2021年11月11日20:20:51评论71 views字数 786阅读2分37秒阅读模式

Category-1015: 限制访问

ID: 1015
Status: Draft

Summary

Weaknesses in this category are related to the design and architecture of system resources. Frequently these deal with restricting the amount of resources that are accessed by actors, such as memory, network connections, CPU or access points. The weaknesses in this category could lead to a degradation of the quality of authentication if they are not addressed when designing or implementing a secure architecture.

Membership

ID	NAME
CWE-201	通过发送数据的信息暴露
CWE-209	通过错误消息导致的信息暴露
CWE-212	敏感数据的不恰当跨边界移除
CWE-243	未改变工作目录时创建chroot Jail
CWE-250	带着不必要的权限执行
CWE-610	资源在另一范围的外部可控制索引
CWE-611	XML外部实体引用的不恰当限制（XXE）
CWE-73	文件名或路径的外部可控制

References

REF-9 A Catalog of Security Architecture Weaknesses.
REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-1015: 限制访问

Category-1015: 限制访问

Summary

Membership

References

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信