CAPEC Related Weakness
HTTP Verb Tampering
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-654 Reliance on a Single Factor in a Security Decision
Accessing/Intercepting/Modifying HTTP Cookies
CWE-20 Improper Input Validation
CWE-113 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-311 Missing Encryption of Sensitive Data
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-384 Session Fixation
CWE-472 External Control of Assumed-Immutable Web Parameter
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-565 Reliance on Cookies without Validation and Integrity Checking
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
Manipulating Opaque Client-based Data Tokens
CWE-233 Improper Handling of Parameters
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-315 Cleartext Storage of Sensitive Information in a Cookie
CWE-353 Missing Support for Integrity Check
CWE-384 Session Fixation
CWE-472 External Control of Assumed-Immutable Web Parameter
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-565 Reliance on Cookies without Validation and Integrity Checking
Exploitation of Trusted Identifiers
CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length
CWE-290 Authentication Bypass by Spoofing
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-346 Origin Validation Error
CWE-384 Session Fixation
CWE-539 Use of Persistent Cookies Containing Sensitive Information
CWE-602 Client-Side Enforcement of Server-Side Security
CWE-642 External Control of Critical State Data
CWE-664 Improper Control of a Resource Through its Lifetime
Manipulating User-Controlled Variables
CWE-15 External Control of System or Configuration Setting
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-96 Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-473 PHP External Variable Modification
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Buffer Overflow via Symbolic Links
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
Buffer Overflow via Environment Variables
CWE-20 Improper Input Validation
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
CWE-118 Incorrect Access of Indexable Resource ('Range Error')
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-680 Integer Overflow to Buffer Overflow
CWE-697 Incorrect Comparison
CWE-733 Compiler Optimization Removal or Modification of Security-critical Code
Subverting Environment Variable Values
CWE-15 External Control of System or Configuration Setting
CWE-20 Improper Input Validation
CWE-73 External Control of File Name or Path
CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-285 Improper Authorization
CWE-302 Authentication Bypass by Assumed-Immutable Data
CWE-353 Missing Support for Integrity Check