Ransomware Roundup – 2022/05/26

Read Time:4 Minute, 57 Second

FortiGuard Labs became aware of a number of new Ransomware strains for the week of May 23rd, 2022. It is imperative to raise awareness about new ransomware as infections can cause severe damage to the affected machines and organizations. This Threat Signal covers Yashma ransomware, GoodWill ransomware and Horsemagyar ransomware along with Fortinet protections against them.What is Yashma Ransomware?Yashma ransomware is a new and is generated through Yashma ransomware builder. It is claimed as the sixth version of Chaos ransomware builder. Reportedly, compared to the fifth version, Yashma ransomware builder now supports the “forbidden country” option which attackers can choose not to run the generated ransomware based on the victim’s location. The new builder also enables the ransomware to stop a wide variety of services running on the compromised machine such as anti-malware solutions, and Remote Desktop and Backup services. Additionally, it is important to note that from the fifth version of Chaos ransomware builder, the crafted ransomware can successfully encrypt files larger than 2,117,152 bytes and no longer corrupts them.A known sample of Yashma ransomware has the following ransom note:All of your files have been encrypted with Yashma ransomwareYour computer was infected with a ransomware. Your files have been encrypted and you won’tbe able to decrypt them without our help.What can I do to get my files back?You can buy our specialdecryption software, this software will allow you to recover all of your data and remove theransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only.How do I pay, where do I get Bitcoin?Purchasing Bitcoin varies from country to country, you are best advised to do a quick google searchyourself to find out how to buy Bitcoin.Many of our customers have reported these sites to be fast and reliable:Coinmama – hxxps://www[.]coinmama[.]com Bitpanda – hxxps://www[.]bitpanda[.]comPayment informationAmount: 0.1473766 BTCBitcoin Address: [removed] At the time of this writing, the attacker’s bitcoin wallet has no transactions.FortiGuard Labs previously released several blogs on Chaos ransomware. See the Appendix for links to “Chaos Ransomware Variant Sides with Russia” and “Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers”.What is the Status of Coverage for Yashma ransomware?FortiGuard Labs provides the following AV coverage against a known sample of Yashma ransomware:MSIL/Filecoder.APU!tr.ransomWhat is GoodWill Ransomware?GoodWill ransomware was recently discovered, however it appears to have been first observed in March 2022. The ransomware encrypts files on the compromised machine and adds a “.gdwill” file extension to the affected files.Unlike other ransomware that demands ransom to recover the encrypted files, GoodWill asks the victim to do three good deeds. Firstly, the victim must provide clothes and blankets to needy people on the street. Secondly, the victim must feed dinner to five children at a pizza or fried chicken joint. Lastly, the victim must visit a local hospital and provide financial assistance to those in need. After finishing each deed, proof must be provided to the attacker, and a decryption tool and video instruction will be provided to the victim after completing all the deeds.What is the Status of Coverage for GoodWill ransomware?FortiGuard Labs provides the following AV coverage against GoodWill ransomware:MSIL/Filecoder.AGR!tr.ransomWhat is Horsemagyar Ransomware?Horsemagyar ransomware is a new variant of Sojusz ransomware that was recently discovered. It encrypts files on the compromised machine and adds “.[10 digit ID number].spanielearslook.likeoldboobs” file extension to the encrypted files. The ransomware leaves a ransom note as Horse.txt. The first sighting of Sojusz ransomware goes back to February, 2022 and it added a “.[10 digit ID number].[attacker’s email address].bec” extension to the files it encrypted.Example of ransom note left behind by Horsemagyar ransomware is below:::: Hello my dear friend :::Unfortunately for you, a major IT security weakness left you open to attack, your files have been encryptedIf you want to restore them,write to our skype – [removed] DECRYPTIONAlso you can write ICQ live chat which works 24/7 @[removed]Install ICQ software on your PC https://icq[.]com/windows/ or on your mobile phone search in Appstore / Google market ICQWrite to our ICQ @HORSEMAGYAR https://icq[.]im/[removed]If we not reply in 6 hours you can write to our mail but use it only if previous methods not working – [removed]@onionmail.orgAttention!* Do not rename encrypted files.* Do not try to decrypt your data using third party software, it may cause permanent data loss.* We are always ready to cooperate and find the best way to solve your problem.* The faster you write, the more favorable the conditions will be for you.* Our company values its reputation. We give all guarantees of your files decryption,such as test decryption some of themWe respect your time and waiting for respond from your sidetell your MachineID: MAHINE_ID and LaunchID: LAUNCH__IDSensitive data on your system was DOWNLOADED.If you DON’T WANT your sensitive data to be PUBLISHED you have to act quickly.Data includes:- Employees personal data, CVs, DL, SSN.- Complete network map including credentials for local and remote services.- Private financial information including: clients data, bills, budgets, annual reports, bank statements.- Manufacturing documents including: datagrams, schemas, drawings in solidworks format- And more…What is the Status of Coverage against Horsemagyar Ransomware?FortiGuard Labs provides the following AV coverage against Horsemagyar ransomware:W32/Filecoder.NSF!tr.ransomAnything Else to Note?Victims of ransomware are cautioned against paying ransoms by such organizations as CISA, NCSC, the FBI, and HHS. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities which could potentially be illegal according to a U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) advisory.

