Insufficient Control Flow Management
Weakness ID: 691 (Weakness Class)Status: Draft
+ Description

Description Summary

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Other Notes

This is a fairly high-level concept, although it covers a number of weaknesses in CWE that were more scattered throughout the Research view (CWE-1000) before Draft 9 was released.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class94Failure to Control Generation of Code ('Code Injection')
Research Concepts1000
ParentOfWeakness BaseWeakness Base248Uncaught Exception
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class362Race Condition
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base395Use of NullPointerException Catch to Detect NULL Pointer Dereference
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base430Deployment of Wrong Handler
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base431Missing Handler
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base432Dangerous Handler not Disabled During Sensitive Operations
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant479Unsafe Function Call from a Signal Handler
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base600Failure to Catch All Exceptions in Servlet
Research Concepts1000
ParentOfWeakness VariantWeakness Variant623Unsafe ActiveX Control Marked Safe For Scripting
Research Concepts1000
ParentOfWeakness BaseWeakness Base662Insufficient Synchronization
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class670Always-Incorrect Control Flow Implementation
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base674Uncontrolled Recursion
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class696Incorrect Behavior Order
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class705Incorrect Control Flow Scoping
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base749Exposed Dangerous Method or Function
Research Concepts1000
ParentOfWeakness VariantWeakness Variant768Incorrect Short Circuit Evaluation
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class799Improper Control of Interaction Frequency
Research Concepts (primary)1000
MemberOfViewView1000Research Concepts
Research Concepts (primary)1000
+ Relevant Properties
  • Validity
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
WASC40Insufficient Process Validation
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
29Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
+ Content History
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes
2008-11-24CWE Content TeamMITREInternal
updated Relationships
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns
2009-05-27CWE Content TeamMITREInternal
updated Relationships