CWE-706 使用不正确的解析名称或索引

  • A+
所属分类:CWE(弱点枚举)

CWE-706 使用不正确的解析名称或索引

Use of Incorrectly-Resolved Name or Reference

结构: Simple

Abstraction: Class

状态: Incomplete

被利用可能性: unkown

基本描述

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 99 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data']

相关攻击模式

  • CAPEC-159
  • CAPEC-177
  • CAPEC-48
  • CAPEC-641

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: