Read Time:57 Second

Description

The software does not properly verify that the source of data or communication is valid.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-345
CWE-345
CWE-284

 

Consequences

Access Control, Other: Gain Privileges or Assume Identity, Varies by Context

An attacker can access any functionality that is inadvertently accessible to the source.

 

Potential Mitigations

CVE References

  • CVE-2000-1218
    • DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
  • CVE-2005-0877
    • DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
  • CVE-2001-1452
    • DNS server caches glue records received from non-delegated name servers
  • CVE-2003-0174
    • LDAP service does not verify if a particular attribute was set by the LDAP server
  • CVE-1999-1549
    • product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
  • CVE-2003-0981
    • product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.