Difference between revisions of "ASDR TOC Vulnerabilities"

From OWASP
Jump to: navigation, search
Line 165: Line 165:
 
# [[Integer coercion error]]
 
# [[Integer coercion error]]
 
# [[Integer overflow]]
 
# [[Integer overflow]]
# [[Integer Overflow]]
 
 
# [[Integer underflow (wrap or wraparound)]]
 
# [[Integer underflow (wrap or wraparound)]]
 
# [[Intended information leak]]
 
# [[Intended information leak]]

Revision as of 12:01, 26 September 2008

Back to TOC

  1. Access control enforced by presentation layer
  2. Accidental leaking of sensitive information through data queries
  3. Accidental leaking of sensitive information through error messages
  4. Accidental leaking of sensitive information through sent data
  5. Addition of data-structure sentinel
  6. Algorithmic Complexity
  7. Allowing External Setting Manipulation
  8. Allowing password aging
  9. Alternate Channel Race Condition
  10. Alternate Encoding
  11. ASP.NET Misconfiguration: Creating Debug Binary
  12. ASP.NET Misconfiguration: Missing Custom Error Handling
  13. ASP.NET Misconfiguration: Password in Configuration File
  14. Assigning instead of comparing
  15. Authentication bypass by alternate name
  16. Authentication Bypass by Alternate Path/Channel
  17. Authentication Bypass by Primary Weakness
  18. Authentication bypass by spoofing
  19. Authentication Bypass via Assumed-Immutable Data
  20. Authentication Error
  21. Authentication Logic Error
  22. Behavioral Change
  23. Behavioral Discrepancy Infoleak
  24. Behavioral problems
  25. Buffer Overflow
  26. Buffer over-read
  27. Buffer under-read
  28. Buffer underwrite
  29. Bundling Issues
  30. Byte/Object Code
  31. Capture-replay
  32. Case Sensitivity (lowercase, uppercase, mixed case)
  33. Catch NullPointerException
  34. Channel and Path Errors
  35. Cleansing, Canonicalization, and Comparison Errors
  36. Code Correctness: Call to System.gc()
  37. Code Correctness: Call to Thread.run()
  38. Code Correctness: Class Does Not Implement Cloneable
  39. Code Correctness: Double-Checked Locking
  40. Code Correctness: Erroneous finalize() Method
  41. Code Correctness: Erroneous String Compare
  42. Code Correctness: Misspelled Method Name
  43. Code Correctness: null Argument to equals()
  44. Collapse of Data into Unsafe Value
  45. Common Special Element Manipulations
  46. Comparing classes by name
  47. Comparing instead of assigning
  48. Comprehensive list of Threats to Authentication Procedures and Data
  49. Context Switching Race Condition
  50. Covert timing channel
  51. CRLF Injection
  52. Cross Site Scripting Flaw
  53. Cross-Boundary Cleansing Infoleak
  54. Dangerous Function
  55. Dangerous handler not cleared/disabled during sensitive operations
  56. Data Amplification
  57. Data Leaking Between Users
  58. Data Structure Issues
  59. Dead Code: Broken Override
  60. Dead Code: Expression is Always False
  61. Dead Code: Expression is Always True
  62. Dead Code: Unused Field
  63. Dead Code: Unused Method
  64. Deletion of data-structure sentinel
  65. Delimiter between Expressions or Commands
  66. Delimiter Problems
  67. Deserialization of untrusted data
  68. Directory Restriction Error
  69. Discrepancy Information Leaks
  70. Double Free
  71. Doubled character XSS manipulations
  72. Doubly freeing memory
  73. Duplicate key in associative list (alist)
  74. Early Amplification
  75. EJB Bad Practices: Use of AWT/Swing
  76. EJB Bad Practices: Use of Class Loader
  77. EJB Bad Practices: Use of java.io
  78. EJB Bad Practices: Use of Sockets
  79. EJB Bad Practices: Use of Synchronization Primitives
  80. Empty Catch Block
  81. Empty String Password
  82. Error Conditions, Return Values, Status Codes
  83. Error Message Infoleaks
  84. Escape, Meta, or Control Character / Sequence
  85. Expected behavior violation
  86. External behavioral inconsistency infoleak
  87. External initialization of trusted variables or values
  88. Extra Parameter Error
  89. Extra Special Element
  90. Extra Unhandled Features
  91. Extra Value Error
  92. Fails poorly due to insufficient permissions
  93. Failure of true random number generator
  94. Failure to account for default case in switch
  95. Failure to add integrity check value
  96. Failure to check for certificate revocation
  97. Failure to check integrity check value
  98. Failure to check whether privileges were dropped successfully
  99. Failure to deallocate data
  100. Failure to drop privileges when reasonable
  101. Failure to encrypt data
  102. Failure to follow chain of trust in certificate validation
  103. Failure to protect stored data from modification
  104. Failure to provide confidentiality for stored data
