All posts by rocco

Vulnerabilities of the TLS Protocol

Read Time:2 Minute, 6 Second

Secure Socket Layer (SSL) and its successor, Transport Layer Security (TLS), are widely used protocols for secure online communication. They provide encryption and authentication between two applications over a network, ensuring the confidentiality and integrity of data transmitted between them.

However, SSL/TLS is not invulnerable, and over the years, several vulnerabilities have been discovered that can compromise the security of online transactions. One of the most significant vulnerabilities is the POODLE attack, discovered in 2014, which affects the older versions of SSL/TLS. This vulnerability allows an attacker to exploit the way SSL/TLS handles padding in the encryption process, enabling them to read encrypted information, including sensitive information such as passwords and credit card numbers.

Another vulnerability is the BEAST attack, which exploits a vulnerability in the way SSL/TLS handles block ciphers in older versions of the protocol. This attack allows an attacker to intercept and decrypt secure HTTPS cookies, potentially giving them access to sensitive data.

A third vulnerability is known as the DROWN attack, which can exploit weak encryption protocols such as SSLv2. The attack allows an attacker to read encrypted data transmitted over an SSL/TLS connection by exploiting a flaw in the SSLv2 protocol. Even though SSLv2 is now considered obsolete and no longer used, some older systems may still have it enabled, leaving them vulnerable to attack.

To ensure the maximum security of your online transactions, it’s essential to be aware of the potential vulnerabilities of SSL/TLS and to take necessary precautions. To start with, it’s recommended to use the latest version of TLS, which is currently TLS 1.3, and to disable support for older, insecure protocols like SSLv2 and SSLv3.

It’s also important to use strong encryption ciphers and to regularly test your TLS configuration for potential vulnerabilities. This can be done using tools like SSL Labs’ SSL Server Test, which can check the strength of your TLS configuration and identify any potential vulnerabilities.

Another crucial step is to regularly update your TLS certificates, which verify the identity of the server you’re communicating with and ensure that your data is not intercepted by an attacker. TLS certificates have an expiration date, so it’s essential to keep them up to date to ensure maximum security.

Finally, consider using other security measures like firewalls, antivirus software, and two-factor authentication to provide an additional layer of protection.

By taking these necessary precautions, you can significantly reduce the risk of SSL/TLS vulnerabilities and ensure the maximum security of your online transactions.

CWE

Read Time:1 Minute, 11 Second

CWE (Common Weakness Enumeration) is a list of common types of hardware and software defects that have security implications. The CWE list can be used as a framework to describe and communicate such vulnerabilities in terms of CWEs.

The goal is to support all those methods (including automatic ones) to control and prevent software errors. It can be used at the development stage, during the Code Review activity, and later on during the penetration test activity to classify and communicate the vulnerability type to developers. The system is at version 4.7 and contains over 600 categories of weaknesses and vulnerabilities

The CWE Top 25 Most Dangerous Software Weakness List is a list of the most common programming errors that can lead to software vulnerabilities. Vulnerabilities present in the CWE Top 25 are usually easy to detect and exploit. For example, the CWE-79 is related to Cross-Site Scripting while the CWE-89 to SQL Injection. A similar project is Top Ten Owasp (Open Web Application Security Project). Compared to the CWE Top 25, the Top Ten OWASP focuses solely on vulnerabilities of web applications.
The CWE Most Important Hardware Weakness List serves the same purpose, but it focuses on hardware defects.

Please check our post about Vulnerability Analysis to learn more about CWE usage.

Please find a list of all the CWE below or use the search box above to find a specific CWE.

  • CWE-500 – Public Static Field Not Marked Final

    Description An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways. Public static variables can be read without an accessor and changed without a mutator by any classes in the application. When a field is declared public but not final, the field can…

  • CWE-501 – Trust Boundary Violation

    Description The product mixes trusted and untrusted data in the same data structure or structured message. A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation…

  • CWE-464 – Addition of Data Structure Sentinel

    Description The accidental addition of a data-structure sentinel can cause serious programming logic problems. Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to…

  • CWE-466 – Return of Pointer Value Outside of Expected Range

    Description A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-119 CWE-20   Consequences Confidentiality, Integrity: Read Memory, Modify Memory   Potential Mitigations CVE References

  • CWE-467 – Use of sizeof() on a Pointer Type

    Description The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated. The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on…

  • CWE-468 – Incorrect Pointer Scaling

    Description In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled. Modes of Introduction: – Implementation   Likelihood of Exploit: Medium   Related Weaknesses CWE-682   Consequences Confidentiality, Integrity: Read Memory, Modify Memory Incorrect pointer scaling will often result in buffer…

  • CWE-469 – Use of Pointer Subtraction to Determine Size

    Description The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk. Modes of Introduction: – Implementation   Likelihood of Exploit: Medium   Related Weaknesses CWE-682   Consequences Access Control, Integrity, Confidentiality, Availability: Modify Memory, Read Memory,…

  • CWE-47 – Path Equivalence: ‘ filename’ (Leading Space)

    Description A software system that accepts path input in the form of leading space (‘ filedir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-41   Consequences Confidentiality, Integrity:…

  • CWE-470 – Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)

    Description The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code. If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select…

  • CWE-471 – Modification of Assumed-Immutable Data (MAID)

    Description The software does not properly protect an assumed-immutable element from being modified by an attacker. This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such…

  • CWE-472 – External Control of Assumed-Immutable Web Parameter

    Description The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields. Modes of Introduction: – Implementation     Related Weaknesses CWE-642 CWE-471   Consequences Integrity: Modify Application Data Without appropriate protection mechanisms, the client can easily tamper with cookies and similar…

  • CWE-473 – PHP External Variable Modification

    Description A PHP application does not properly protect against the modification of variables from external sources, such as query parameters or cookies. This can expose the application to numerous weaknesses that would not exist otherwise. Modes of Introduction: – Implementation     Related Weaknesses CWE-471 CWE-98   Consequences Integrity: Modify Application Data   Potential Mitigations…

  • CWE-474 – Use of Function with Inconsistent Implementations

    Description The code uses a function that has inconsistent implementations across operating systems and versions. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-758   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations Phase: Architecture and Design, Requirements Description:  Do not accept inconsistent behavior from the API specifications when the…

  • CWE-475 – Undefined Behavior for Input to API

    Description The behavior of this function is undefined unless its control parameter is set to a specific value. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-573   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations CVE References

  • CWE-476 – NULL Pointer Dereference

    Description A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions. Modes of Introduction: – Implementation   Likelihood of Exploit: Medium…

  • CWE-477 – Use of Obsolete Function

    Description The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. Modes of Introduction: – Implementation     Related Weaknesses CWE-710   Consequences Other: Quality Degradation   Potential Mitigations Phase: Implementation Description:  Refer to the documentation for the obsolete function in order to determine why it…

  • CWE-478 – Missing Default Case in Switch Statement

    Description The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses. This flaw represents a common problem in software development, in which not all possible values for a variable are considered or handled by a given process. Because of this, further decisions are…

  • CWE-479 – Signal Handler Use of a Non-reentrant Function

    Description The program defines a signal handler that calls a non-reentrant function. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Low   Related Weaknesses CWE-828 CWE-663 CWE-123   Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands It may be possible to execute arbitrary code through the use of a write-what-where condition.…

  • CWE-48 – Path Equivalence: ‘file name’ (Internal Whitespace)

    Description A software system that accepts path input in the form of internal space (‘file(SPACE)name’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-41   Consequences Confidentiality, Integrity: Read…

  • CWE-480 – Use of Incorrect Operator

    Description The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. These types of errors are generally the result of a typo. Modes of Introduction: – Implementation   Likelihood of Exploit: Low   Related Weaknesses CWE-670   Consequences Other: Alter Execution Logic This weakness can cause unintended logic to be…

  • CWE-481 – Assigning instead of Comparing

    Description The code uses an operator for assignment when the intention was to perform a comparison. In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison…

  • CWE-482 – Comparing instead of Assigning

    Description The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused. Modes of Introduction: – Implementation   Likelihood of Exploit: Low   Related Weaknesses CWE-480   Consequences Availability, Integrity: Unexpected State…

  • CWE-443 – DEPRECATED: HTTP response splitting

    Description This weakness can be found at CWE-113. Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-444 – Inconsistent Interpretation of HTTP Requests (‘HTTP Request Smuggling’)

    Description When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to “smuggle” a request to one device without the other device being aware of it. Modes…

  • CWE-446 – UI Discrepancy for Security Feature

    Description The user interface does not correctly enable or configure a security feature, but the interface provides feedback that causes the user to believe that the feature is in a secure state. When the user interface does not properly reflect what the user asks of it, then it can lead the user into a false…

