From 70d16f43575455ba044ee8f5a20116af638e1175 Mon Sep 17 00:00:00 2001 From: Uditbhardwajj Date: Sun, 22 Mar 2026 15:49:36 +0530 Subject: [PATCH 1/2] Improper Check for Certificate Revocation Updated CWE-298 and CWE-299 names to match official CWE definitions. --- 2025/docs/en/A07_2025-Authentication_Failures.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/2025/docs/en/A07_2025-Authentication_Failures.md b/2025/docs/en/A07_2025-Authentication_Failures.md index 2d3077107..2a1213853 100644 --- a/2025/docs/en/A07_2025-Authentication_Failures.md +++ b/2025/docs/en/A07_2025-Authentication_Failures.md @@ -148,9 +148,9 @@ When an attacker is able to trick a system into recognizing an invalid or incorr * [CWE-297 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/297.html) -* [CWE-298 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/298.html) +* [CWE-298 Improper Validation of Certificate Expiration](https://cwe.mitre.org/data/definitions/298.html) -* [CWE-299 Improper Validation of Certificate with Host Mismatch](https://cwe.mitre.org/data/definitions/299.html) +* [CWE-299 Improper Check for Certificate Revocation](https://cwe.mitre.org/data/definitions/299.html) * [CWE-300 Channel Accessible by Non-Endpoint](https://cwe.mitre.org/data/definitions/300.html) From a4801995fe43178c44d65db4fcae2ef6d16348f4 Mon Sep 17 00:00:00 2001 From: Uditbhardwajj Date: Sun, 22 Mar 2026 15:50:22 +0530 Subject: [PATCH 2/2] Correct CWE-221 description in security logging document MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CWE-221: Fixed typo ("of" → "or") --- 2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md b/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md index 630f0fb74..9cc11e736 100644 --- a/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md +++ b/2025/docs/en/A09_2025-Security_Logging_and_Alerting_Failures.md @@ -127,7 +127,7 @@ There are commercial and open-source application protection products such as the * [CWE-117 Improper Output Neutralization for Logs](https://cwe.mitre.org/data/definitions/117.html) -* [CWE-221 Information Loss of Omission](https://cwe.mitre.org/data/definitions/221.html) +* [CWE-221 Information Loss or Omission](https://cwe.mitre.org/data/definitions/221.html) * [CWE-223 Omission of Security-relevant Information](https://cwe.mitre.org/data/definitions/223.html)