  105. Failure to validate certificate expiration
  106. Failure to validate host-specific certificate data
  107. File Access Race Condition: TOCTOU
  108. Format String
  109. General Special Element Problems
  110. Grouping Element / Paired Delimiter
  111. Guessed or visible temporary file
  112. Hard-Coded Password
  113. Heap Inspection
  114. Heap overflow
  115. Ignored function return value
  116. Illegal Pointer Value
  117. Improper cleanup on thrown exception
  118. Improper error handling
  119. Improper Handler Deployment
  120. Improper Null Termination
  121. Improper resource shutdown or release
  122. Improper string length checking
  123. Improper temp file opening
  124. Improperly Implemented Security Check for Standard
  125. Improperly Trusted Reverse DNS
  126. Improperly Verified Signature
  127. Inadvertent
  128. Incomplete Blacklist
  129. Incomplete Cleanup
  130. Incomplete Element
  131. Incomplete Internal State Distinction
  132. Inconsistent Elements
  133. Inconsistent Implementations
  134. Inconsistent Special Elements
  135. Incorrect block delimitation
  136. Incorrect initialization
  137. Incorrect Privilege Assignment
  138. Infoleak Using Debug Information
  139. Information Leak (information disclosure)
  140. Information leak through class cloning
  141. Information leak through serialization
  142. Information loss or omission
  143. Initialization and Cleanup Errors
  144. Injection problem
  145. Input Terminator
  146. Insecure Compiler Optimization
  147. Insecure Default Permissions
  148. Insecure default variable initialization
  149. Insecure execution-assigned permissions
  150. Insecure inherited permissions
  151. Insecure preserved inherited permissions
  152. Insecure Randomness
  153. Insecure Temporary File
  154. Installation Issues
  155. Insufficient Entropy
  156. Insufficient entropy in pseudo-random number generator
  157. Insufficient privileges
  158. Insufficient Resource Locking
  159. Insufficient Resource Pool
  160. Insufficient Type Distinction
  161. Insufficient UI warning of dangerous operations
  162. Insufficient Verification of Data
  163. Integer coercion error
  164. Integer overflow
  165. Integer underflow (wrap or wraparound)
  166. Intended information leak
  167. Interaction Errors
  168. Internal behavioral inconsistency infoleak
  169. Internal Special Element
  170. Invalid Characters in Identifiers
  171. Invoking untrusted mobile code
  172. J2EE Bad Practices: getConnection()
  173. J2EE Bad Practices: JSP Expressions
  174. J2EE Bad Practices: Sockets
  175. J2EE Bad Practices: System.exit()
  176. J2EE Bad Practices: Threads
  177. J2EE Misconfiguration: Insecure Transport
  178. J2EE Misconfiguration: Insufficient Session-ID Length
  179. J2EE Misconfiguration: Missing Error Handling
  180. J2EE Misconfiguration: Unsafe Bean Declaration
  181. J2EE Misconfiguration: Weak Access Permissions
  182. J2EE Time and State Issues
  183. Key exchange without entity authentication
  184. Key management errors
  185. Leading Special Element
  186. Least Privilege Violation
  187. Leftover Debug Code
  188. Length Parameter Inconsistency
  189. Line Delimiter
  190. Log Forging
  191. Log injection
  192. Mac virtual file problems
  193. Macro symbol
  194. Member Field Race Condition
  195. Memory leak
  196. Memory Leak
  197. Miscalculated null termination
  198. Misinterpretation error
  199. Misinterpreted function return value
  200. Missing access control
  201. Missing critical step in authentication
  202. Missing element error
  203. Missing error status code
  204. Missing handler
  205. Missing initialization
  206. Missing lock check
  207. Missing parameter
  208. Missing parameter error
  209. Missing required cryptographic step
  210. Missing special element
  211. Missing value error
  212. Missing XML Validation
  213. Mixed encoding
  214. Modification of assumed-immutable data
  215. Multiple failed authentication attempts not prevented
  216. Multiple internal special element
  217. Multiple interpretation error (MIE)
  218. Multiple interpretations of UI input
  219. Multiple Leading Special Elements
  220. Multiple Trailing Special Elements
  221. Mutable object returned
  222. Mutable objects passed by reference
  223. No authentication for critical function
  224. Non-cryptographic pseudo-random number generator
  225. Non-exit on failed initialization
  226. Non-replicating
  227. Not allowing password aging
  228. Not using a random initialization vector with cipher block chaining mode
  229. Null character / null byte
  230. Null Dereference
  231. Null-pointer dereference
  232. Numeric Byte Ordering Error
  233. Numeric Errors
