Description
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
Modes of Introduction:
– Implementation
Related Weaknesses
CWE-185
CWE-187
CWE-184
CWE-183
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
Phase: Implementation
Description:
When applicable, ensure that the regular expression marks beginning and ending string patterns, such as “/^string$/” for Perl.
CVE References
- CVE-2002-2175
- insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.
- CVE-2006-4527
- regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.
- CVE-2005-1949
- Regexp for IP address isn’t anchored at the end, allowing appending of shell metacharacters.
- CVE-2002-2109
- Regexp isn’t “anchored” to the beginning or end, which allows spoofed values that have trusted values as substrings.
- CVE-2006-6511
- regexp in .htaccess file allows access of files whose names contain certain substrings
- CVE-2006-6629
- allow load of macro files whose names contain certain substrings.
