Category-417: 通道和路径错误
ID: 417
Status: Draft
Summary
Weaknesses in this category are related to improper handling of communication channels and access paths.
Membership
| ID | NAME |
|---|---|
| CWE-419 | 未保护的主要通道 |
| CWE-420 | 未保护的候选通道 |
| CWE-424 | 对候选路径的不恰当保护 |
| CWE-426 | 不可信的搜索路径 |
| CWE-427 | 对搜索路径元素未加控制 |
| CWE-428 | 未经引用的搜索路径或元素 |
| CWE-514 | 隐蔽通道 |
Taxonomy Mappings
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | CHAP.VIRTFILE | Channel and Path Errors |
Notes
Relationship
A number of vulnerabilities are specifically related to problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems. They are commonly used in "bypass" attacks, such as those that exploit authentication errors.
Maintenance
This category is being considered for deprecation. It is not clear whether communication channels are related closely enough to access paths. In addition, the "path" term is probably assumed by many readers to be associated with file paths, as opposed to the original meaning as intended in PLOVER.
Research Gap
Most of these issues are probably under-studied. Only a handful of public reports exist.
文章来源于互联网:scap中文网
相关推荐: CWE-383 J2EE不安全实践:直接使用线程
CWE-383 J2EE不安全实践:直接使用线程 J2EE Bad Practices: Direct Use of Threads 结构: Simple Abstraction: Variant 状态: Draft 被利用可能性: unkown 基本描述 T…
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论