[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Modification of Assumed-Immutable Data (MAID)

ID: 471Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not properly protect an assumed-immutable element from being modified by an attacker.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 
Modify application data
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Architecture and Design
Operation
Implementation
 
 Implement proper protection for immutable data (e.g. environment variable, hidden form fields, etc.)
 
  

Relationships

Related CWETypeViewChain
CWE-471 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples   (Details)

  1. In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.

Observed Examples

  1. CVE-2002-1757 : Relies on $PHP_SELF variable for authentication.
  2. CVE-2005-1905 : Gain privileges by modifying assumed-immutable code addresses that are accessed by a driver.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Modification of Assumed-Immutable Data
 
 

References:
None

CVE    5
CVE-2021-37193
CVE-2021-37177
CVE-2021-42701
CVE-2020-26237
...

© SecPod Technologies