| Rank | Flaw | TOTAL | 2001 | 2002 | 2003 | 2004 | 2005 | 2006 | |
|---|---|---|---|---|---|---|---|---|---|
| Total | 16192 | 1434 | 2138 | 1173 | 2534 | 4538 | 4375 | ||
| [ 1] | XSS | 13.9% | 02.2% (11) | 08.7% ( 2) | 07.5% ( 2) | 10.9% ( 2) | 16.0% ( 1) | 21.5% ( 1) | |
| [ 2] | buf | 13.3% | 19.5% ( 1) | 20.3% ( 1) | 22.5% ( 1) | 15.4% ( 1) | 09.8% ( 3) | 07.9% ( 4) | |
| [ 3] | sql-inject | 08.7% | 00.4% (28) | 01.8% (12) | 03.0% ( 4) | 05.5% ( 3) | 12.9% ( 2) | 14.0% ( 2) | |
| [ 4] | dot | 04.7% | 08.9% ( 2) | 05.1% ( 3) | 02.9% ( 5) | 04.1% ( 4) | 04.3% ( 4) | 04.4% ( 5) | |
| [ 5] | php-include | 03.5% | 00.1% (32) | 00.3% (30) | 00.8% (16) | 01.4% (10) | 02.1% ( 6) | 09.5% ( 3) | |
| [ 6] | infoleak | 03.3% | 02.6% ( 9) | 04.2% ( 5) | 02.6% ( 7) | 03.7% ( 5) | 03.9% ( 5) | 02.6% ( 6) | |
| [ 7] | dos-malform | 02.9% | 04.8% ( 3) | 05.1% ( 4) | 02.5% ( 8) | 03.4% ( 6) | 01.8% ( 8) | 02.0% ( 7) | |
| [ 8] | link | 02.0% | 04.5% ( 4) | 02.1% ( 9) | 03.5% ( 3) | 02.8% ( 7) | 01.9% ( 7) | 00.5% (16) | |
| [ 9] | format-string | 01.8% | 03.2% ( 7) | 01.8% (10) | 02.7% ( 6) | 02.4% ( 8) | 01.7% ( 9) | 01.0% (10) | |
| [10] | crypt | 01.6% | 03.8% ( 5) | 02.7% ( 6) | 01.5% ( 9) | 00.9% (16) | 01.5% (10) | 00.9% (13) | |
| [11] | priv | 01.4% | 02.5% (10) | 02.2% ( 8) | 01.0% (12) | 01.3% (11) | 01.5% (11) | 00.9% (12) | |
| [12] | metachar | 01.3% | 03.8% ( 6) | 02.6% ( 7) | 00.7% (17) | 01.0% (14) | 01.3% (12) | 00.3% (21) | |
| [13] | perm | 01.3% | 02.7% ( 8) | 01.8% (11) | 01.3% (11) | 00.9% (15) | 01.1% (13) | 01.1% ( 9) | |
| [14] | int-overflow | 01.0% | 00.1% (30) | 00.4% (26) | 01.4% (10) | 01.9% ( 9) | 00.8% (14) | 01.2% ( 8) | |
| [15] | dos-flood | 00.8% | 02.0% (12) | 01.7% (13) | 00.5% (19) | 01.2% (12) | 00.2% (27) | 00.4% (17) | |
| [16] | pass | 00.8% | 01.1% (17) | 01.3% (15) | 00.2% (26) | 01.1% (13) | 00.8% (15) | 00.4% (18) | |
| [17] | auth | 00.8% | 01.5% (13) | 01.3% (14) | 00.5% (20) | 00.7% (17) | 00.5% (19) | 00.7% (14) | |
| [18] | webroot | 00.5% | 00.1% (29) | 00.2% (31) | 00.3% (25) | 00.2% (29) | 00.7% (16) | 00.9% (11) | |
| [19] | form-field | 00.5% | 00.7% (23) | 00.8% (17) | 00.5% (21) | 00.2% (25) | 00.4% (20) | 00.5% (15) | |
| [20] | relpath | 00.4% | 00.8% (22) | 00.3% (29) | 00.9% (14) | 00.6% (18) | 00.3% (23) | 00.3% (20) | |
| [21] | race | 00.4% | 00.5% (26) | 00.4% (22) | 00.6% (18) | 00.4% (21) | 00.6% (17) | 00.3% (24) | |
| [22] | memleak | 00.4% | 01.1% (18) | 00.2% (32) | 00.4% (22) | 00.5% (19) | 00.3% (22) | 00.2% (26) | |
