[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Incomplete Filtering of Special Elements

ID: 791Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 		Unexpected state
 		 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-791 ChildOf CWE-790 Weakness CWE-1000  

Demonstrative Examples   (Details)

  1. The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path. (Demonstrative Example Id DX-2)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

© SecPod Technologies