This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of KeySight N6841A RF Sensor. Authentication is not required to exploit this vulnerability.
FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about new ransomware as infections can cause severe damage to the affected machines and organizations. This Threat Signal covers Yashma ransomware, GoodWill ransomware and Horsemagyar ransomware along with Fortinet protections against them.What is Yashma Ransomware?Yashma ransomware is a new and is generated through Yashma ransomware builder. It is claimed as the sixth version of Chaos ransomware builder. Reportedly, compared to the fifth version, Yashma ransomware builder now supports the “forbidden country” option which attackers can choose not to run the generated ransomware based on the victim’s location. The new builder also enables the ransomware to stop a wide variety of services running on the compromised machine such as anti-malware solutions, and Remote Desktop and Backup services. Additionally, it is important to note that from the fifth version of Chaos ransomware builder, the crafted ransomware can successfully encrypt files larger than 2,117,152 bytes and no longer corrupts them.A known sample of Yashma ransomware has the following ransom note:All of your files have been encrypted with Yashma ransomwareYour computer was infected with a ransomware. Your files have been encrypted and you won’tbe able to decrypt them without our help.What can I do to get my files back?You can buy our specialdecryption software, this software will allow you to recover all of your data and remove theransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.How do I pay, where do I get Bitcoin?Purchasing Bitcoin varies from country to country, you are best advised to do a quick google searchyourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:Coinmama – hxxps://www[.]coinmama[.]com Bitpanda – hxxps://www[.]bitpanda[.]comPayment informationAmount: 0.1473766 BTCBitcoin Address: [removed] At the time of this writing, the attacker’s bitcoin wallet has no transactions.FortiGuard Labs previously released several blogs on Chaos ransomware. See the Appendix for links to “Chaos Ransomware Variant Sides with Russia” and “Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers”.What is the Status of Coverage for Yashma ransomware?FortiGuard Labs provides the following AV coverage against a known sample of Yashma ransomware:MSIL/Filecoder.APU!tr.ransomWhat is GoodWill Ransomware?GoodWill ransomware was recently discovered, however it appears to have been first observed in March 2022. The ransomware encrypts files on the compromised machine and adds a “.gdwill” file extension to the affected files.Unlike other ransomware that demands ransom to recover the encrypted files, GoodWill asks the victim to do three good deeds. Firstly, the victim must provide clothes and blankets to needy people on the street. Secondly, the victim must feed dinner to five children at a pizza or fried chicken joint. Lastly, the victim must visit a local hospital and provide financial assistance to those in need. After finishing each deed, proof must be provided to the attacker, and a decryption tool and video instruction will be provided to the victim after completing all the deeds.What is the Status of Coverage for GoodWill ransomware?FortiGuard Labs provides the following AV coverage against GoodWill ransomware:MSIL/Filecoder.AGR!tr.ransomWhat is Horsemagyar Ransomware?Horsemagyar ransomware is a new variant of Sojusz ransomware that was recently discovered. It encrypts files on the compromised machine and adds “.[10 digit ID number].spanielearslook.likeoldboobs” file extension to the encrypted files. The ransomware leaves a ransom note as Horse.txt. The first sighting of Sojusz ransomware goes back to February, 2022 and it added a “.[10 digit ID number].[attacker’s email address].bec” extension to the files it encrypted.Example of ransom note left behind by Horsemagyar ransomware is below:::: Hello my dear friend :::Unfortunately for you, a major IT security weakness left you open to attack, your files have been encryptedIf you want to restore them,write to our skype – [removed] DECRYPTIONAlso you can write ICQ live chat which works 24/7 @[removed]Install ICQ software on your PC https://icq[.]com/windows/ or on your mobile phone search in Appstore / Google market ICQWrite to our ICQ @HORSEMAGYAR https://icq[.]im/[removed]If we not reply in 6 hours you can write to our mail but use it only if previous methods not working – [removed]@onionmail.orgAttention!* Do not rename encrypted files.* Do not try to decrypt your data using third party software, it may cause permanent data loss.* We are always ready to cooperate and find the best way to solve your problem.* The faster you write, the more favorable the conditions will be for you.* Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of themWe respect your time and waiting for respond from your sidetell your MachineID: MAHINE_ID and LaunchID: LAUNCH__IDSensitive data on your system was DOWNLOADED.If you DON’T WANT your sensitive data to be PUBLISHED you have to act quickly.Data includes:- Employees personal data, CVs, DL, SSN.- Complete network map including credentials for local and remote services.- Private financial information including: clients data, bills, budgets, annual reports, bank statements.- Manufacturing documents including: datagrams, schemas, drawings in solidworks format- And more…What is the Status of Coverage against Horsemagyar Ransomware?FortiGuard Labs provides the following AV coverage against Horsemagyar ransomware:W32/Filecoder.NSF!tr.ransomAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) advisory.
CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.
The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities
The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.
Please check our post about Vulnerability Analysis to learn more about CWE usage.
Please find a list of all the CWE below or use the search box above to find a specific CWE.
Description An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. Public static variables can be read without an accessor and changed without a mutator by any classes in the application. When a field is declared public but not final, the field can…
Description The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation…
Description The accidental addition of a data-structure sentinel can cause serious programming logic problems. Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to…
Description A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-119 CWE-20 Consequences Confidentiality, Integrity: Read Memory, Modify Memory Potential Mitigations CVE References
Description The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated. The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on…
Description In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. Modes of Introduction: – Implementation Likelihood of Exploit: Medium Related Weaknesses CWE-682 Consequences Confidentiality, Integrity: Read Memory, Modify Memory Incorrect pointer scaling will often result in buffer…
Description The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk. Modes of Introduction: – Implementation Likelihood of Exploit: Medium Related Weaknesses CWE-682 Consequences Access Control, Integrity, Confidentiality, Availability: Modify Memory, Read Memory,…
Description A software system that accepts path input in the form of leading space (‘ filedir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-41 Consequences Confidentiality, Integrity:…
Description The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select…
Description The software does not properly protect an assumed-immutable element from being modified by an attacker. This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such…
Description The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. Modes of Introduction: – Implementation Related Weaknesses CWE-642 CWE-471 Consequences Integrity: Modify Application Data Without appropriate protection mechanisms, the client can easily tamper with cookies and similar…
Description A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise. Modes of Introduction: – Implementation Related Weaknesses CWE-471 CWE-98 Consequences Integrity: Modify Application Data Potential Mitigations…
Description The code uses a function that has inconsistent implementations across operating systems and versions. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-758 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations Phase: Architecture and Design, Requirements Description: Do not accept inconsistent behavior from the API specifications when the…
Description The behavior of this function is undefined unless its control parameter is set to a specific value. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-573 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations CVE References
Description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions. Modes of Introduction: – Implementation Likelihood of Exploit: Medium…
Description The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. Modes of Introduction: – Implementation Related Weaknesses CWE-710 Consequences Other: Quality Degradation Potential Mitigations Phase: Implementation Description: Refer to the documentation for the obsolete function in order to determine why it…
Description The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses. This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are…
Description The program defines a signal handler that calls a non-reentrant function. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Low Related Weaknesses CWE-828 CWE-663 CWE-123 Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands It may be possible to execute arbitrary code through the use of a write-what-where condition.…
Description A software system that accepts path input in the form of internal space (‘file(SPACE)name’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-41 Consequences Confidentiality, Integrity: Read…
Description The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. These types of errors are generally the result of a typo. Modes of Introduction: – Implementation Likelihood of Exploit: Low Related Weaknesses CWE-670 Consequences Other: Alter Execution Logic This weakness can cause unintended logic to be…
Description The code uses an operator for assignment when the intention was to perform a comparison. In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison…
Description The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused. Modes of Introduction: – Implementation Likelihood of Exploit: Low Related Weaknesses CWE-480 Consequences Availability, Integrity: Unexpected State…
Description This weakness can be found at CWE-113. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
Description When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it. Modes…
Description The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false…
Description A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-446 CWE-671 Consequences Other: Varies by Context Potential Mitigations Phase: Testing…
Description A UI function is obsolete and the product does not warn the user. Modes of Introduction: – Implementation Related Weaknesses CWE-446 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations Phase: Architecture and Design Description: Remove the obsolete feature from the UI. Warn the user that the feature is no…
Description The UI performs the wrong action with respect to the user’s request. Modes of Introduction: – Implementation Related Weaknesses CWE-446 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations Phase: Testing Description: Perform extensive functionality testing of the UI. The UI should behave as specified. CVE References CVE-2001-1387 Network firewall…
Description A software system that accepts path input in the form of multiple internal dot (‘file…dir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-44 CWE-165 Consequences Confidentiality,…
Description The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-357 Consequences Other: Varies by Context Potential Mitigations Phase: Implementation Description: Phase: Implementation Description: Inputs should be decoded and canonicalized…
Description The user interface (UI) does not properly represent critical information to the user, allowing the information – or its source – to be obscured or spoofed. This is often a component in phishing attacks. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-684 CWE-221 CWE-346 Consequences Non-Repudiation, Access Control: Hide…
