Category-864: 2011 Top 25 - Insecure Interaction Between Components

  • A+
所属分类:CWE(弱点枚举)

Category-864: 2011 Top 25 - Insecure Interaction Between Components

ID: 864
Status: Obsolete

Summary

Weaknesses in this category are listed in the "Insecure Interaction Between Components" section of the 2011 CWE/SANS Top 25 Most Dangerous Software Errors.

Membership

ID NAME
CWE-352 跨站请求伪造(CSRF)
CWE-434 危险类型文件的不加限制上传
CWE-601 指向未可信站点的URL重定向(开放重定向)
CWE-78 OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
CWE-79 在Web页面生成时对输入的转义处理不恰当(跨站脚本)
CWE-829 从非可信控制范围包含功能例程
CWE-89 SQL命令中使用的特殊元素转义处理不恰当(SQL注入)

References

REF-843 2011 CWE/SANS Top 25 Most Dangerous Software Errors

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: