CWE Cheat Sheet

CWE Dummies BookWhen reporting the results of your web application security assessments it is important to use a common language. This makes it easier for other parties to understand your findings and adds credibility to your report. There are many different frameworks to choose from. One of the main frameworks used is the Common Weakness Enumeration framework, or CWE for short. This is a listing of all known weaknesses managed by MITRE.

Lingo
When one of these CWE’s appears in a specific piece of software it becomes a “vulnerability” and is then assigned a Common Vulnerabilities and Exposures number, or “CVE.” Then if this CVE is used by an attacker to cause harm to the application or it’s data it then is described as an “exploit.” If no one knows the exploit exists except for a few hackers it is known as a “zero-day” or “0 day”. Once the exploit becomes integrated in to a hacking tool it is considered to be a weaponized vulnerability. Then finally, when the weakness is fixed and the software is no longer vulnerable it is considered “remediated”.

Below is a listing of some of the more common CWE’s you will find when assessing web application. Each CWE number is hyper-linked to the corresponding page of the MITRE web site if you need more information. You may want to bookmark this page now for future reference.

CWE Description
CWE-22 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CWE-78 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
CWE-79 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’)
CWE-98 Remote File Inclusion
CWE-120  Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’)
CWE-131  Incorrect Calculation of Buffer Size
CWE-134  Uncontrolled Format String
CWE-190  Integer Overflow or Wraparound
CWE-209  Information Exposure Through an Error Message
CWE-250  Execution with Unnecessary Privileges
CWE-285  Improper Access Control (Authorization)
CWE-306  Missing Authentication for Critical Function
CWE-307  Improper Restriction of Excessive Authentication Attempts
CWE-311  Missing Encryption of Sensitive Data
CWE-319  Cleartext Transmission of Sensitive Information
CWE-327  Use of a Broken or Risky Cryptographic Algorithm
CWE-352  Cross-Site Request Forgery (CSRF)
CWE-384  Session Fixation
CWE-434  Unrestricted Upload of File with Dangerous Type
CWE-494  Download of Code Without Integrity Check
CWE-521  Weak Password Requirements
CWE-525  Password Autocomplete Set
CWE-539  Information Exposure Through Persistent Cookies
CWE-548  Browsable Directories
CWE-601  URL Redirection to Untrusted Site (‘Open Redirect’)
CWE-613  Insufficient session expiration
CWE-615  Information Exposure Through Comments
CWE-640  Weak Password Recovery Mechanism for Forgotten Password
CWE-676  Use of Potentially Dangerous Function
CWE-732  Incorrect Permission Assignment for Critical Resource
CWE-798  Use of Hard-coded Credentials
CWE-807  Reliance on Untrusted Inputs in a Security Decision
CWE-829  Inclusion of Functionality from Untrusted Control Sphere
CWE-862  Missing Authorization
CWE-863  Incorrect Authorization