| [23] | msdos-device | 00.4% | 01.0% (20) | 00.6% (19) | 00.9% (13) | 00.2% (24) | 00.2% (28) | 00.0% (34) | |
| [24] | crlf | 00.3% | ... | 00.2% (33) | 00.1% (31) | 00.5% (20) | 00.4% (21) | 00.3% (19) | |
| [25] | default | 00.3% | 01.1% (16) | 00.7% (18) | 00.1% (32) | 00.2% (26) | 00.1% (33) | 00.1% (29) | |
| [26] | spoof | 00.3% | 01.0% (19) | 00.3% (28) | 00.1% (29) | 00.1% (33) | 00.2% (25) | 00.3% (25) | |
| [27] | sandbox | 00.3% | 01.2% (15) | 01.0% (16) | ... | 00.2% (31) | 00.0% (34) | ... | |
| [28] | rand | 00.3% | 01.2% (14) | 00.6% (20) | 00.3% (24) | 00.2% (32) | 00.0% (35) | 00.2% (27) | |
| [29] | upload | 00.3% | ... | 00.0% (36) | 00.1% (30) | 00.2% (27) | 00.5% (18) | 00.3% (22) | |
| [30] | signedness | 00.2% | 00.1% (31) | 00.4% (23) | 00.8% (15) | 00.2% (22) | 00.3% (24) | 00.0% (32) | |
| [31] | dos-release | 00.2% | 00.9% (21) | 00.5% (21) | 00.2% (27) | 00.2% (28) | ... | ... | |
| [32] | CF | 00.2% | 00.7% (24) | 00.3% (27) | 00.2% (28) | ... | 00.1% (31) | 00.1% (28) | |
| [33] | eval-inject | 00.2% | ... | ... | ... | 00.0% (35) | 00.2% (26) | 00.3% (23) | |
| [34] | design | 00.1% | 00.6% (25) | 00.4% (24) | 00.1% (33) | 00.0% (34) | 00.1% (32) | 00.0% (31) | |
| [35] | double-free | 00.1% | ... | 00.1% (35) | 00.3% (23) | 00.2% (23) | 00.1% (30) | 00.1% (30) | |
| [36] | CSRF | 00.1% | ... | 00.0% (37) | ... | 00.2% (30) | 00.2% (29) | 00.0% (33) | |
| [37] | type-check | 00.1% | 00.4% (27) | 00.4% (25) | ... | ... | 00.0% (36) | 00.0% (35) | |
| [38] | none | 00.0% | ... | 00.1% (34) | ... | ... | ... | ... | |
| UNKNOWN/UNSPECIFIED ITEMS | |||||||||
| unk | 09.0% | 07.9% | 07.1% | 07.0% | 08.2% | 08.9% | 11.5% | ||
| other | 15.2% | 16.7% | 19.0% | 11.8% | 17.2% | 13.1% | 14.9% | ||
| not-specified | 06.9% | 00.1% | 03.0% | 20.5% | 11.3% | 11.3% | 00.3% | ||
| 10:2001 | 56.3 |
| 10:2002 | 54.8 |
| 10:2003 | 50.1 |
| 10:2004 | 51.5 |
| 10:2005 | 55.9 |
| 10:2006 | 65.2 |
| 10:TOTAL | 55.7 |
| 5:2001 | 41.5 |
| 5:2002 | 43.4 |
| 5:2003 | 39.4 |
| 5:2004 | 39.6 |
| 5:2005 | 46.9 |
| 5:2006 | 57.3 |
| 5:TOTAL | 44.1 |
Flaw Terminology -------------------
Type: other
Rank: [N/A]
Total vulns: 2467
Desc:
Other vulnerability; issue could not be described in version of taxonomy that was available at the time the flaw type was determined.
Rank: [1]
Total vulns: 2247
Desc:
Cross-site scripting (aka XSS)
Rank: [2]
Total vulns: 2156
Desc:
Buffer overflow
Rank: [N/A]
Total vulns: 1461
Desc:
Unknown vulnerability; report is too vague, or issue could not be described in version of taxonomy that was available at the time the flaw type was determined.
