All posts by rocco

CWE

CWE-50 – Path Equivalence: ‘//multiple/leading/slash’

Read Time:1 Minute, 31 Second

Description

A software system that accepts path input in the form of multiple leading slash (‘//multiple/leading/slash’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-41
CWE-161

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

CVE References

  • CVE-2002-1483
    • Read files with full pathname using multiple internal slash.
  • CVE-1999-1456
    • Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
  • CVE-2004-0578
    • Server allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request.
  • CVE-2002-0275
    • Server allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
  • CVE-2004-1032
    • Product allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters.
  • CVE-2002-1238
    • Server allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.
  • CVE-2004-1878
    • Product allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
  • CVE-2005-1365
    • Server allows remote attackers to execute arbitrary commands via a URL with multiple leading “/” (slash) characters and “..” sequences.
  • CVE-2001-1072
    • Bypass access restrictions via multiple leading slash, which causes a regular expression to fail.
  • CVE-2004-0235
    • Archive extracts to arbitrary files using multiple leading slash in filenames in the archive.
CWE

CWE-500 – Public Static Field Not Marked Final

Read Time:40 Second

Description

An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.

Public static variables can be read without an accessor and changed without a mutator by any classes in the application.

When a field is declared public but not final, the field can be read and written to by arbitrary Java code.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-493

 

Consequences

Integrity: Modify Application Data

The object could potentially be tampered with.

Confidentiality: Read Application Data

The object could potentially allow the object to be read.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Clearly identify the scope for all critical data elements, including whether they should be regarded as static.

Phase: Implementation

Description: 

CVE References

CWE

CWE-501 – Trust Boundary Violation

Read Time:41 Second

Description

The product mixes trusted and untrusted data in the same data structure or structured message.

A trust boundary can be thought of as line drawn through a program. On one side of the line, data is untrusted. On the other side of the line, data is assumed to be trustworthy. The purpose of validation logic is to allow data to safely cross the trust boundary – to move from untrusted to trusted. A trust boundary violation occurs when a program blurs the line between what is trusted and what is untrusted. By combining trusted and untrusted data in the same data structure, it becomes easier for programmers to mistakenly trust unvalidated data.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-664

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

CVE References

CWE

CWE-464 – Addition of Data Structure Sentinel

Read Time:1 Minute, 6 Second

Description

The accidental addition of a data-structure sentinel can cause serious programming logic problems.

Data-structure sentinels are often used to mark the structure of data. A common example of this is the null character at the end of strings or a special sentinel to mark the end of a linked list. It is dangerous to allow this type of control data to be easily accessible. Therefore, it is important to protect from the addition or modification of sentinels.

Modes of Introduction:

– Architecture and Design

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-138

 

Consequences

Integrity: Modify Application Data

Generally this error will cause the data structure to not work properly by truncating the data.

 

Potential Mitigations

Phase: Implementation, Architecture and Design

Description: 

Encapsulate the user from interacting with data sentinels. Validate user input to verify that sentinels are not present.

Phase: Implementation

Description: 

Proper error checking can reduce the risk of inadvertently introducing sentinel values into data. For example, if a parsing function fails or encounters an error, it might return a value that is the same as the sentinel.

Phase: Architecture and Design

Description: 

Use an abstraction library to abstract away risky APIs. This is not a complete solution.

Phase: Operation

Description: 

Use OS-level preventative functionality. This is not a complete solution.

CVE References

CWE

CWE-467 – Use of sizeof() on a Pointer Type

Read Time:49 Second

Description

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.

The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-682
CWE-131

 

Consequences

Integrity, Confidentiality: Modify Memory, Read Memory

This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows.

 

Potential Mitigations

Phase: Implementation

Description: 

Use expressions such as “sizeof(*pointer)” instead of “sizeof(pointer)”, unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.

CVE References

CWE

CWE-468 – Incorrect Pointer Scaling

Read Time:35 Second

Description

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-682

 

Consequences

Confidentiality, Integrity: Read Memory, Modify Memory

Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Use a platform with high-level memory abstractions.

Phase: Implementation

Description: 

Always use array indexing instead of direct pointer manipulation.

Phase: Architecture and Design

Description: 

Use technologies for preventing buffer overflows.

CVE References

CWE

CWE-469 – Use of Pointer Subtraction to Determine Size

Read Time:40 Second

Description

The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: Medium

 

Related Weaknesses

CWE-682

 

Consequences

Access Control, Integrity, Confidentiality, Availability: Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity

There is the potential for arbitrary code execution with privileges of the vulnerable program.

 

Potential Mitigations

Phase: Implementation

Description: 

Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to “walk” from one pointer to the other and calculate the difference. Always validate this number.

CVE References

CWE

CWE-47 – Path Equivalence: ‘ filename’ (Leading Space)

Read Time:20 Second

Description

A software system that accepts path input in the form of leading space (‘ filedir’) without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-41

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

CVE References

CWE

CWE-470 – Use of Externally-Controlled Input to Select Classes or Code (‘Unsafe Reflection’)

Read Time:1 Minute, 50 Second

Description

The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper classes or code.

If the application uses external inputs to determine which class to instantiate or which method to invoke, then an attacker could supply values to select unexpected classes or methods. If this occurs, then the attacker could create control flow paths that were not intended by the developer. These paths could bypass authentication or access control checks, or otherwise cause the application to behave in an unexpected manner. This situation becomes a doomsday scenario if the attacker can upload files into a location that appears on the application’s classpath (CWE-427) or add new entries to the application’s classpath (CWE-426). Under either of these conditions, the attacker can use reflection to introduce new, malicious behavior into the application.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-913
CWE-913
CWE-610
CWE-20

 

Consequences

Integrity, Confidentiality, Availability, Other: Execute Unauthorized Code or Commands, Alter Execution Logic

The attacker might be able to execute code that is not directly accessible to the attacker. Alternately, the attacker could call unexpected code in the wrong place or the wrong time, possibly modifying critical system state.

Availability, Other: DoS: Crash, Exit, or Restart, Other

The attacker might be able to use reflection to call the wrong code, possibly with unexpected arguments that violate the API (CWE-227). This could cause the application to exit or hang.

Confidentiality: Read Application Data

By causing the wrong code to be invoked, the attacker might be able to trigger a runtime error that leaks sensitive information in the error message, such as CWE-536.

 

Potential Mitigations

Phase: Architecture and Design

Description: 

Refactor your code to avoid using reflection.

Phase: Architecture and Design

Description: 

Do not use user-controlled inputs to select and load classes or code.

Phase: Implementation

Description: 

Apply strict input validation by using allowlists or indirect selection to ensure that the user is only selecting allowable classes or code.

CVE References

  • CVE-2004-2331
    • Database system allows attackers to bypass sandbox restrictions by using the Reflection APi.