  • CWE-447 – Unimplemented or Unsupported Feature in UI

    Description A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-446 CWE-671   Consequences Other: Varies by Context   Potential Mitigations Phase: Testing…

  • CWE-448 – Obsolete Feature in UI

    Description A UI function is obsolete and the product does not warn the user. Modes of Introduction: – Implementation     Related Weaknesses CWE-446   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations Phase: Architecture and Design Description:  Remove the obsolete feature from the UI. Warn the user that the feature is no…

  • CWE-449 – The UI Performs the Wrong Action

    Description The UI performs the wrong action with respect to the user’s request. Modes of Introduction: – Implementation     Related Weaknesses CWE-446   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations Phase: Testing Description:  Perform extensive functionality testing of the UI. The UI should behave as specified. CVE References CVE-2001-1387 Network firewall…

  • CWE-45 – Path Equivalence: ‘file…name’ (Multiple Internal Dot)

    Description A software system that accepts path input in the form of multiple internal dot (‘file…dir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-44 CWE-165   Consequences Confidentiality,…

  • CWE-450 – Multiple Interpretations of UI Input

    Description The UI has multiple interpretations of user input but does not prompt the user when it selects the less secure interpretation. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-357   Consequences Other: Varies by Context   Potential Mitigations Phase: Implementation Description:  Phase: Implementation Description:  Inputs should be decoded and canonicalized…

  • CWE-451 – User Interface (UI) Misrepresentation of Critical Information

    Description The user interface (UI) does not properly represent critical information to the user, allowing the information – or its source – to be obscured or spoofed. This is often a component in phishing attacks. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-684 CWE-221 CWE-346   Consequences Non-Repudiation, Access Control: Hide…

  • CWE-453 – Insecure Default Variable Initialization

    Description The software, by default, initializes an internal variable with an insecure or less secure value than is possible. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-1188   Consequences Integrity: Modify Application Data An attacker could gain access to and modify sensitive data or system information.   Potential Mitigations Phase: System…

  • CWE-454 – External Initialization of Trusted Variables or Data Stores

    Description The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors. A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. The variables may have been initialized incorrectly. If an attacker can…

  • CWE-455 – Non-exit on Failed Initialization

    Description The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format error, which can cause the software to execute in a less secure fashion than intended by the administrator. Modes of Introduction: – Architecture and Design     Related Weaknesses…

  • CWE-456 – Missing Initialization of a Variable

    Description The software does not initialize critical variables, which causes the execution environment to use unexpected values. Modes of Introduction: – Implementation     Related Weaknesses CWE-909 CWE-665 CWE-665 CWE-89 CWE-120 CWE-98 CWE-457   Consequences Integrity, Other: Unexpected State, Quality Degradation, Varies by Context The uninitialized data may be invalid, causing logic errors within the…

  • CWE-457 – Use of Uninitialized Variable

    Description The code uses a variable that has not been initialized, leading to unpredictable or unintended results. In some languages such as C and C++, stack variables are not initialized by default. They generally contain junk data with the contents of stack memory before the function was invoked. An attacker can sometimes control or read…

  • CWE-458 – DEPRECATED: Incorrect Initialization

    Description This weakness has been deprecated because its name and description did not match. The description duplicated CWE-454, while the name suggested a more abstract initialization problem. Please refer to CWE-665 for the more abstract problem. Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-459 – Incomplete Cleanup

    Description The software does not properly “clean up” and remove temporary or supporting resources after they have been used. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-404 CWE-404   Consequences Other, Confidentiality, Integrity: Other, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other) It is possible to overflow the number…

  • CWE-46 – Path Equivalence: ‘filename ‘ (Trailing Space)

    Description A software system that accepts path input in the form of trailing space (‘filedir ‘) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-41 CWE-162 CWE-289   Consequences…

  • CWE-460 – Improper Cleanup on Thrown Exception

    Description The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow. Often, when functions or loops become complicated, some level of resource cleanup is needed throughout execution. Exceptions can disturb the flow of the code and prevent the necessary…

  • CWE-462 – Duplicate Key in Associative List (Alist)

    Description Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error. A duplicate key entry — if the alist is designed properly — could be used as a constant time replace function. However, duplicate key entries could be inserted by mistake. Because of this ambiguity, duplicate key entries in an…

  • CWE-463 – Deletion of Data Structure Sentinel

    Description The accidental deletion of a data-structure sentinel can cause serious programming logic problems. Often times data-structure sentinels are used to mark structure of the data structure. A common example of this is the null character at the end of strings. Another common example is linked lists which may contain a sentinel to mark the…

  • CWE-422 – Unprotected Windows Messaging Channel (‘Shatter’)

    Description The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-420 CWE-360   Consequences Access Control:…

  • CWE-423 – DEPRECATED: Proxied Trusted Channel

    Description This entry has been deprecated because it was a duplicate of CWE-441. All content has been transferred to CWE-441. Modes of Introduction:     Related Weaknesses   Consequences   Potential Mitigations CVE References

  • CWE-424 – Improper Protection of Alternate Path

    Description The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-693 CWE-638   Consequences Access Control: Bypass Protection Mechanism, Gain Privileges or Assume Identity   Potential Mitigations Phase: Architecture and Design Description:  Deploy…

  • CWE-425 – Direct Request (‘Forced Browsing’)

    Description The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files. Web applications susceptible to direct request attacks often make the false assumption that such resources can only be reached through a given navigation path and so only apply authorization at certain points in the path. Modes of Introduction:…

  • CWE-426 – Untrusted Search Path

    Description The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application’s direct control. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-642 CWE-668 CWE-673 CWE-427 CWE-428   Consequences Integrity, Confidentiality, Availability, Access Control: Gain Privileges or…

  • CWE-427 – Uncontrolled Search Path Element

    Description The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. Modes of Introduction: – Implementation     Related Weaknesses CWE-668 CWE-668   Consequences Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands   Potential Mitigations Phase: Architecture…

  • CWE-428 – Unquoted Search Path or Element

    Description The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as…

  • CWE-43 – Path Equivalence: ‘filename….’ (Multiple Trailing Dot)

    Description A software system that accepts path input in the form of multiple trailing dot (‘filedir….’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-42 CWE-163   Consequences Confidentiality,…

  • CWE-430 – Deployment of Wrong Handler

    Description The wrong “handler” is assigned to process an object. An example of deploying the wrong handler would be calling a servlet to reveal source code of a .JSP file, or automatically “determining” type of the object even if it is contradictory to an explicitly specified type. Modes of Introduction: – Implementation     Related…

  • CWE-431 – Missing Handler

    Description A handler is not available or implemented. When an exception is thrown and not caught, the process has given up an opportunity to decide if a given failure or event is worth a change in execution. Modes of Introduction: – Implementation     Related Weaknesses CWE-691 CWE-433   Consequences Other: Varies by Context  …

  • CWE-432 – Dangerous Signal Handler not Disabled During Sensitive Operations

    Description The application uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running. During the execution of a signal handler, it can be interrupted by another handler when a different signal is…

  • CWE-433 – Unparsed Raw Web Content Delivery

    Description The software stores raw content or supporting code under the web document root with an extension that is not specifically handled by the server. If code is stored in a file with an extension such as “.inc” or “.pl”, and the web server does not have a handler for that extension, then the server…

  • CWE-434 – Unrestricted Upload of File with Dangerous Type

    Description The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product’s environment. Modes of Introduction: – Implementation   Likelihood of Exploit: Medium   Related Weaknesses CWE-669 CWE-669 CWE-351 CWE-436 CWE-430   Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands Arbitrary code execution is…

  • CWE-435 – Improper Interaction Between Multiple Correctly-Behaving Entities

    Description An interaction error occurs when two entities have correct behavior when running independently of each other, but when they are integrated as components in a larger system or process, they introduce incorrect behaviors that may cause resultant weaknesses. When a system or process combines multiple independent components, this often produces new, emergent behaviors at…

  • CWE-436 – Interpretation Conflict

    Description Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state. This is generally found in proxies, firewalls, anti-virus software, and other intermediary devices that monitor, allow, deny, or modify traffic based on how the client or server is expected to…

  • CWE-437 – Incomplete Model of Endpoint Features

    Description A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint’s features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-436  …

  • CWE-439 – Behavioral Change in New Version or Environment

    Description A’s behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-435   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations CVE References CVE-2002-1976 Linux kernel 2.2 and above…

  • CWE-44 – Path Equivalence: ‘file.name’ (Internal Dot)

    Description A software system that accepts path input in the form of internal dot (‘file.ordir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-41   Consequences Confidentiality, Integrity: Read…