Rank: [3]
Total vulns: 1416
Desc:
SQL injection vulnerability
Rank: [N/A]
Total vulns: 1119
Desc:
The analyst has not assigned a flaw type to the issue.
Rank: [4]
Total vulns: 764
Desc:
Directory traversal (file access via ".." or variants)
Rank: [5]
Total vulns: 561
Desc:
PHP remote file inclusion
Rank: [6]
Total vulns: 540
Desc:
Information leak by a product, which is not the result of another vulnerability; typically by design or by producing different "answers" that suggest the state; often related to configuration / permissions or error reporting/handling.
Rank: [7]
Total vulns: 463
Desc:
DoS caused by malformed input
Rank: [8]
Total vulns: 329
Desc:
Symbolic link following
Rank: [9]
Total vulns: 296
Desc:
Format string vulnerability; user can inject format specifiers during string processing.
Rank: [10]
Total vulns: 261
Desc:
Cryptographic error (poor design or implementation)
Rank: [11]
Total vulns: 233
Desc:
Bad privilege assignment, or privileged process/action is unprotected/unauthenticated.
Rank: [12]
Total vulns: 218
Desc:
Unescaped shell metacharacters or other unquoted "special" char's; currently includes SQL injection but not XSS.
Rank: [13]
Total vulns: 215
Desc:
Assigns bad permissions, improperly calculates permissions, or improperly checks permissions
Rank: [14]
Total vulns: 160
Desc:
A numeric value can be incremented to the point where it overflows and begins at the minimum value, with security implications. Overlaps signedness errors.
Rank: [15]
Total vulns: 131
Desc:
DoS caused by flooding with a large number of *legitimately formatted* requests/etc.; normally DoS is a crash, or spending a lot more time on a task than it "should"
Rank: [16]
Total vulns: 125
Desc:
Default password
Rank: [17]
Total vulns: 124
Desc:
Weak/bad authentication problem
Rank: [18]
Total vulns: 88
Desc:
Storage of sensitive data under web document root with insufficient access control.
Rank: [19]
Total vulns: 81
Desc:
CGI program inherently trusts form field that should not be modified (i.e. should be stored locally)
Rank: [20]
Total vulns: 71
Desc:
Untrusted search path vulnerability - Relies on search paths to find other executable programs or files, opening up to Trojan horse attacks, e.g. PATH environment variable in Unix.
Rank: [21]
Total vulns: 69
Desc:
General race condition (NOT SYMBOLIC LINK FOLLOWING (link)!)
Rank: [22]
Total vulns: 61
Desc:
Memory leak (doesn't free memory when it should); use this instead of dos-release
Rank: [23]
Total vulns: 57
Desc:
Problem due to file names with MS-DOS device names.
Rank: [24]
Total vulns: 49
Desc:
Rank: [25]
Total vulns: 48
Desc:
Product is vulnerable to spoofing attacks, generally by not properly verifying authenticity.
Rank: [26]
Total vulns: 48
Desc:
Insecure default configuration, e.g. passwords or permissions
Rank: [27]
Total vulns: 46
Desc:
Java/etc. sandbox escape - NOT BY DOT-DOT!
Rank: [28]
Total vulns: 45
Desc:
Generation of insufficiently random numbers, typically by using easily guessable sources of "random" data
Rank: [29]
Total vulns: 43
Desc:
Rank: [30]
Total vulns: 38
Desc:
Signedness error; a numeric value in one format/representation is improperly handled when it is used as if it were another format/representation. Overlaps integer overflows and array index errors.
Rank: [31]
Total vulns: 30
Desc:
DoS because system does not properly release resources
Rank: [32]
Total vulns: 29
Desc:
General configuration problem
Rank: [33]
Total vulns: 25
Desc:
Eval injection
Rank: [34]
Total vulns: 23
Desc:
Design problem, generally in protocols or programming languages
Rank: [35]
Total vulns: 21
Desc:
Double-free vulnerability
Rank: [36]
Total vulns: 16
Desc:
Product incorrectly identifies the type of an input parameter or file, then dispatches the wrong "executable" (possibly itself) to process the input, or otherwise misrepresents the input in a security-critical way.
Rank: [37]
Total vulns: 16
Desc:
Rank: [38]
Total vulns: 2
Desc: