SFP Secondary Cluster: Design

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Design cluster.


Acceptance of Extraneous Untrusted Data With Trusted Data

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Addition of Data Structure Sentinel

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is n...

Asymmetric Resource Consumption (Amplification)

Software that does not appropriately monitor or control resource consumption can lead to adverse system performance.

Comparison of Object References Instead of Object Contents

The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

Deletion of Data Structure Sentinel

The accidental deletion of a data-structure sentinel can cause serious programming logic problems.

Deployment of Wrong Handler

The wrong "handler" is assigned to process an object.

Duplicate Key in Associative List (Alist)

Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.

Execution After Redirect (EAR)

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

Exposed Unsafe ActiveX Method

An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. t...

Improper Handling of Highly Compressed Data (Data Amplification)

The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.

Incorrect Behavior Order

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Incorrect Behavior Order: Early Amplification

The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place.

Incorrect Block Delimitation

The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.

Incorrect Calculation

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Incorrect Comparison

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Incorrect Control Flow Scoping

The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Incorrect Use of Privileged APIs

The application does not conform to the API requirements for a function call that requires extra privileges. This could allow attackers to gain privileges by causing t...

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typ...

Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Insufficient Control of Network Message Volume (Network Amplification)

The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should ...

Insufficient Resource Pool

The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) ...

Misinterpretation of Input

The software misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Object Model Violation: Just One of Equals and Hashcode Defined

The software does not maintain equal hashcodes for equal objects.

Off-by-one Error

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Partial String Comparison

The software performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weak...

Reliance on Data/Memory Layout

The software makes invalid assumptions about how protocol data or memory is organized at a lower level, resulting in unintended program behavior.


Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.