  • CWE-440 – Expected Behavior Violation

    Description A feature, API, or function does not perform according to its specification. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-684   Consequences Other: Quality Degradation, Varies by Context   Potential Mitigations CVE References CVE-2003-0187 Program uses large timeouts on “undeserving” to compensate for inconsistency of support for linked lists. CVE-2003-0465…

  • CWE-441 – Unintended Proxy or Intermediary (‘Confused Deputy’)

    Description The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product’s control sphere. This causes the product to appear to be the source of the request,…

  • CWE-401 – Missing Release of Memory after Effective Lifetime

    Description The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers…

  • CWE-402 – Transmission of Private Resources into a New Sphere (‘Resource Leak’)

    Description The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-668   Consequences Confidentiality: Read Application Data   Potential Mitigations CVE References

  • CWE-403 – Exposure of File Descriptor to Unintended Control Sphere (‘File Descriptor Leak’)

    Description A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descriptors. When a new process is forked or executed, the child process inherits any open file descriptors. When the child process has fewer privileges than the parent process, this might…

  • CWE-404 – Improper Resource Shutdown or Release

    Description The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.…

  • CWE-405 – Asymmetric Resource Consumption (Amplification)

    Description Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows malicious users or attackers to consume more resources than their access level permits. Exploiting such a weakness can lead to asymmetric resource consumption, aiding in amplification attacks against the system…

  • CWE-406 – Insufficient Control of Network Message Volume (Network Amplification)

    Description The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. In the absence of a policy to restrict asymmetric resource consumption, the application or system cannot distinguish between legitimate transmissions and traffic intended…

  • CWE-407 – Inefficient Algorithmic Complexity

    Description An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Low   Related Weaknesses CWE-405…

  • CWE-408 – Incorrect Behavior Order: Early Amplification

    Description The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-405 CWE-696   Consequences Availability: DoS: Amplification, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory) System resources, CPU and…

  • CWE-409 – Improper Handling of Highly Compressed Data (Data Amplification)

    Description The software does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output. An example of data amplification is a “decompression bomb,” a small ZIP file that can produce a large amount of data when it is decompressed. Modes of Introduction: – Architecture and Design…

  • CWE-41 – Improper Resolution of Path Equivalence

    Description The system or application is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. Path equivalence is usually employed in order to circumvent access controls expressed using an…

  • CWE-410 – Insufficient Resource Pool

    Description The software’s resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources. Frequently the consequence is a “flood” of connection or sessions. Modes of Introduction: – Architecture and Design     Related Weaknesses…

  • CWE-412 – Unrestricted Externally Accessible Lock

    Description The software properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control. This prevents the software from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant…

  • CWE-413 – Improper Resource Locking

    Description The software does not lock or does not correctly lock a resource when the software must have exclusive access to the resource. When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the software. This might violate the software’s assumption that the resource will…

  • CWE-414 – Missing Lock Check

    Description A product does not check to see if a lock is present before performing sensitive operations on a resource. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-667   Consequences Integrity, Availability: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart   Potential Mitigations Phase: Architecture and Design, Implementation Description: …

  • CWE-415 – Double Free

    Description The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations. When a program calls free() twice with the same argument, the program’s memory management data structures become corrupted. This corruption can cause the program to crash or, in some circumstances, cause two later calls to malloc()…

  • CWE-416 – Use After Free

    Description Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-825 CWE-672 CWE-672 CWE-672 CWE-120 CWE-123   Consequences Integrity: Modify Memory The use of previously freed memory may corrupt valid…

  • CWE-419 – Unprotected Primary Channel

    Description The software uses a primary channel for administration or restricted functionality, but it does not properly protect the channel. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-923   Consequences Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism   Potential Mitigations Phase: Architecture and Design Description:  Do not expose…

  • CWE-42 – Path Equivalence: ‘filename.’ (Trailing Dot)

    Description A software system that accepts path input in the form of trailing dot (‘filedir.’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-41 CWE-162   Consequences Access Control:…

  • CWE-420 – Unprotected Alternate Channel

    Description The software protects a primary channel, but it does not use the same level of protection for an alternate channel. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-923   Consequences Access Control: Gain Privileges or Assume Identity, Bypass Protection Mechanism   Potential Mitigations Phase: Architecture and Design Description:  Identify all…

