All posts by rocco

CWE

CWE-697 – Incorrect Comparison

Read Time:17 Second

Description

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Other: Varies by Context

 

Potential Mitigations

CVE References

 

  • CVE-2016-10003
    • Proxy performs incorrect comparison of request headers, leading to infoleak
CWE

CWE-698 – Execution After Redirect (EAR)

Read Time:49 Second

Description

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-705
CWE-670

 

Consequences

Other, Confidentiality, Integrity, Availability: Alter Execution Logic, Execute Unauthorized Code or Commands

This weakness could affect the control flow of the application and allow execution of untrusted code.

 

Potential Mitigations

CVE References

 

  • CVE-2013-1402
    • Execution-after-redirect allows access to application configuration details.
  • CVE-2009-1936
    • chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
  • CVE-2007-2713
    • Remote attackers can obtain access to administrator functionality through EAR.
  • CVE-2007-4932
    • Remote attackers can obtain access to administrator functionality through EAR.
  • CVE-2007-2713
    • Chain: Execution after redirect triggers eval injection.
  • CVE-2007-6652
    • chain: execution after redirect allows non-administrator to perform static code injection.
CWE

CWE-7 – J2EE Misconfiguration: Missing Custom Error Page

Read Time:1 Minute, 0 Second

Description

The default error page of a web application should not display sensitive information about the software system.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-756

 

Consequences

Confidentiality: Read Application Data

A stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Handle exceptions appropriately in source code.

Phase: Implementation, System Configuration

Effectiveness:

Description: 

Always define appropriate error pages. The application configuration should specify a default error page in order to guarantee that the application will never leak error messages to an attacker. Handling standard HTTP error codes is useful and user-friendly in addition to being a good security practice, and a good configuration will also define a last-chance error handler that catches any exception that could possibly be thrown by the application.

Phase: Implementation

Effectiveness:

Description: 

Do not attempt to process an error or attempt to mask it.

Phase: Implementation

Effectiveness:

Description: 

Verify return values are correct and do not supply sensitive information about the system.

CVE References

 

CWE

CWE-703 – Improper Check or Handling of Exceptional Conditions

Read Time:16 Second

Description

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Confidentiality, Availability, Integrity: Read Application Data, DoS: Crash, Exit, or Restart, Unexpected State

 

Potential Mitigations

CVE References

 

CWE

CWE-705 – Incorrect Control Flow Scoping

Read Time:31 Second

Description

The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-691

 

Consequences

Other: Alter Execution Logic, Other

 

Potential Mitigations

CVE References

 

  • CVE-2014-1266
    • chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
CWE

CWE-706 – Use of Incorrectly-Resolved Name or Reference

Read Time:18 Second

Description

The software uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-664
CWE-99

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

 

Potential Mitigations

CVE References

 

CWE

CWE-707 – Improper Neutralization

Read Time:18 Second

Description

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

 

CWE

CWE-708 – Incorrect Ownership Assignment

Read Time:1 Minute, 2 Second

Description

The software assigns an owner to a resource, but the owner is outside of the intended control sphere.

This may allow the resource to be manipulated by actors outside of the intended control sphere.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-282
CWE-345

 

Consequences

Confidentiality, Integrity: Read Application Data, Modify Application Data

An attacker could read and modify data for which they do not have permissions to access directly.

 

Potential Mitigations

Phase: Policy

Effectiveness:

Description: 

Periodically review the privileges and their owners.

Phase: Testing

Effectiveness:

Description: 

Use automated tools to check for privilege settings.

CVE References

 

  • CVE-2007-5101
    • File system sets wrong ownership and group when creating a new file.
  • CVE-2007-4238
    • OS installs program with bin owner/group, allowing modification.
  • CVE-2007-1716
    • Manager does not properly restore ownership of a reusable resource when a user logs out, allowing privilege escalation.
  • CVE-2005-3148
    • Backup software restores symbolic links with incorrect uid/gid.
  • CVE-2005-1064
    • Product changes the ownership of files that a symlink points to, instead of the symlink itself.
  • CVE-2011-1551
    • Component assigns ownership of sensitive directory tree to a user account, which can be leveraged to perform privileged operations.