2021年12月16日16:00:58评论45 views字数 945阅读3分9秒阅读模式

CWE-349 在可信数据中接受外来的不可信数据

Acceptance of Extraneous Untrusted Data With Trusted Data

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

The software, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围	影响	注释
['Access Control', 'Integrity']	['Bypass Protection Mechanism', 'Modify Application Data']	An attacker could package untrusted data with trusted data to bypass protection mechanisms to gain access to and possibly modify sensitive data.

分析过的案例

标识	说明	链接

分类映射

映射的分类名	ImNode ID	Fit	Mapped Node Name
PLOVER			Untrusted Data Appended with Trusted Data
The CERT Oracle Secure Coding Standard for Java (2011)	ENV01-J		Place all security-sensitive code in a single JAR and sign and seal it

CWE-349 在可信数据中接受外来的不可信数据

CWE-349 在可信数据中接受外来的不可信数据

Acceptance of Extraneous Untrusted Data With Trusted Data

基本描述

相关缺陷

适用平台

常见的影响

分析过的案例

分类映射

相关攻击模式

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信