  234. Object Model Violation: Just One of equals() and hashCode() Defined
  235. Obscured Security-relevant Information by Alternate Name
  236. Obsolete feature in UI
  237. Off-by-one Error
  238. Often Misused: Authentication
  239. Often Misused: Exception Handling
  240. Often Misused: File System
  241. Often Misused: Path Manipulation
  242. Often Misused: Privilege Management
  243. Often Misused: String Management
  244. Omission of Security-relevant Information
  245. Omitted break statement
  246. Open forward
  247. Open redirect
  248. Origin Validation Error
  249. Other length calculation error
  250. Out-of-bounds Read
  251. Overflow of static internal buffer
  252. Overly Restrictive Regular Expression
  253. Overly-Broad Catch Block
  254. Overly-Broad Throws Declaration
  255. Ownership errors
  256. Parameter Problems
  257. Partial Comparison
  258. Passing mutable objects to an untrusted method
  259. Password Management: Hardcoded Password
  260. Password Management: Weak Cryptography
  261. Password Plaintext Storage
  262. Patch Issues
  263. Path Equivalence
  264. Path Issue - asterix wildcard - filedir*
  265. Path Issue - backslash absolute path - /absolute/pathname/here
  266. Path Issue - directory doubled dot dot backslash
  267. Path Issue - directory doubled dot dot slash
  268. Path Issue - dirname/fakechild/
  269. Path Issue - dot dot backslash
  270. Path Issue - doubled dot dot slash
  271. Path Issue - doubled triple dot slash
  272. Path Issue - drive letter or Windows volume - 'C:dirname'
  273. Path Issue - internal dot - 'file.ordir'
  274. Path Issue - internal space - file(SPACE)name
  275. Path Issue - leading directory dot dot backslash
  276. Path Issue - leading directory dot dot slash
  277. Path Issue - leading dot dot backslash
  278. Path Issue - leading dot dot slash
  279. Path Issue - leading space
  280. Path Issue - multiple dot
  281. Path Issue - multiple internal backslash
  282. Path Issue - multiple leading slash
  283. Path Issue - multiple trailing dot
  284. Path Issue - multiple trailing slash
  285. Path Issue - single dot directory
  286. Path Issue - slash absolute path
  287. Path Issue - trailing backslash
  288. Path Issue - trailing dot
  289. Path Issue - trailing slash
  290. Path Issue - trailing space
  291. Path Issue - triple dot
  292. Path Issue - Windows 8.3 Filename
  293. Path Issue - Windows UNC share - '/UNC/share/name/'
  294. Pathname Traversal and Equivalence Errors
  295. Permission errors
  296. Permission preservation failure
  297. Permissions, Privileges, and ACLs
  298. Permissive Whitelist
  299. PHP External Variable Modification
  300. PHP File Inclusion
  301. Plaintext Storage in Cookie
  302. Plaintext Storage in Executable
  303. Plaintext Storage in File or on Disk
  304. Plaintext Storage in GUI
  305. Plaintext Storage in Memory
  306. Plaintext Storage of Sensitive Information
  307. Pointer Issues
  308. Poor Logging Practice: Logger Not Declared Static Final
  309. Poor Logging Practice: Multiple Loggers
  310. Poor Logging Practice: Use of a System Output Stream
  311. Poor Style: Confusing Naming
  312. Poor Style: Empty Synchronized Block
  313. Poor Style: Explicit call to finalize()
  314. Poor Style: Identifier Contains Dollar Symbol ($)
  315. Portability Flaw
  316. Porting Issues
  317. Predictability problems
  318. Predictable Exact Value from Previous Values
  319. Predictable from Observable State
  320. Predictable Seed in PRNG
  321. Predictable Value Range from Previous Values
  322. Privacy Violation
  323. Private Array-Typed Field Returned From A Public Method
  324. Privilege / sandbox errors
  325. Privilege Chaining
  326. Privilege Context Switching Error
  327. Privilege Dropping / Lowering Errors
  328. Privilege Management Error
  329. PRNG Seed Error
  330. Process Control
  331. Process information infoleak to other processes
  332. Product UI does not warn user of unsafe actions
  333. Product-External Error Message Infoleak
  334. Product-Generated Error Message Infoleak
  335. Proxied Trusted Channel
  336. Public Data Assigned to Private Array-Typed Field
  337. Publicizing of private data when using inner classes
  338. Quoting Element
  339. Race condition enabling link following
  340. Race condition in checking for certificate revocation
  341. Race condition in signal handler
  342. Race condition in switch
  343. Race condition within a thread
  344. Race Conditions
  345. Randomness and Predictability
  346. Record Delimiter
  347. Reflection attack in an auth protocol
  348. Reflection injection
  349. Regular Expression Error
  350. Relative path library search
  351. Reliance on data layout
  352. Relying on package-level scope