Read More

CWE

Read Time:1 Minute, 11 Second

CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.

The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities

The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.

Please check our post about Vulnerability Analysis to learn more about CWE usage.

Please find a list of all the CWE below or use the search box above to find a specific CWE.

  • CWE-118 – Incorrect Access of Indexable Resource (‘Range Error’)

    Description The software does not restrict or incorrectly restricts operations within the boundaries of a resource that is accessed using an index or pointer, such as memory or files. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-664   Consequences Other: Varies by Context   Potential Mitigations CVE References

  • CWE-1187 – DEPRECATED: Use of Uninitialized Resource

    Description This entry has been deprecated because it was a duplicate of CWE-908. All content has been transferred to CWE-908. Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-1102 – Reliance on Machine-Dependent Data Representation

    Description The code uses a data representation that relies on low-level data representation or constructs that may vary across different processors, physical machines, OSes, or other physical components. Modes of Introduction:     Related Weaknesses CWE-758 CWE-1105   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1103 – Use of Platform-Dependent Third Party Components

    Description The product relies on third-party software components that do not provide equivalent functionality across all desirable platforms. Modes of Introduction:     Related Weaknesses CWE-758   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1104 – Use of Unmaintained Third Party Components

    Description The product relies on third-party components that are not actively supported or maintained by the original developer or a trusted proxy for the original developer. Modes of Introduction:     Related Weaknesses CWE-1357   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1105 – Insufficient Encapsulation of Machine-Dependent Functionality

    Description The product or code uses machine-dependent functionality, but it does not sufficiently encapsulate or isolate this functionality from the rest of the code. Modes of Introduction:     Related Weaknesses CWE-758 CWE-1061   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1106 – Insufficient Use of Symbolic Constants

    Description The source code uses literal constants that may need to change or evolve over time, instead of using symbolic constants. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1107 – Insufficient Isolation of Symbolic Constant Definitions

    Description The source code uses symbolic constants, but it does not sufficiently place the definitions of these constants into a more centralized or isolated location. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1108 – Excessive Reliance on Global Variables

    Description The code is structured in a way that relies too much on using or setting global variables throughout various points in the code, instead of preserving the associated information in a narrower, more local context. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1109 – Use of Same Variable for Multiple Purposes

    Description The code contains a callable, block, or other code element in which the same variable is used to control more than one unique task or store more than one instance of data. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-111 – Direct Use of Unsafe JNI

    Description When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that code, even if those weaknesses cannot occur in Java. Many safety features that programmers may take for granted do not apply for native code, so you must…

  • CWE-1110 – Incomplete Design Documentation

    Description The product’s design documentation does not adequately describe control flow, data flow, system initialization, relationships between tasks, components, rationales, or other important aspects of the design. Modes of Introduction:     Related Weaknesses CWE-1059   Consequences   Potential Mitigations CVE References

  • CWE-1111 – Incomplete I/O Documentation

    Description The product’s documentation does not adequately define inputs, outputs, or system/software interfaces. Modes of Introduction:     Related Weaknesses CWE-1059   Consequences   Potential Mitigations CVE References

  • CWE-1112 – Incomplete Documentation of Program Execution

    Description The document does not fully define all mechanisms that are used to control or influence how product-specific programs are executed. Modes of Introduction:     Related Weaknesses CWE-1059   Consequences   Potential Mitigations CVE References

  • CWE-1113 – Inappropriate Comment Style

    Description The source code uses comment styles or formats that are inconsistent or do not follow expected standards for the product. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences   Potential Mitigations CVE References

  • CWE-1114 – Inappropriate Whitespace Style

    Description The source code contains whitespace that is inconsistent across the code or does not follow expected standards for the product. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences   Potential Mitigations CVE References