  • CWE-421 – Race Condition During Access to Alternate Channel

    Description The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. This creates a race condition that allows an attacker to access the channel before the authorized user does. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-420 CWE-362   Consequences Access…

  • CWE-377 – Insecure Temporary File

    Description Creating and using insecure temporary files can leave application and system data vulnerable to attack. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-668   Consequences Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories   Potential Mitigations CVE References

  • CWE-378 – Creation of Temporary File With Insecure Permissions

    Description Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: High   Related Weaknesses CWE-377   Consequences Confidentiality: Read Application Data If the temporary file can be read by the…

  • CWE-379 – Creation of Temporary File in Directory with Insecure Permissions

    Description The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file’s existence or otherwise access that file. On some operating systems, the fact that the temporary file exists may be apparent to any user with sufficient privileges to access that directory. Since the file is visible, the…

  • CWE-38 – Path Traversal: ‘absolutepathnamehere’

    Description A software system that accepts input in the form of a backslash absolute path (‘absolutepathnamehere’) without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files. Modes of Introduction: – Implementation     Related Weaknesses CWE-36   Consequences Confidentiality, Integrity: Read Files or Directories, Modify Files…

  • CWE-382 – J2EE Bad Practices: Use of System.exit()

    Description A J2EE application uses System.exit(), which also shuts down its container. It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks. Modes of Introduction: – Implementation  …

  • CWE-383 – J2EE Bad Practices: Direct Use of Threads

    Description Thread management in a Web application is forbidden in some circumstances and is always highly error prone. Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of…

  • CWE-384 – Session Fixation

    Description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-610 CWE-610 CWE-346 CWE-472 CWE-441   Consequences Access Control: Gain Privileges or Assume Identity   Potential Mitigations Phase:…

  • CWE-385 – Covert Timing Channel

    Description Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-514   Consequences Confidentiality, Other: Read Application Data, Other Information…

  • CWE-386 – Symbolic Name not Mapping to Correct Object

    Description A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-706 CWE-367 CWE-610 CWE-486   Consequences Access Control: Gain Privileges or Assume Identity The attacker can gain access to otherwise unauthorized resources.…

  • CWE-39 – Path Traversal: ‘C:dirname’

    Description An attacker can inject a drive letter or Windows volume letter (‘C:dirname’) into a software system to potentially redirect access to an unintended location or arbitrary file. Modes of Introduction: – Implementation     Related Weaknesses CWE-36   Consequences Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands The attacker may be able to create…

  • CWE-390 – Detection of Error Condition Without Action

    Description The software detects a specific error, but takes no actions to handle the error. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-755 CWE-401   Consequences Integrity, Other: Varies by Context, Unexpected State, Alter Execution Logic An attacker could utilize an ignored error condition to place the…

  • CWE-391 – Unchecked Error Condition

    Description [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. Modes of Introduction: – Architecture and Design   Likelihood of Exploit: Medium   Related Weaknesses CWE-754 CWE-703 CWE-703   Consequences Integrity, Other: Varies by Context, Unexpected State,…

  • CWE-392 – Missing Report of Error Condition

    Description The software encounters an error but does not provide a status code or return value to indicate that an error has occurred. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-684 CWE-703 CWE-703 CWE-703   Consequences Integrity, Other: Varies by Context, Unexpected State Errors that are not properly reported could place…

  • CWE-393 – Return of Wrong Status Code

    Description A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result. This can lead to unpredictable behavior. If the function is used to make security-critical decisions or provide security-critical information, then the wrong status…

  • CWE-394 – Unexpected Status Code or Return Value

    Description The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software. Modes of Introduction: – Architecture and Design     Related Weaknesses CWE-754   Consequences Integrity, Other: Unexpected State, Alter Execution Logic   Potential Mitigations CVE References CVE-2004-1395…

  • CWE-395 – Use of NullPointerException Catch to Detect NULL Pointer Dereference

    Description Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer. Modes of Introduction: – Implementation     Related Weaknesses CWE-705 CWE-755   Consequences Availability: DoS: Resource Consumption (CPU)   Potential Mitigations Phase: Architecture and Design, Implementation Description:  Do not extensively rely on catching exceptions (especially for…

  • CWE-396 – Declaration of Catch for Generic Exception

    Description Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Multiple catch blocks can get ugly and repetitive, but “condensing” catch blocks by catching a high-level class like Exception can obscure exceptions that deserve special treatment or that should not be caught at this point in the…

  • CWE-397 – Declaration of Throws for Generic Exception

    Description Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities. Declaring a method to throw Exception or Throwable makes it difficult for callers to perform proper error handling and error recovery. Java’s exception mechanism, for example, is set up to make it easy for callers to anticipate…

CWE-669 – Incorrect Resource Transfer Between Spheres

Read Time:49 Second

Description

The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.

