID': 'AC-3',
|
|
1395
|
+
Rev: 4,
|
|
1396
|
+
'NIST Name': 'Access Enforcement'
|
|
1397
|
+
},
|
|
1398
|
+
{
|
|
1399
|
+
'CWE-ID': 915,
|
|
1400
|
+
'CWE Name': ' Improperly Controlled Modification of Dynamically-Determined Object Attributes',
|
|
1401
|
+
'NIST-ID': 'SI-10',
|
|
1402
|
+
Rev: 4,
|
|
1403
|
+
'NIST Name': 'Information Input Validation'
|
|
1404
|
+
},
|
|
1405
|
+
{
|
|
1406
|
+
'CWE-ID': 916,
|
|
1407
|
+
'CWE Name': ' Use of Password Hash With Insufficient Computational Effort',
|
|
1408
|
+
'NIST-ID': 'SC-13',
|
|
1409
|
+
Rev: 4,
|
|
1410
|
+
'NIST Name': 'Cryptographic Protection'
|
|
1411
|
+
},
|
|
1412
|
+
{
|
|
1413
|
+
'CWE-ID': 918,
|
|
1414
|
+
'CWE Name': ' Server-Side Request Forgery (SSRF)',
|
|
1415
|
+
'NIST-ID': 'SI-10',
|
|
1416
|
+
Rev: 4,
|
|
1417
|
+
'NIST Name': 'Information Input Validation'
|
|
1418
|
+
}
|
|
1419
|
+
];
|
|
1420
|
+
//# sourceMappingURL=CweNistMappingData.js.map
|