[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Origin Validation Error

ID: 346Date: (C)2012-05-14   (M)2017-11-07
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not properly verify that the source of data or communication is valid.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Access_Control
Other
 
Gain privileges / assume identity
Varies by context
 
 

Detection Methods
None

Potential Mitigations
None

Relationships
This is a factor in many weaknesses, both primary and resultant. The problem could be due to design or implementation. This is a fairly general class.

Related CWETypeViewChain
CWE-346 ChildOf CWE-898 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2000-1218 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
  2. CVE-2005-0877 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
  3. CVE-2001-1452 : DNS server caches glue records received from non-delegated name servers
  4. CVE-2005-2188 : user ID obtained from untrusted source (URL)
  5. CVE-2003-0174 : LDAP service does not verify if a particular attribute was set by the LDAP server
  6. CVE-1999-1549 : product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
  7. CVE-2003-0981 : product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Origin Validation Error
 
 

References:
None

© 2013 SecPod Technologies