  • CWE-1115 – Source Code Element without Standard Prologue

    Description The source code contains elements such as source files that do not consistently provide a prologue or header that has been standardized for the project. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences   Potential Mitigations CVE References

  • CWE-1116 – Inaccurate Comments

    Description The source code contains comments that do not accurately describe or explain aspects of the portion of the code with which the comment is associated. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1117 – Callable with Insufficient Behavioral Summary

    Description The code contains a function or method whose signature and/or associated inline documentation does not sufficiently describe the callable’s inputs, outputs, side effects, assumptions, or return codes. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1118 – Insufficient Documentation of Error Handling Techniques

    Description The documentation does not sufficiently describe the techniques that are used for error handling, exception processing, or similar mechanisms. Modes of Introduction:     Related Weaknesses CWE-1059   Consequences   Potential Mitigations CVE References

  • CWE-1119 – Excessive Use of Unconditional Branching

    Description The code uses too many unconditional branches (such as “goto”). Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-112 – Missing XML Validation

    Description The software accepts XML from an untrusted source but does not validate the XML against the proper schema. Most successful attacks begin with a violation of the programmer’s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected,…

  • CWE-1085 – Invokable Control Element with Excessive Volume of Commented-out Code

    Description A function, method, procedure, etc. contains an excessive amount of code that has been commented out within its body. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1086 – Class with Excessive Number of Child Classes

    Description A class contains an unnecessarily large number of children. Modes of Introduction:     Related Weaknesses CWE-1093   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1087 – Class with Virtual Method without a Virtual Destructor

    Description A class contains a virtual method, but the method does not have an associated virtual destructor. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1088 – Synchronous Access of Remote Resource without Timeout

    Description The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite. Modes of Introduction:     Related Weaknesses CWE-821   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1089 – Large Data Table with Excessive Number of Indices

    Description The software uses a large data table that contains an excessively large number of indices. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-109 – Struts: Validator Turned Off

    Description Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation. Modes of Introduction: – Implementation     Related Weaknesses CWE-1173 CWE-20   Consequences Access Control: Bypass Protection Mechanism   Potential Mitigations Phase: Implementation…

  • CWE-1090 – Method Containing Access of a Member Element from Another Class

    Description A method for a class performs an operation that directly accesses a member element from another class. Modes of Introduction:     Related Weaknesses CWE-1061   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1091 – Use of Object without Invoking Destructor Method

    Description The software contains a method that accesses an object but does not later invoke the element’s associated finalize/destructor method. Modes of Introduction:     Related Weaknesses CWE-772 CWE-1076   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1092 – Use of Same Invokable Control Element in Multiple Architectural Layers

    Description The software uses the same control element across multiple architectural layers. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1093 – Excessively Complex Data Representation

    Description The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1094 – Excessive Index Range Scan for a Data Resource

    Description The software contains an index range scan for a large data table, but the scan can cover a large number of rows. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1095 – Loop Condition Value Update within the Loop

    Description The software uses a loop with a control flow condition based on a value that is updated within the body of the loop. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1096 – Singleton Class Instance Creation without Proper Locking or Synchronization

    Description The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once. Modes of Introduction:     Related Weaknesses CWE-820 CWE-662 CWE-662   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1097 – Persistent Storable Data Element without Associated Comparison Control Element

    Description The software uses a storable data element that does not have all of the associated functions or methods that are necessary to support comparison. Modes of Introduction:     Related Weaknesses CWE-1076 CWE-595   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1098 – Data Element containing Pointer Item without Proper Copy Control Element

    Description The code contains a data element with a pointer that does not have an associated copy or constructor method. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1099 – Inconsistent Naming Conventions for Identifiers

    Description The product’s code, documentation, or other artifacts do not consistently use the same naming conventions for variables, callables, groups of related callables, I/O capabilities, data types, file names, or similar types of elements. Modes of Introduction:     Related Weaknesses CWE-1078   Consequences   Potential Mitigations CVE References

  • CWE-11 – ASP.NET Misconfiguration: Creating Debug Binary

    Description Debugging messages help attackers learn about the system and plan a form of attack. ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose…

  • CWE-110 – Struts: Validator Without Form Field

    Description Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date. Modes of Introduction: – Implementation     Related Weaknesses CWE-1164 CWE-20   Consequences Other: Other It is critically important that validation logic be maintained and kept in sync with the rest of the…

