Canmove, confirm, emeritus
2,776
edits
Changes
→Additional Status Codes or Whiteboard Tracking Tags
! style="width:10%"| Description
|-
| csec-bufferbounds || client security issues due to incorrect boundary conditions (read or write)|-|csec-disclosure || Disclosure of sensitive user data, personal information, etc in a client product. |-|csec-dos || Used to tag client Denial of Service bugs. For web server denial of service bugs please use wsec-dos as these tend to be more severe. Search 28|-|csec-intoverflow || client security issues due to integer overflow |-|csec-oom || A client crash or hang that occurs in Out Of Memory conditions Search 2|-|csec-other || client security issues that don't fit into other categories |-|csec-priv-overrunescalation || client privilege escalation security issues | The identified flaw is -|csec-sop || violations of the client Same Origin Policy (Universal-XSS bugs, for example). |-|csec-uaf || client security issues due to a buffer overrunuse-after-free Search 1|-|csec-ui-redress || client security issues due to UI Redress attacks, either site-on-site ("clickjacking" and friends) or manipulation of the browser UI to fool users into taking the wrong action. |-|csec-uninitialized || client security issues due to use of uninitialized memory |-|csec-wildptr || client security issues due to pointer misuse not otherwise covered (see csec-uaf, csec-uninitialized, csec-intoverflow, csec-bounds)
|-
|}
! style="width:10%"| Description
|-
| wsec-xssauthentication || Website or server authentication security issues (lockouts, password policy, etc)|-|wsec-authorization || web/server authorization security issues|-|wsec-cookie || Cookie related errors (HTTPOnly / Secure Flag, incorrect domain / path)|-| The identified flaw is wsec-crossdomain || Issue such as x-frame-options, crossdomain.xml, cross site scripting flawsharing settings|-|wsec-crypto || Crypto related items such as password hashing|-|wsec-csrf || Cross-Site Request Forgery (CSRF) bugs in server products|-|wsec-disclosure || Disclosure of sensitive data, personal information, etc from a web service|-|wsec-dos || Used to denote web server Denial of Service bugs. For similar bugs in client software please use csec-dos instead.|-|wsec-errorhandling || Any error handling issue|-|wsec-impersonation || Impersonation / Spoofing attacks (UI Redress, etc) |-|wsec-injection || Injection attacks other than SQLi or XSS |-|wsec-input || Failure to perform input validation. Most often you will probably use the xss tag instead|-|wsec-logging || Logging issues such as requests for CEF log points.|-|wsec-other || web/server security issues that don't fit into other categories|-|wsec-session || Issues related to sesson management (Session fixation, etc)|-|wsec-sqli || SQL Injection |-|wsec-xss || Cross-Site Scripting (XSS) bugs in server products
|-
|}
