Resource Exhaustion | |
HTTP Request Smuggling | |
Incomplete Cleanup | |
Improper Input Validation | |
Open Redirect | |
Information Exposure | |
Off-by-one Error | |
Information Exposure | |
Allocation of Resources Without Limits or Throttling | |
Arbitrary Code Injection | |
Memory Leak | |
Incomplete Documentation of Program Execution | |
Time-of-check Time-of-use (TOCTOU) | |
Improper Access Control | |
Improper Access Control | |
Loop with Unreachable Exit Condition ('Infinite Loop') | |
Information Exposure | |
Improper Input Validation | |
Insufficient Verification of Data Authenticity | |
Improper Input Validation | |
Incorrect Privilege Assignment | |
Exposure of Resource to Wrong Sphere | |
Error Handling | |
HTTP Request Smuggling | |
Files or Directories Accessible to External Parties | |
Authentication Bypass | |
Improper Authentication | |
Cross-site Request Forgery (CSRF) | |
Allocation of Resources Without Limits or Throttling | |
Improper Input Validation | |
Improper Authentication | |
Directory Traversal | |
Improper Access Control | |
Improper Input Validation | |
CVE-2015-5346 | |
Improper Access Control | |
Improper Access Control | |
Resource Exhaustion | |
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') | |
XML External Entity (XXE) Injection | |
Integer Overflow or Wraparound | |
Improper Input Validation | |
Improper Input Validation | |
CVE-2014-0186 | |
Improper Input Validation | |
HTTP Request Smuggling | |
Improper Input Validation | |
Improper Access Control | |
Resource Injection | |
Information Exposure | |
Improper Access Control | |
Security Features | |
Information Exposure | |
Deserialization of Untrusted Data | |
Security Features | |
Deserialization of Untrusted Data | |
Access Restriction Bypass | |
Improper Authorization | |
Resource Exhaustion | |
Session Fixation | |
Cross-site Scripting (XSS) | |