CWE-52 |
A software system that accepts path input in the form of multiple trailing slash ('/multiple/trailing/slash//') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-520 |
Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks. |
CWE-521 |
The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts. |
CWE-522 |
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. |
CWE-523 |
Login pages do not use adequate measures to protect the user name and password while they are in transit from the client to the server. |
CWE-524 |
The code uses a cache that contains sensitive information, but the cache can be read by an actor outside of the intended control sphere. |
CWE-525 |
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. |
CWE-526 |
Environmental variables may contain sensitive information about a remote server. |
CWE-527 |
The product stores a CVS, git, or other repository in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors. |
CWE-528 |
The product generates a core dump file in a directory, archive, or other resource that is stored, transferred, or otherwise made accessible to unauthorized actors. |