The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.
abstraction Base
status Draft
When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.
abstraction Class
status Draft
The product uses a more complex mechanism than necessary, which could lead to resultant weaknesses when the mechanism is not correctly understood, modeled, configured, implemented, or used.
abstraction Class
status Draft
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
abstraction Class
status Draft
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
abstraction Base
status Incomplete
The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
abstraction Base
status Incomplete
The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
abstraction Base
status Incomplete
The product stores security-critical state information about its users, or the product itself, in a location that is accessible to unauthorized actors.
abstraction Class
status Draft
The product uses external input to dynamically construct an XPath expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
abstraction Base
status Incomplete
The product does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.
abstraction Variant
status Incomplete
The product contains an account lockout protection mechanism, but the mechanism is too restrictive and can be triggered too easily, which allows attackers to deny service to legitimate users by causing their accounts to be locked out.
abstraction Base
status Incomplete
The product allows a file to be uploaded, but it relies on the file name or extension of the file to determine the appropriate behaviors. This could be used by attackers to cause the file to be misclassified and processed in a dangerous fashion.
abstraction Variant
status Incomplete
The product defines policy namespaces and makes authorization decisions based on the assumption that a URL is canonical. This can allow a non-canonical URL to bypass the authorization.
abstraction Variant
status Incomplete
The product does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing the function to be called incorrectly.
abstraction Base
status Incomplete
The product uses obfuscation or encryption of inputs that should not be mutable by an external actor, but the product does not use integrity checks to detect if those inputs have been modified.
abstraction Base
status Incomplete
The server contains a protection mechanism that assumes that any URI that is accessed using HTTP GET will not cause a state change to the associated resource. This might allow attackers to bypass intended access restrictions and conduct resource modification and deletion attacks, since some applications allow GET to modify state.
abstraction Variant
status Incomplete
The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return).
abstraction Variant
status Incomplete
The product uses external input to dynamically construct an XQuery expression used to retrieve data from an XML database, but it does not neutralize or incorrectly neutralizes that input. This allows an attacker to control the structure of the query.
abstraction Base
status Incomplete
The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
abstraction Class
status Draft
A protection mechanism relies exclusively, or to a large extent, on the evaluation of a single condition or the integrity of a single object or entity in order to make a decision about granting access to restricted resources or functionality.
abstraction Base
status Draft
The product has a protection mechanism that is too difficult or inconvenient to use, encouraging non-malicious users to disable or bypass the mechanism, whether by accident or on purpose.
abstraction Class
status Draft
The product uses a protection mechanism whose strength depends heavily on its obscurity, such that knowledge of its algorithms or key data is sufficient to defeat the mechanism.
abstraction Class
status Draft
The product violates well-established principles for secure design.
abstraction Class
status Draft
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
abstraction Class
status Draft
The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
abstraction Base
status Draft
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
abstraction Pillar
status Draft
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
abstraction Class
status Draft
The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.
abstraction Class
status Draft
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
abstraction Class
status Draft
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
abstraction Class
status Draft
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
abstraction Class
status Draft
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
abstraction Class
status Draft
The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.
abstraction Class
status Draft
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
abstraction Class
status Draft
The product does not prevent the definition of control spheres from external actors.
abstraction Class
status Draft
The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
abstraction Class
status Draft
The product performs the same operation on a resource two or more times, when the operation should only be applied once.
abstraction Class
status Draft
The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.
abstraction Base
status Draft
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
abstraction Compound
status Draft
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
abstraction Base
status Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
abstraction Pillar
status Draft
The product calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.
abstraction Variant
status Draft
The code does not function according to its published specifications, potentially leading to incorrect usage.
abstraction Class
status Draft
The product calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resultant weaknesses.
abstraction Variant
status Draft
The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.
abstraction Variant
status Draft
The product calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.
abstraction Variant
status Draft
The product calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined behavior and resultant weaknesses.
abstraction Variant
status Draft
The product, while copying or cloning a resource, does not set the resource's permissions or access control until the copy is complete, leaving the resource exposed to other spheres while the copy is taking place.
abstraction Compound
status Draft
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
abstraction Compound
status Draft
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
abstraction Pillar
status Draft
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.
abstraction Compound
status Draft
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
abstraction Pillar
status Draft
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
abstraction Base
status Incomplete
The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate.
abstraction Base
status Incomplete
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways that may produce resultant weaknesses.
abstraction Class
status Incomplete
The product compares two entities in a security-relevant context, but the comparison is incorrect.
abstraction Pillar
status Incomplete
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
abstraction Base
status Incomplete
The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.
abstraction Pillar
status Incomplete
The product does not correctly convert an object, resource, or structure from one type to a different type.
abstraction Class
status Incomplete
The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.
abstraction Class
status Incomplete
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
abstraction Class
status Incomplete
The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
abstraction Pillar
status Incomplete
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.
abstraction Base
status Incomplete
The product does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
abstraction Pillar
status Incomplete
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
abstraction Class
status Draft
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
abstraction Base
status Incomplete
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
abstraction Base
status Incomplete
The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.
abstraction Class
status Incomplete
The product does not handle or incorrectly handles an exceptional condition.
abstraction Class
status Incomplete
The product does not return custom error pages to the user, possibly exposing sensitive information.
abstraction Base
status Incomplete
A protocol or its implementation supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm that is available to both parties.
abstraction Base
status Incomplete
The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.
abstraction Class
status Incomplete
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product does not also use a salt as part of the input.
abstraction Variant
status Incomplete
The product uses a one-way cryptographic hash against an input that should not be reversible, such as a password, but the product uses a predictable salt as part of the input.
abstraction Variant
status Incomplete
The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.
abstraction Variant
status Incomplete
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
abstraction Variant
status Incomplete
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
abstraction Base
status Incomplete
The product locks a critical resource more times than intended, leading to an unexpected state in the system.
abstraction Base
status Incomplete
The product unlocks a critical resource more times than intended, leading to an unexpected state in the system.
abstraction Base
status Incomplete
The product declares a critical variable, field, or member to be public when intended security policy requires it to be private.
abstraction Base
status Incomplete