Description The software, by default, initializes an internal variable with an insecure or less secure value than is possible. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-1188 Consequences Integrity: Modify Application Data An attacker could gain access to and modify sensitive data or system information. Potential Mitigations Phase: System…
Description The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors. A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can…
Description The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error, which can cause the software to execute in a less secure fashion than intended by the administrator. Modes of Introduction: – Architecture and Design Related Weaknesses…
Description The software does not initialize critical variables, which causes the execution environment to use unexpected values. Modes of Introduction: – Implementation Related Weaknesses CWE-909 CWE-665 CWE-665 CWE-89 CWE-120 CWE-98 CWE-457 Consequences Integrity, Other: Unexpected State, Quality Degradation, Varies by Context The uninitialized data may be invalid, causing logic errors within the…
Description The code uses a variable that has not been initialized, leading to unpredictable or unintended results. In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read…
Description This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
Description The software does not properly “clean up” and remove temporary or supporting resources after they have been used. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-404 CWE-404 Consequences Other, Confidentiality, Integrity: Other, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other) It is possible to overflow the number…
Description A software system that accepts path input in the form of trailing space (‘filedir ‘) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-41 CWE-162 CWE-289 Consequences…
Description The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary…
Description Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error. A duplicate key entry — if the alist is designed properly — could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an…
Description The accidental deletion of a data-structure sentinel can cause serious programming logic problems. Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the…
Description The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-420 CWE-360 Consequences Access Control:…
Description This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441. Modes of Introduction: Related Weaknesses Consequences Potential Mitigations CVE References
Description The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-693 CWE-638 Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity Potential Mitigations Phase: Architecture and Design Description: Deploy…
Description The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path. Modes of Introduction:…
Description The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application’s direct control. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-642 CWE-668 CWE-673 CWE-427 CWE-428 Consequences Integrity, Confidentiality, Availability, Access Control: Gain Privileges or…
Description The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. Modes of Introduction: – Implementation Related Weaknesses CWE-668 CWE-668 Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands Potential Mitigations Phase: Architecture…
Description The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as…
Description A software system that accepts path input in the form of multiple trailing dot (‘filedir….’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-42 CWE-163 Consequences Confidentiality,…
Description The wrong “handler” is assigned to process an object. An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically “determining” type of the object even if it is contradictory to an explicitly specified type. Modes of Introduction: – Implementation Related…
Description A handler is not available or implemented. When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution. Modes of Introduction: – Implementation Related Weaknesses CWE-691 CWE-433 Consequences Other: Varies by Context …
Description The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running. During the execution of a signal handler, it can be interrupted by another handler when a different signal is…
Description The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server. If code is stored in a file with an extension such as “.inc” or “.pl”, and the web server does not have a handler for that extension, then the server…
Description The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. Modes of Introduction: – Implementation Likelihood of Exploit: Medium Related Weaknesses CWE-669 CWE-669 CWE-351 CWE-436 CWE-430 Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands Arbitrary code execution is…
Description An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. When a system or process combines multiple independent components, this often produces new, emergent behaviors at…
Description Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state. This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to…
Description A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint’s features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-436 …
Description A’s behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-435 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations CVE References CVE-2002-1976 Linux kernel 2.2 and above…
Description A software system that accepts path input in the form of internal dot (‘file.ordir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-41 Consequences Confidentiality, Integrity: Read…
Description A feature, API, or function does not perform according to its specification. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-684 Consequences Other: Quality Degradation, Varies by Context Potential Mitigations CVE References CVE-2003-0187 Program uses large timeouts on “undeserving” to compensate for inconsistency of support for linked lists. CVE-2003-0465…
Description The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product’s control sphere. This causes the product to appear to be the source of the request,…
Description The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers…
Description The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-668 Consequences Confidentiality: Read Application Data Potential Mitigations CVE References
Description A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors. When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might…
Description The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.…
Description Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system…
Description The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended…
Description An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Low Related Weaknesses CWE-405…
