CWE-183 宽松定义的白名单
Permissive Whitelist
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
An application uses a "whitelist" of acceptable values, but the whitelist includes at least one unsafe value, leading to resultant weaknesses.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 697 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: CanPrecede cwe_CWE_ID: 434 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
范围 | 影响 | 注释 |
---|---|---|
Access Control | Bypass Protection Mechanism |
分类映射
映射的分类名 | ImNode ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Permissive Whitelist |
相关攻击模式
- CAPEC-120
- CAPEC-3
- CAPEC-43
- CAPEC-71
引用
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论