CWE

CWE-705 – Incorrect Control Flow Scoping

Read Time:31 Second

Description

The software does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-691

 

Consequences

Other: Alter Execution Logic, Other

 

Potential Mitigations

CVE References

 

  • CVE-2014-1266
    • chain: incorrect “goto” in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple “goto fail” bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-561 (Dead Code) -> CWE-295 (Improper Certificate Validation) -> CWE-393 (Return of Wrong Status Code) -> CWE-300 (Channel Accessible by Non-Endpoint).
CWE

CWE-703 – Improper Check or Handling of Exceptional Conditions

Read Time:16 Second

Description

The software does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the software.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Confidentiality, Availability, Integrity: Read Application Data, DoS: Crash, Exit, or Restart, Unexpected State

 

Potential Mitigations

CVE References

 

CWE

CWE-7 – J2EE Misconfiguration: Missing Custom Error Page

Read Time:1 Minute, 0 Second

Description

The default error page of a web application should not display sensitive information about the software system.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-756

 

Consequences

Confidentiality: Read Application Data

A stack trace might show the attacker a malformed SQL query string, the type of database being used, and the version of the application container. This information enables the attacker to target known vulnerabilities in these components.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Handle exceptions appropriately in source code.

Phase: Implementation, System Configuration

Effectiveness:

Description: 

Always define appropriate error pages. The application configuration should specify a default error page in order to guarantee that the application will never leak error messages to an attacker. Handling standard HTTP error codes is useful and user-friendly in addition to being a good security practice, and a good configuration will also define a last-chance error handler that catches any exception that could possibly be thrown by the application.

Phase: Implementation

Effectiveness:

Description: 

Do not attempt to process an error or attempt to mask it.

Phase: Implementation

Effectiveness:

Description: 

Verify return values are correct and do not supply sensitive information about the system.

CVE References

 

CWE

CWE-698 – Execution After Redirect (EAR)

Read Time:49 Second

Description

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-705
CWE-670

 

Consequences

Other, Confidentiality, Integrity, Availability: Alter Execution Logic, Execute Unauthorized Code or Commands

This weakness could affect the control flow of the application and allow execution of untrusted code.

 

Potential Mitigations

CVE References

 

  • CVE-2013-1402
    • Execution-after-redirect allows access to application configuration details.
  • CVE-2009-1936
    • chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.
  • CVE-2007-2713
    • Remote attackers can obtain access to administrator functionality through EAR.
  • CVE-2007-4932
    • Remote attackers can obtain access to administrator functionality through EAR.
  • CVE-2007-2713
    • Chain: Execution after redirect triggers eval injection.
  • CVE-2007-6652
    • chain: execution after redirect allows non-administrator to perform static code injection.
CWE

CWE-697 – Incorrect Comparison

Read Time:17 Second

Description

The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Other: Varies by Context

 

Potential Mitigations

CVE References

 

  • CVE-2016-10003
    • Proxy performs incorrect comparison of request headers, leading to infoleak
CWE

CWE-696 – Incorrect Behavior Order

Read Time:41 Second

Description

The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-691

 

Consequences

Integrity: Alter Execution Logic

 

Potential Mitigations

CVE References

 

  • CVE-2019-9805
    • Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
  • CVE-2007-5191
    • file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
  • CVE-2007-1588
    • C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended
CWE

CWE-695 – Use of Low-Level Functionality

Read Time:23 Second

Description

The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.

The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-573

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

 

CWE

CWE-694 – Use of Multiple Resources with Duplicate Identifier

Read Time:50 Second

Description

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-99
CWE-573

 

Consequences

Access Control: Bypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other: Quality Degradation

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

CVE References

 

  • CVE-2013-4787
    • chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
CWE

CWE-693 – Protection Mechanism Failure

Read Time:37 Second

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A “missing” protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An “insufficient” protection mechanism might provide some defenses – for example, against the most common attacks – but it does not protect against everything that is intended. Finally, an “ignored” mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

CVE References

 

News, Advisories and much more

Exit mobile version