  353. Representation Errors
  354. Requirements Issues
  355. Resource exhaustion
  356. Resource leaks
  357. Resource Locking problems
  358. Resource Management Errors
  359. Response discrepancy infoleak
  360. Return Inside Finally Block
  361. Reusing a nonce, key pair in encryption
  362. Reversible One-Way Hash
  363. Same Seed in PRNG
  364. Section Delimiter
  365. Sensitive Data Under FTP Root
  366. Sensitive Data Under Web Root
  367. Sensitive Information Uncleared Before Use
  368. Session Fixation
  369. Sign extension error
  370. Signal Errors
  371. Signed to unsigned conversion error
  372. Small Seed Space in PRNG
  373. Small Space of Random Values
  374. Stack overflow
  375. State synchronization error
  376. Static Value in Unpredictable Context
  377. Storing passwords in a recoverable format
  378. String Termination Error
  379. Struts: Duplicate Validation Forms
  380. Struts: Erroneous validate() Method
  381. Struts: Form Bean Does Not Extend Validation Class
  382. Struts: Form Does Not Extend Validation Class
  383. Struts: Form Field Without Validator
  384. Struts: Plug-in Framework Not In Use
  385. Struts: Unused Validation Form
  386. Struts: Unvalidated Action Form
  387. Struts: Validator Turned Off
  388. Struts: Validator Without Form Field
  389. Substitution Character
  390. Symbolic name not mapping to correct object
  391. System Configuration Issues
  392. System Information Leak
  393. System Information Leak: Missing Catch Block
  394. System Operations Issues
  395. Technology-specific Environment Issues
  396. Technology-Specific Input Validation Problems
  397. Technology-Specific Special Elements
  398. Technology-Specific Time and State Issues
  399. Template:Vulnerability
  400. Temporary File Issues
  401. Testing Issues
  402. The UI performs the wrong action
  403. Time and State
  404. Time of check, time of use race condition
  405. Time of Introduction
  406. Time-of-check Time-of-use race condition
  407. Timing discrepancy infoleak
  408. Trailing Special Element
  409. Trapdoor
  410. Truncation error
  411. Truncation of Security-relevant Information
  412. Trust Boundary Violation
  413. Trust of system event data
  414. Trusting self-reported DNS name
  415. Trusting self-reported IP address
  416. UI Misrepresentation of Critical Information
  417. Uncaught exception
  418. Unchecked array indexing
  419. Unchecked Error Condition
  420. Unchecked Return Value
  421. Unchecked Return Value: Missing Check against Null
  422. Uncontrolled Search Path Element
  423. Undefined Behavior
  424. Undefined Parameter Error
  425. Undefined Value Error
  426. Unexpected Status Code or Return Value
  427. Unimplemented or unsupported feature in UI
  428. Uninitialized variable
  429. Uninitialized Variable
  430. Unintended proxy/intermediary
  431. Unintentional pointer scaling
  432. UNIX file descriptor leak
  433. UNIX hard link
  434. UNIX Path Link problems
  435. UNIX symbolic link (symlink) following
  436. Unparsed Raw Web Content Delivery
  437. Unprotected Alternate Channel
  438. Unprotected Primary Channel
  439. Unquoted Search Path or Element
  440. Unreleased Resource
  441. Unrestricted Critical Resource Lock
  442. Unrestricted File Upload
  443. Unsafe function call from a signal handler
  444. Unsafe JNI
  445. Unsafe Mobile Code: Access Violation
  446. Unsafe Mobile Code: Dangerous Array Declaration
  447. Unsafe Mobile Code: Dangerous Public Field
  448. Unsafe Mobile Code: Inner Class
  449. Unsafe Mobile Code: Public finalize() Method
  450. Unsafe Privilege
  451. Unsafe Reflection
  452. Unsigned to signed conversion error
  453. Untrusted Data Appended with Trusted Data
  454. Unverified Ownership
  455. URL Encoding (Hex Encoding)
  456. Use of hard-coded password
  457. Use of Less Trusted Source
  458. Use of Obsolete Methods
  459. Use of sizeof() on a pointer type
  460. User interface inconsistency
  461. User Interface Quality Errors
  462. User Interface Security Errors
  463. User management errors
  464. Using a broken or risky cryptographic algorithm
  465. Using a key past its expiration date
  466. Using freed memory
  467. Using password systems
  468. Using referer field for authentication or authorization
  469. Using single-factor authentication
  470. Using the wrong operator
  471. Validate-Before-Canonicalize
  472. Validate-Before-Filter
  473. Validation performed in client
  474. Value Delimiter
  475. Value Problems
  476. Variable Name Delimiter
  477. Virtual Files
  478. Weak credentials
  479. Weak Encryption
  480. Wrap-around error
  481. Write-what-where condition
  482. Wrong Data Type
  483. Wrong Status Code

Back to TOC