# CWE早見表
| CWE分類 | 英名 | 日本語名 | 概要 |
|---|---|---|---|
| CWE-89 (opens new window) | Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" | SQLインジェクション | |
| CWE-77 (opens new window) | Improper Neutralization of Special Elements used in a Command "Command Injection" | コマンドインジェクション | |
| CWE-93 (opens new window) | Improper Neutralization of CRLF Sequences "CRLF Injection" | CRLFインジェクション | |
| CWE-113 (opens new window) | Improper Neutralization of CRLF Sequences in HTTP Headers "HTTP Response Splitting" | HTTP レスポンス分割攻撃 | |
| CWE-79 (opens new window) | Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" | クロスサイトスクリプティング | |
| CWE-592 (opens new window) | Authentication Bypass Issues | 認証回避 | Deplicated CWE-287: Improper Authentication 不適切な認証 に統合 |
| CWE-287 (opens new window) | Improper Authentication | 不適切な認証 | |
| CWE-307 (opens new window) | Improper Restriction of Excessive Authentication Attempts | 過度な認証試行に対する対策不備・欠落 | |
| CWE-521 (opens new window) | Weak Password Requirements | 脆弱なパスワードポリシー | |
| CWE-257 (opens new window) | Storing Passwords in a Recoverable Format | 復元可能なパスワード保存 | |
| CWE-384 (opens new window) | Session Fixation | セッションフィクセイション | |
| CWE-334 (opens new window) | Small Space of Random Values | 推測可能なセッションID | |
| CWE-200 (opens new window) | Information Exposure | 情報漏えい | |
| CWE-598 (opens new window) | Information Exposure Through Query Strings in GET Request | クエリストリング情報の漏えい | |
| CWE-524 (opens new window) | Information Exposure Through Caching | キャッシュからの情報漏えい | |
| CWE-549 (opens new window) | Missing Password Field Masking | パスワードフィールドのマスク不備 | |
| CWE-614 (opens new window) | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | HTTPS利用時のCookieのSecure 属性未設定 | |
| CWE-425 (opens new window) | Direct Request "Forced Browsing" | 強制ブラウズ | |
| CWE-352 (opens new window) | Cross-Site Request Forgery (CSRF) | クロスサイトリクエストフォージェリ | |
| CWE-22 (opens new window) | Improper Limitation of a Pathname to a Restricted Directory "Path Traversal" | パストラバーサル | |
| CWE-611 (opens new window) | Improper Restriction of XML External Entity Reference “XXE” | XML外部エンティティ参照 | |
| CWE-601 (opens new window) | URL Redirection to Untrusted Site "Open Redirect" | オープンリダイレクト | |
| CWE-502 (opens new window) | Deserialization of Untrusted Data | 安全でないデシリアライゼーション | |
| CWE-98 (opens new window) | Improper Control of Filename for Include/ Require Statement in PHP Program "PHP Remote File Inclusion" (RFI) | リモートファイルインクルージョン | |
| CWE-693 (opens new window) | Clickjacking/ Clickjack/ UI Redress/ UI Redressing | クリックジャッキング | |
| CWE-787 (opens new window) | Out-of-bounds Write | 範囲外の書き込み | |
| CWE-20 (opens new window) | Improper Input Validation | 不適切な入力検証 |