Detalle de categoría CWE-399

CWE-399

Resource Management Errors
Draft
2006-07-19 +00:00
2023-06-29 +00:00
CWE Mitre.org
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Gestionar notificaciones

Nombre: Resource Management Errors

Weaknesses in this category are related to improper management of system resources.

Lista de miembros CWE

CWE-73: External Control of File Name or Path Base

CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') Base

CWE-410: Insufficient Resource Pool Base

CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Base

CWE-502: Deserialization of Untrusted Data Base

CWE-619: Dangling Database Cursor ('Cursor Injection') Base

CWE-641: Improper Restriction of Names for Files and Other Resources Base

CWE-694: Use of Multiple Resources with Duplicate Identifier Base

CWE-763: Release of Invalid Pointer or Reference Base

CWE-770: Allocation of Resources Without Limits or Throttling Base

CWE-771: Missing Reference to Active Allocated Resource Base

CWE-772: Missing Release of Resource after Effective Lifetime Base

CWE-826: Premature Release of Resource During Expected Lifetime Base

CWE-908: Use of Uninitialized Resource Base

CWE-909: Missing Initialization of Resource Base

CWE-910: Use of Expired File Descriptor Base

CWE-911: Improper Update of Reference Count Base

CWE-914: Improper Control of Dynamically-Identified Variables Base

CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes Base

CWE-920: Improper Restriction of Power Consumption Base

CWE-1188: Initialization of a Resource with an Insecure Default Base

CWE-1341: Multiple Releases of Same Resource or Handle Base

Informaciones CWE

Notas de mapeo de vulnerabilidades

Justificación : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1287]. This CWE ID may have become widely-used because of NIST's usage in NVD from 2008 to 2016 (see CWE-635 view, updated to the CWE-1003 view in 2016).
Comentario : Some weakness-oriented alternatives might be found as descendants under Uncontrolled Resource Consumption (CWE-400).

Envío

Nombre Organización Fecha Fecha de lanzamiento Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modificaciones

Nombre Organización Fecha Comentario
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2009-05-27 +00:00 updated Relationships
CWE Content Team MITRE 2014-06-23 +00:00 updated Other_Notes
CWE Content Team MITRE 2014-07-30 +00:00 updated Detection_Factors
CWE Content Team MITRE 2015-12-07 +00:00 updated Relationships
CWE Content Team MITRE 2017-01-19 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Detection_Factors, Relationships
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships
CWE Content Team MITRE 2019-06-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated References
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

Referencias

REF-1287

Supplemental Details - 2022 CWE Top 25
MITRE.
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails

La información presentada en CVE Find proviene de varias fuentes de referencia cuidadosamente seleccionadas. Los datos CVE son proporcionados por MITRE Corporation y la Base de Datos Nacional de Vulnerabilidades (NVD). El catálogo de Vulnerabilidades Explotadas Conocidas (KEV) proviene de la Agencia de Seguridad de Infraestructura y Ciberseguridad (CISA), mientras que las puntuaciones EPSS provienen de FIRST.org. Además, los datos sobre debilidades de software (CWE) y patrones de ataque comunes (CAPEC) son mantenidos por MITRE Corporation, y la información sobre configuraciones de hardware y software (CPE) es proporcionada por la NVD.