Insufficient Type Distinction
Weakness ID: 351 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not properly distinguish between different types of elements in a way that leads to insecure behavior.
+ Time of Introduction
  • Implementation
+ Applicable Platforms



+ Observed Examples
CVE-2005-2260Browser user interface does not distinguish between user-initiated and synthetic events.
CVE-2005-2801Product does not compare all required data in two separate elements, causing it to think they are the same, leading to loss of ACLs. Similar to Same Name error.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Development Concepts (primary)699
Research Concepts (primary)1000
PeerOfWeakness BaseWeakness Base436Interpretation Conflict
Research Concepts1000
PeerOfWeakness BaseWeakness Base434Unrestricted Upload of File with Dangerous Type
Research Concepts1000
+ Relationship Notes

Overlaps others, e.g. Multiple Interpretation Errors.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERInsufficient Type Distinction
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Relationship Notes, Taxonomy Mappings