[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

ID: 75Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Class





Description

The software does not adequately filter user-controlled input for special elements with control implications.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Confidentiality
Availability
 
Modify application data
Execute unauthorized code or commands
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Requirements
 
 Programming languages and supporting technologies might be chosen which are not subject to these issues.
 
  
Implementation
 
 Utilize an appropriate mix of white-list and black-list parsing to filter special element syntax from all input.
 
  

Relationships

Related CWETypeViewChain
CWE-75 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Special Element Injection
 
 

References:
None

© 2013 SecPod Technologies