  • CWE-1100 – Insufficient Isolation of System-Dependent Functions

    Description The product or code does not isolate system-dependent functionality into separate standalone modules. Modes of Introduction:     Related Weaknesses CWE-1061   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1101 – Reliance on Runtime Component in Generated Code

    Description The product uses automatically-generated code that cannot be executed without a specific runtime support component. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1066 – Missing Serialization Control Element

    Description The software contains a serializable data element that does not have an associated serialization method. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1067 – Excessive Execution of Sequential Searches of Data Resource

    Description The software contains a data query against an SQL table or view that is configured in a way that does not utilize an index and may cause sequential searches to be performed. Modes of Introduction:     Related Weaknesses CWE-1176   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1068 – Inconsistency Between Implementation and Documented Design

    Description The implementation of the product is not consistent with the design as described within the relevant documentation. Modes of Introduction: – Implementation     Related Weaknesses CWE-710   Consequences   Potential Mitigations CVE References

  • CWE-1069 – Empty Exception Block

    Description An invokable code block contains an exception handling block that does not contain any code, i.e. is empty. Modes of Introduction:     Related Weaknesses CWE-1071   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-107 – Struts: Unused Validation Form

    Description An unused validation form indicates that validation logic is not up-to-date. It is easy for developers to forget to update validation logic when they remove or rename action form mappings. One indication that validation logic is not being properly maintained is the presence of an unused validation form. Modes of Introduction: – Implementation  …

  • CWE-1070 – Serializable Data Element Containing non-Serializable Item Elements

    Description The software contains a serializable, storable data element such as a field or member, but the data element contains member elements that are not serializable. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1071 – Empty Code Block

    Description The source code contains a block that does not contain any code, i.e., the block is empty. Modes of Introduction:     Related Weaknesses CWE-1164   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1072 – Data Resource Access without Use of Connection Pooling

    Description The software accesses a data resource through a database without using a connection pooling capability. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1073 – Non-SQL Invokable Control Element with Excessive Number of Data Resource Accesses

    Description The software contains a client with a function or method that contains a large number of data accesses/queries that are sent through a data manager, i.e., does not use efficient database capabilities. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1074 – Class with Excessively Deep Inheritance

    Description A class has an inheritance level that is too high, i.e., it has a large number of parent classes. Modes of Introduction:     Related Weaknesses CWE-1093   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1075 – Unconditional Control Flow Transfer outside of Switch Block

    Description The software performs unconditional control transfer (such as a “goto”) in code outside of a branching structure such as a switch block. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1076 – Insufficient Adherence to Expected Conventions

    Description The product’s architecture, source code, design, documentation, or other artifact does not follow required conventions. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1077 – Floating Point Comparison with Incorrect Operator

    Description The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision. Modes of Introduction:     Related Weaknesses CWE-697   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1078 – Inappropriate Source Code Style or Formatting

    Description The source code does not follow desired style or formatting for indentation, white space, comments, etc. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences   Potential Mitigations CVE References

  • CWE-1079 – Parent Class without Virtual Destructor Method

    Description A parent class contains one or more child classes, but the parent class does not have a virtual destructor method. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-108 – Struts: Unvalidated Action Form

    Description Every Action Form must have a corresponding validation form. If a Struts Action Form Mapping specifies a form, it must have a validation form defined under the Struts Validator. Modes of Introduction: – Implementation     Related Weaknesses CWE-1173 CWE-20   Consequences Other: Other If an action form mapping does not have a validation…

  • CWE-1080 – Source Code File with Excessive Number of Lines of Code

    Description A source code file has too many lines of code. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1082 – Class Instance Self Destruction Control Element

    Description The code contains a class instance that calls the method or function to delete or destroy itself. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1083 – Data Access from Outside Expected Data Manager Component

    Description The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component. Modes of Introduction:     Related Weaknesses CWE-1061   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1084 – Invokable Control Element with Excessive File or Data Access Operations

    Description A function or method contains too many operations that utilize a data manager or file resource. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1048 – Invokable Control Element with Large Number of Outward Calls

    Description The code contains callable control elements that contain an excessively large number of references to other application objects external to the context of the callable, i.e. a Fan-Out value that is excessively large. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1049 – Excessive Data Query Operations in a Large Data Table

    Description The software performs a data query with a large number of joins and sub-queries on a large data table. Modes of Introduction:     Related Weaknesses CWE-1176   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-105 – Struts: Form Field Without Validator

    Description The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation. Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption…

