CWE-424 |
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. |
CWE-425 |
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. |
CWE-426 |
The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control. |
CWE-427 |
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
CWE-428 |
The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
CWE-43 |
A software system that accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-430 |
The wrong "handler" is assigned to process an object. |
CWE-431 |
A handler is not available or implemented. |
CWE-432 |
The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running. |
CWE-433 |
The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server. |