Origin Validation Error
|ID: 346||Date: (C)2012-05-14 (M)2018-05-09|
|Type: weakness||Status: DRAFT|
|Abstraction Type: Base|
The software does not properly verify that the source of data
or communication is valid.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
Related Attack Patterns
|Access_ControlOther ||Gain privileges / assume
identityVaries by context || |
RelationshipsThis is a factor in many weaknesses, both primary and resultant. The
problem could be due to design or implementation. This is a fairly general
|CWE-346 ChildOf CWE-898 ||Category ||CWE-888 || |
- CVE-2000-1218 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2005-0877 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2001-1452 : DNS server caches glue records received from non-delegated name servers
- CVE-2005-2188 : user ID obtained from untrusted source (URL)
- CVE-2003-0174 : LDAP service does not verify if a particular attribute was set by the LDAP server
- CVE-1999-1549 : product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
- CVE-2003-0981 : product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
|PLOVER || ||Origin Validation Error || |