[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248585

 
 

909

 
 

195621

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Only Filtering Special Elements at an Absolute Position

ID: 797Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Variant





Description

The software receives data from an upstream component, but only accounts for special elements at an absolute position (e.g. "byte number 10"), thereby missing remaining special elements that may exist before sending it to a downstream component.

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 		Unexpected state
 		 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-797 ChildOf CWE-795 Weakness CWE-1000  

Demonstrative Examples   (Details)

  1. The following code takes untrusted input and uses a substring function to filter a 3-character "../" element located at the 0-index position of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path. (Demonstrative Example Id DX-4)

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

© SecPod Technologies