A “control sphere” is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product’s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for “administrators” who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be “users who are authenticated to the operating system on which the product is installed.” Each sphere has different sets of actors and allowable behaviors.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data, Unexpected State

 

Potential Mitigations

CVE References

CWE-67 – Improper Handling of Windows Device Names

Read Time:2 Minute, 22 Second

Description

The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.

Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.

Historically, there was a bug in the Windows operating system that caused a blue screen of death. Even after that issue was fixed DOS device names continue to be a factor.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-66

 

Consequences

Availability, Confidentiality, Other: DoS: Crash, Exit, or Restart, Read Application Data, Other

 

Potential Mitigations

Phase: Implementation

Description: 

Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.

CVE References

  • CVE-2002-0106
    • Server allows remote attackers to cause a denial of service via a series of requests to .JSP files that contain an MS-DOS device name.
  • CVE-2002-0200
    • Server allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.
  • CVE-2002-1052
    • Product allows remote attackers to use MS-DOS device names in HTTP requests to cause a denial of service or obtain the physical path of the server.
  • CVE-2001-0493
    • Server allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name.
  • CVE-2001-0558
    • Server allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name.
  • CVE-2000-0168
    • Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the “DOS Device in Path Name” vulnerability.
  • CVE-2001-0492
    • Server allows remote attackers to determine the physical path of the server via a URL containing MS-DOS device names.
  • CVE-2004-0552
    • Product does not properly handle files whose names contain reserved MS-DOS device names, which can allow malicious code to bypass detection when it is installed, copied, or executed.
  • CVE-2005-2195
    • Server allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name.

CWE-670 – Always-Incorrect Control Flow Implementation

Read Time:49 Second

Description

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-691

 

Consequences

Other: Other, Alter Execution Logic

 

Potential Mitigations

CVE References

  • CVE-2021-3011
    • virtual interrupt controller in a virtualization product allows crash of host by writing a certain invalid value to a register, which triggers a fatal error instead of returning an error code

CWE-671 – Lack of Administrator Control over Security

Read Time:39 Second

Description

The product uses security features in a way that prevents the product’s administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.

If the product’s administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats – including the product’s developer – can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-657

 

Consequences

Other: Varies by Context

 

Potential Mitigations

CVE References

CWE-672 – Operation on a Resource after Expiration or Release

Read Time:41 Second

Description

The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-666

 

Consequences

Integrity, Confidentiality: Modify Application Data, Read Application Data

If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.

Other, Availability: Other, DoS: Crash, Exit, or Restart

When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.

 

Potential Mitigations

CVE References

  • CVE-2009-3547
    • chain: race condition might allow resource to be released before operating on it, leading to NULL dereference

CWE-673 – External Influence of Sphere Definition

Read Time:22 Second

Description

The product does not prevent the definition of control spheres from external actors.

Typically, a product defines its control sphere within the code itself, or through configuration by the product’s administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

CWE-674 – Uncontrolled Recursion

Read Time:1 Minute, 29 Second

Description

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-691

 

Consequences

Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)

Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.

Confidentiality: Read Application Data

In some cases, an application’s interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP’s memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application’s installation path.

 

Potential Mitigations

Phase: Implementation

Effectiveness: Moderate

Description: 

Ensure an end condition will be reached under all logic conditions. The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.

Phase: Implementation

Effectiveness: Limited

Description: 

Increase the stack size.

Increasing the stack size might only be a temporary measure, since the stack typically is still not very large, and it might remain easy for attackers to cause an out-of-stack fault.

CVE References

  • CVE-2007-3409
    • Self-referencing pointers create infinite loop and resultant stack exhaustion.
  • CVE-2016-10707
    • Javascript application accidentally changes input in a way that prevents a recursive call from detecting an exit condition.
  • CVE-2016-3627
    • An attempt to recover a corrupted XML file infinite recursion protection counter was not always incremented missing the exit condition.
  • CVE-2019-15118
    • USB-audio driver’s descriptor code parsing allows unlimited recursion leading to stack exhaustion.