[Forgot Password]
Login  Register Subscribe

24128

 
 

131615

 
 

112965

 
 

909

 
 

87854

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

ID: 75Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: DRAFT
Abstraction Type: Class





Description

The software does not adequately filter user-controlled input for special elements with control implications.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Confidentiality
Availability
 
Modify application data
Execute unauthorized code or commands
 
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Requirements
 
 Programming languages and supporting technologies might be chosen which are not subject to these issues.
 
  
Implementation
 
 Utilize an appropriate mix of white-list and black-list parsing to filter special element syntax from all input.
 
  

Relationships

Related CWETypeViewChain
CWE-75 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Special Element Injection
 
 

References:
None

© SecPod Technologies