  • CWE-1050 – Excessive Platform Resource Consumption within a Loop

    Description The software has a loop body or loop condition that contains a control element that directly or indirectly consumes platform resources, e.g. messaging, sessions, locks, or file descriptors. Modes of Introduction:     Related Weaknesses CWE-405   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1051 – Initialization with Hard-Coded Network Resource Configuration Data

    Description The software initializes data using hard-coded values that act as network resource identifiers. Modes of Introduction:     Related Weaknesses CWE-665   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1052 – Excessive Use of Hard-Coded Literals in Initialization

    Description The software initializes a data element using a hard-coded literal that is not a simple integer or static constant element. Modes of Introduction:     Related Weaknesses CWE-665   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1053 – Missing Documentation for Design

    Description The product does not have documentation that represents how it is designed. Modes of Introduction:     Related Weaknesses CWE-1059   Consequences   Potential Mitigations CVE References

  • CWE-1054 – Invocation of a Control Element at an Unnecessarily Deep Horizontal Layer

    Description The code at one architectural layer invokes code that resides at a deeper layer than the adjacent layer, i.e., the invocation skips at least one layer, and the invoked code is not part of a vertical utility layer that can be referenced from any horizontal layer. Modes of Introduction:     Related Weaknesses CWE-1061…

  • CWE-1055 – Multiple Inheritance from Concrete Classes

    Description The software contains a class with inheritance from more than one concrete class. Modes of Introduction:     Related Weaknesses CWE-1093   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1056 – Invokable Control Element with Variadic Parameters

    Description A named-callable or method control element has a signature that supports a variable (variadic) number of parameters or arguments. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1057 – Data Access Operations Outside of Expected Data Manager Component

    Description The software uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager. Modes of Introduction:     Related Weaknesses CWE-1061   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1058 – Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

    Description The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element. Modes of Introduction:     Related Weaknesses CWE-662 CWE-662 CWE-662   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1059 – Insufficient Technical Documentation

    Description The product does not contain sufficient technical or engineering documentation (whether on paper or in electronic form) that contains descriptions of all the relevant software/hardware elements of the product, such as its usage, structure, architectural components, interfaces, design, implementation, configuration, operation, etc. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-710…

  • CWE-106 – Struts: Plug-in Framework not in Use

    Description When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient input validation. Modes of Introduction: – Implementation     Related Weaknesses CWE-1173 CWE-20   Consequences Integrity: Unexpected State   Potential Mitigations Phase: Architecture and Design Description:  Use an…

  • CWE-1060 – Excessive Number of Inefficient Server-Side Data Accesses

    Description The software performs too many data queries without using efficient data processing functionality such as stored procedures. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1061 – Insufficient Encapsulation

    Description The software does not sufficiently hide the internal representation and implementation details of data or methods, which might allow external components or modules to modify data unexpectedly, invoke unexpected functionality, or introduce dependencies that the programmer did not intend. Modes of Introduction:     Related Weaknesses CWE-710   Consequences   Potential Mitigations CVE References

  • CWE-1062 – Parent Class with References to Child Class

    Description The code has a parent class that contains references to a child class, its methods, or its members. Modes of Introduction:     Related Weaknesses CWE-1061   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1063 – Creation of Class Instance within a Static Code Block

    Description A static code block creates an instance of a class. Modes of Introduction:     Related Weaknesses CWE-1176   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1064 – Invokable Control Element with Signature Containing an Excessive Number of Parameters

    Description The software contains a function, subroutine, or method whose signature has an unnecessarily large number of parameters/arguments. Modes of Introduction:     Related Weaknesses CWE-1120   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1065 – Runtime Resource Management Control Element in a Component Built to Run on Application Servers

    Description The application uses deployed components from application servers, but it also uses low-level functions/methods for management of resources, instead of the API provided by the application server. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

  • CWE-1004 – Sensitive Cookie Without ‘HttpOnly’ Flag

    Description The software uses a cookie to store sensitive information, but the cookie is not marked with the HttpOnly flag. The HttpOnly flag directs compatible browsers to prevent client-side script from accessing cookies. Including the HttpOnly flag in the Set-Cookie HTTP response header helps mitigate the risk associated with Cross-Site Scripting (XSS) where an attacker’s…

  • CWE-1007 – Insufficient Visual Distinction of Homoglyphs Presented to User

    Description The software displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action. Modes of Introduction: – Architecture and Design   Likelihood…

  • CWE-102 – Struts: Duplicate Validation Forms

    Description The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect. If two validation forms have the same name, the Struts Validator arbitrarily chooses one of the forms to use for input validation and discards the other. This decision…