Description The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-405 CWE-696 Consequences Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory) System resources, CPU and…
Description The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example of data amplification is a “decompression bomb,” a small ZIP file that can produce a large amount of data when it is decompressed. Modes of Introduction: – Architecture and Design…
Description The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. Path equivalence is usually employed in order to circumvent access controls expressed using an…
Description The software’s resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources. Frequently the consequence is a “flood” of connection or sessions. Modes of Introduction: – Architecture and Design Related Weaknesses…
Description The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant…
Description The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software’s assumption that the resource will…
Description A product does not check to see if a lock is present before performing sensitive operations on a resource. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-667 Consequences Integrity, Availability: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart Potential Mitigations Phase: Architecture and Design, Implementation Description: …
Description The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program’s memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc()…
Description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Modes of Introduction: – Architecture and Design Likelihood of Exploit: High Related Weaknesses CWE-825 CWE-672 CWE-672 CWE-672 CWE-120 CWE-123 Consequences Integrity: Modify Memory The use of previously freed memory may corrupt valid…
Description The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-923 Consequences Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: Do not expose…
Description A software system that accepts path input in the form of trailing dot (‘filedir.’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-41 CWE-162 Consequences Access Control:…
Description The software protects a primary channel, but it does not use the same level of protection for an alternate channel. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-923 Consequences Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism Potential Mitigations Phase: Architecture and Design Description: Identify all…
Description The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race condition that allows an attacker to access the channel before the authorized user does. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-420 CWE-362 Consequences Access…
Description Creating and using insecure temporary files can leave application and system data vulnerable to attack. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-668 Consequences Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories Potential Mitigations CVE References
Description A software system that accepts input in the form of a backslash absolute path (‘absolutepathnamehere’) without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation Related Weaknesses CWE-36 Consequences Confidentiality, Integrity: Read Files or Directories, Modify Files…
Description A J2EE application uses System.exit(), which also shuts down its container. It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks. Modes of Introduction: – Implementation …
Description Thread management in a Web application is forbidden in some circumstances and is always highly error prone. Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of…
Description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-610 CWE-610 CWE-346 CWE-472 CWE-441 Consequences Access Control: Gain Privileges or Assume Identity Potential Mitigations Phase:…
Description Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Medium Related Weaknesses CWE-514 Consequences Confidentiality, Other: Read Application Data, Other Information…
Description A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-706 CWE-367 CWE-610 CWE-486 Consequences Access Control: Gain Privileges or Assume Identity The attacker can gain access to otherwise unauthorized resources.…
Description An attacker can inject a drive letter or Windows volume letter (‘C:dirname’) into a software system to potentially redirect access to an unintended location or arbitrary file. Modes of Introduction: – Implementation Related Weaknesses CWE-36 Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands The attacker may be able to create…
Description The software detects a specific error, but takes no actions to handle the error. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Medium Related Weaknesses CWE-755 CWE-401 Consequences Integrity, Other: Varies by Context, Unexpected State, Alter Execution Logic An attacker could utilize an ignored error condition to place the…
Description [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. Modes of Introduction: – Architecture and Design Likelihood of Exploit: Medium Related Weaknesses CWE-754 CWE-703 CWE-703 Consequences Integrity, Other: Varies by Context, Unexpected State,…
Description The software encounters an error but does not provide a status code or return value to indicate that an error has occurred. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-684 CWE-703 CWE-703 CWE-703 Consequences Integrity, Other: Varies by Context, Unexpected State Errors that are not properly reported could place…
Description A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status…
Description The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software. Modes of Introduction: – Architecture and Design Related Weaknesses CWE-754 Consequences Integrity, Other: Unexpected State, Alter Execution Logic Potential Mitigations CVE References CVE-2004-1395…
Description Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. Modes of Introduction: – Implementation Related Weaknesses CWE-705 CWE-755 Consequences Availability: DoS: Resource Consumption (CPU) Potential Mitigations Phase: Architecture and Design, Implementation Description: Do not extensively rely on catching exceptions (especially for…
Description Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Multiple catch blocks can get ugly and repetitive, but “condensing” catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the…
Description Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java’s exception mechanism, for example, is set up to make it easy for callers to anticipate…
Evgeny Kotkov discovered that subversion servers did not properly follow
path-based authorization rules in certain cases. An attacker could
potentially use this issue to retrieve information about private paths.
(CVE-2021-28544)
Thomas Weißschuh discovered that subversion servers did not properly handle
memory in certain configurations. A remote attacker could potentially use
this issue to cause a denial of service or other unspecified impact.
(CVE-2022-24070)
