Behavioral Problems
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to unexpected behaviors from code that an application uses.
Weaknesses
A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.
The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect resu...
The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
A feature, API, or function does not perform according to its specification.
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enf...
The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in ...
A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, poten...
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but i...
If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to bypass authorization protection.
The product allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.
The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs th...
The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.
The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
The product uses an expression in which operator precedence causes incorrect logic to be used.
The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is re...
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
Concepts
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.