Category-16: 配置
ID: 16 Status: Draft
Summary
Weaknesses in this category are typically introduced during the configuration of the software.
Membership
| ID | NAME |
|---|---|
| CWE-4 | J2EE环境问题 |
| CWE-519 | .NET环境问题 |
Taxonomy Mappings
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| WASC | 14 | Server Misconfiguration | |
| WASC | 15 | Application Misconfiguration |
Notes
Maintenance
This entry is a Category, but various sources map to it anyway, e.g. by NVD, despite CWE guidance that Categories should not be mapped. In this case, there are no clear CWE Weaknesses that can be utilized. "Inappropriate Configuration" might be better described as a Weakness, so this entry might be converted to a Weakness in a later version. Further research is required, however, as a "configuration weakness" might be Primary to many other CWEs, i.e., it might be better described in terms of chaining relationships.