  • CWE-1021 – Improper Restriction of Rendered UI Layers or Frames

    Description The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. A web application is expected to place restrictions on whether it is allowed to be rendered within frames, iframes,…

  • CWE-1022 – Use of Web Link to Untrusted Target with window.opener Access

    Description The web application produces links to untrusted external sites outside of its sphere of control, but it does not properly prevent the external site from modifying security-critical properties of the window.opener object, such as the location property. When a user clicks a link to an external site (“target”), the target=”_blank” attribute causes the target…

  • CWE-1023 – Incomplete Comparison with Missing Factors

    Description The software performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors. An incomplete comparison can lead to resultant weaknesses, e.g., by operating on the wrong object or making a security decision without considering a required factor.…

  • CWE-1024 – Comparison of Incompatible Types

    Description The software performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared. In languages that are strictly typed but support casting/conversion, such as C or C++, the programmer might assume that casting one entity to the same…

  • CWE-1025 – Comparison Using Wrong Factors

    Description The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses. This can lead to incorrect results and resultant weaknesses. For example, the code might inadvertently compare references to objects, instead of the relevant contents of…

  • CWE-103 – Struts: Incomplete validate() Method Definition

    Description The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate(). If the code does not call super.validate(), the Validation Framework cannot check the contents of the form against a validation form. In other words, the validation framework will be disabled…

  • CWE-1037 – Processor Optimization Removal or Modification of Security-critical Code

    Description The developer builds a security-critical protection mechanism into the software, but the processor optimizes the execution of the program such that the mechanism is removed or modified. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Low   Related Weaknesses CWE-1038   Consequences Integrity: Bypass Protection Mechanism A successful exploitation of this…

  • CWE-1038 – Insecure Automated Optimizations

    Description The product uses a mechanism that automatically optimizes code, e.g. to improve a characteristic such as performance, but the optimizations can have an unintended side effect that might violate an intended security assumption. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Low   Related Weaknesses CWE-435 CWE-758   Consequences Integrity: Alter…

  • CWE-1039 – Automated Recognition Mechanism with Inadequate Detection or Handling of Adversarial Input Perturbations

    Description The product uses an automated mechanism such as machine learning to recognize complex data inputs (e.g. image or audio) as a particular concept or category, but it does not properly detect or handle inputs that have been modified or constructed in a way that causes the mechanism to detect a different, incorrect concept. Modes…

  • CWE-104 – Struts: Form Bean Does Not Extend Validation Class

    Description If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input validation. In order to use the Struts Validator, a form must extend one of the following: ValidatorForm, ValidatorActionForm, DynaValidatorActionForm, and DynaValidatorForm. One of these classes must be extended…

  • CWE-1041 – Use of Redundant Code

    Description The software has multiple functions, methods, procedures, macros, etc. that contain the same code. Modes of Introduction:     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1042 – Static Member Data Element outside of a Singleton Class Element

    Description The code contains a member element that is declared as static (but not final), in which its parent class element is not a singleton class – that is, a class element that can be used only once in the ‘to’ association of a Create action. Modes of Introduction:     Related Weaknesses CWE-1176  …

  • CWE-1043 – Data Element Aggregating an Excessively Large Number of Non-Primitive Elements

    Description The software uses a data element that has an excessively large number of sub-elements with non-primitive data types such as structures or aggregated objects. Modes of Introduction:     Related Weaknesses CWE-1093   Consequences Other: Reduce Performance   Potential Mitigations CVE References

  • CWE-1044 – Architecture with Number of Horizontal Layers Outside of Expected Range

    Description The software’s architecture contains too many – or too few – horizontal layers. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-710   Consequences Other: Reduce Maintainability   Potential Mitigations CVE References

  • CWE-1045 – Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor

    Description A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor. Modes of Introduction:     Related Weaknesses CWE-1076   Consequences Other: Reduce Reliability   Potential Mitigations CVE References

USN-5450-1: Subversion vulnerabilities

Read Time:21 Second

Evgeny Kotkov discovered that subversion servers did not properly follow
path-based authorization rules in certain cases. An attacker could
potentially use this issue to retrieve information about private paths.
(CVE-2021-28544)

Thomas Weißschuh discovered that subversion servers did not properly handle
memory in certain configurations. A remote attacker could potentially use
this issue to cause a denial of service or other unspecified impact.
(CVE-2022-24070)

Read More