{
	"id": "12dd10c3-d76f-452b-86a2-ddb82c2fb31c",
	"created_at": "2026-04-06T00:07:34.806643Z",
	"updated_at": "2026-04-10T13:11:26.48943Z",
	"deleted_at": null,
	"sha1_hash": "293b0e48b909f5130aae18f8021276896576cd15",
	"title": "CWE - CWE-227: CWE CATEGORY: 7PK",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45561,
	"plain_text": "CWE - CWE-227: CWE CATEGORY: 7PK\r\nArchived: 2026-04-05 15:33:07 UTC\r\nCWE CATEGORY: 7PK - API Abuse\r\nCategory ID: 227\r\nVulnerability Mapping: PROHIBITED This CWE ID must not be used to map to real-world vulnerabilities\r\n Summary\r\nThis category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes\r\nweaknesses that involve the software using an API in a manner contrary to its intended use. According to the authors of the\r\nSeven Pernicious Kingdoms, \"An API is a contract between a caller and a callee. The most common forms of API misuse\r\noccurs when the caller does not honor its end of this contract. For example, if a program does not call chdir() after calling\r\nchroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good\r\nexample of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller\r\nmisuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication\r\npurposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses\r\nSecureRandom and returns a non-random value, the contract is violated.\"\r\n Membership\r\nNature Type\r\nMemberOf View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) an\r\nMemberOf Category - a CWE entry that contains a set of other entries that share a common characteristic.\r\nHasMember Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods\r\nHasMember Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific th\r\nHasMember Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific th\r\nHasMember Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific th\r\nHasMember Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific th\r\nhttps://cwe.mitre.org/data/definitions/227.html\r\nPage 1 of 4\n\nHasMember Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods\r\nHasMember Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods\r\nHasMember Category - a CWE entry that contains a set of other entries that share a common characteristic.\r\nHasMember Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods\r\nHasMember Variant - a weakness that is linked to a certain type of product, typically involving a specific language or technology. More specific th\r\n Vulnerability Mapping Notes\r\nUsage: PROHIBITED\r\n(this CWE ID must not be used to map to real-world vulnerabilities)\r\nReason: Category\r\nRationale:\r\nThis entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal\r\norganizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing.\r\nHowever, they are not weaknesses in themselves.\r\nComments:\r\nSee member weaknesses of this category.\r\n References\r\n Content History\r\n Submissions\r\nSubmission Date Submitter Organization\r\n2006-07-19\r\n(CWE Draft 3, 2006-07-19)\r\n7 Pernicious Kingdoms\r\n Modifications\r\nModification Date Modifier Organization\r\n2008-07-01\r\nEric Dalci Cigital\r\nupdated Time_of_Introduction\r\n2008-09-08\r\nCWE Content Team MITRE\r\nupdated Description, Relationships, Taxonomy_Mappings\r\n2009-05-27\r\nCWE Content Team MITRE\r\nupdated Name, Relationships\r\nhttps://cwe.mitre.org/data/definitions/227.html\r\nPage 2 of 4\n\nSubmissions\r\n2010-02-16\r\nCWE Content Team MITRE\r\nupdated Relationships, Taxonomy_Mappings\r\n2010-12-13\r\nCWE Content Team MITRE\r\nupdated Description\r\n2011-03-29\r\nCWE Content Team MITRE\r\nupdated Description, Name\r\n2011-06-01\r\nCWE Content Team MITRE\r\nupdated Common_Consequences\r\n2011-06-27\r\nCWE Content Team MITRE\r\nupdated Common_Consequences\r\n2012-05-11\r\nCWE Content Team MITRE\r\nupdated Relationships\r\n2012-10-30\r\nCWE Content Team MITRE\r\nupdated Observed_Examples, Potential_Mitigations\r\n2013-07-17\r\nCWE Content Team MITRE\r\nupdated Relationships\r\n2014-07-30\r\nCWE Content Team MITRE\r\nupdated Relationships\r\n2017-01-19\r\nCWE Content Team MITRE\r\nupdated Relationships\r\n2017-05-03\r\nCWE Content Team MITRE\r\nupdated Observed_Examples, Related_Attack_Patterns\r\n2017-11-08\r\nCWE Content Team MITRE\r\nupdated Alternate_Terms, Common_Consequences, Description, Name,\r\nObserved_Examples, Potential_Mitigations, References, Related_Attack_Patterns,\r\nRelationships, Taxonomy_Mappings, Time_of_Introduction, Type\r\n2019-01-03\r\nCWE Content Team MITRE\r\nupdated Relationships\r\n2020-02-24\r\nCWE Content Team MITRE\r\nupdated Description, References, Relationships\r\n2023-04-27\r\nCWE Content Team MITRE\r\nupdated Mapping_Notes\r\n2023-06-29\r\nCWE Content Team MITRE\r\nupdated Mapping_Notes\r\n Previous Entry Names\r\nChange Date Previous Entry Name\r\n2008-04-11 API Abuse\r\n2009-05-27 Failure to Fulfill API Contract (aka 'API Abuse')\r\n2011-03-29 Failure to Fulfill API Contract ('API Abuse')\r\n2017-11-08 Improper Fulfillment of API Contract ('API Abuse')\r\nhttps://cwe.mitre.org/data/definitions/227.html\r\nPage 3 of 4\n\nSource: https://cwe.mitre.org/data/definitions/227.html\r\nhttps://cwe.mitre.org/data/definitions/227.html\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://cwe.mitre.org/data/definitions/227.html"
	],
	"report_names": [
		"227.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434054,
	"ts_updated_at": 1775826686,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/293b0e48b909f5130aae18f8021276896576cd15.pdf",
		"text": "https://archive.orkl.eu/293b0e48b909f5130aae18f8021276896576cd15.txt",
		"img": "https://archive.orkl.eu/293b0e48b909f5130aae18f8021276896576cd15.jpg"
	}
}