CWE-511 – Logic/Time Bomb

Read Time:41 Second

Description

The software contains code that is designed to disrupt the legitimate operation of the software (or its environment) when a certain time passes, or when a certain logical condition is met.

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-506

 

Consequences

Other, Integrity: Varies by Context, Alter Execution Logic

 

Potential Mitigations

Phase: Installation

Description: 

Always verify the integrity of the software that is being installed.

Phase: Testing

Description: 

Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

CVE References

CWE-510 – Trapdoor

Read Time:30 Second

Description

A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-506

 

Consequences

Confidentiality, Integrity, Availability, Access Control: Execute Unauthorized Code or Commands, Bypass Protection Mechanism

 

Potential Mitigations

Phase: Installation

Description: 

Always verify the integrity of the software that is being installed.

Phase: Testing

Description: 

Identify and closely inspect the conditions for entering privileged areas of the code, especially those related to authentication, process invocation, and network communications.

CVE References

CWE-51 – Path Equivalence: ‘/multiple//internal/slash’

Read Time:41 Second

Description

A software system that accepts path input in the form of multiple internal slash (‘/multiple//internal/slash/’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-41

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-2002-1483
    • Read files with full pathname using multiple internal slash.

CWE-509 – Replicating Malicious Code (Virus or Worm)

Read Time:22 Second

Description

Replicating malicious code, including viruses and worms, will attempt to attack other systems once it has successfully compromised the target system or software.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-507

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Operation

Description: 

Antivirus software scans for viruses or worms.

Phase: Installation

Description: 

Always verify the integrity of the software that is being installed.

CVE References

CWE-508 – Non-Replicating Malicious Code

Read Time:22 Second

Description

Non-replicating malicious code only resides on the target system or software that is attacked; it does not attempt to spread to other systems.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-507

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Operation

Description: 

Antivirus software can help mitigate known malicious code.

Phase: Installation

Description: 

Verify the integrity of the software that is being installed.

CVE References

CWE-507 – Trojan Horse

Read Time:24 Second

Description

The software appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-506

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Operation

Description: 

Most antivirus software scans for Trojan Horses.

Phase: Installation

Description: 

Verify the integrity of the software that is being installed.

CVE References

CWE-506 – Embedded Malicious Code

Read Time:50 Second

Description

The application contains code that appears to be malicious in nature.

Malicious flaws have acquired colorful names, including Trojan horse, trapdoor, timebomb, and logic-bomb. A developer might insert malicious code with the intent to subvert the security of an application or its host system at some time in the future. It generally refers to a program that performs a useful service but exploits rights of the program’s user in a way the user does not intend.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-912

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

Phase: Testing

Description: 

Remove the malicious code and start an effort to ensure that no more malicious code exists. This may require a detailed review of all code, as it is possible to hide a serious attack in only one or two lines of code. These lines may be located almost anywhere in an application and may have been intentionally obfuscated by the attacker.

CVE References

CWE-502 – Deserialization of Untrusted Data

Read Time:2 Minute, 28 Second

Description

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Serialization and deserialization refer to the process of taking program-internal object-related data, packaging it in a way that allows the data to be externally stored or transferred (“serialization”), then extracting the serialized data to reconstruct the original object (“deserialization”).

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-913
CWE-913
CWE-915

 

Consequences

Integrity: Modify Application Data, Unexpected State

Attackers can modify unexpected objects or data that was assumed to be safe from modification.

Availability: DoS: Resource Consumption (CPU)

If a function is making an assumption on when to terminate, based on a sentry in a string, it could easily never terminate.

Other: Varies by Context

The consequences can vary widely, because it depends on which objects or methods are being deserialized, and how they are used. Making an assumption that the code in the deserialized object is valid is dangerous and can enable exploitation.

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Phase: Implementation

Description: 

When deserializing data, populate a new object rather than just deserializing. The result is that the data flows through safe input validation and that the functions are safe.

Phase: Implementation

Description: 

Explicitly define a final object() to prevent deserialization.

Phase: Architecture and Design, Implementation

Description: 

Phase: Implementation

Description: 

Avoid having unnecessary types or gadgets available that can be leveraged for malicious ends. This limits the potential for unintended or unauthorized types and gadgets to be leveraged by the attacker. Add only acceptable classes to an allowlist. Note: new gadgets are constantly being discovered, so this alone is not a sufficient mitigation.

CVE References

  • CVE-2019-12799
    • chain: bypass of untrusted deserialization issue (CWE-502) by using an assumed-trusted class (CWE-183)
  • CVE-2015-8103
    • Deserialization issue in commonly-used Java library allows remote execution.
  • CVE-2015-4852
    • Deserialization issue in commonly-used Java library allows remote execution.
  • CVE-2013-1465
    • Use of PHP unserialize function on untrusted input allows attacker to modify application configuration.
  • CVE-2012-3527
    • Use of PHP unserialize function on untrusted input in content management system might allow code execution.
  • CVE-2012-0911
    • Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value.
  • CVE-2012-0911
    • Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution.
  • CVE-2011-2520
    • Python script allows local users to execute code via pickled data.
  • CVE-2012-4406
    • Unsafe deserialization using pickle in a Python script.
  • CVE-2003-0791
    • Web browser allows execution of native methods via a crafted string to a JavaScript function that deserializes the string.

CWE-501 – Trust Boundary Violation

Read Time:41 Second

Description

The product mixes trusted and untrusted data in the same data structure or structured message.

A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary – to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

CVE References

CWE-500 – Public Static Field Not Marked Final

Read Time:40 Second

Description

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

When a field is declared public but not final, the field can be read and written to by arbitrary Java code.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-493

 

Consequences

Integrity: Modify Application Data

The object could potentially be tampered with.

Confidentiality: Read Application Data

The object could potentially allow the object to be read.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Clearly identify the scope for all critical data elements, including whether they should be regarded as static.

Phase: Implementation

Description: 

CVE References