Category Archives: CWE

CWE-918 – Server-Side Request Forgery (SSRF)

Read Time:1 Minute, 6 Second

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-441
CWE-610

 

Consequences

Confidentiality: Read Application Data

Integrity: Execute Unauthorized Code or Commands

 

Potential Mitigations

CVE References

 

  • CVE-2002-1484
    • Web server allows attackers to request a URL from another server, including other ports, which allows proxied scanning.
  • CVE-2010-1637
    • Web-based mail program allows internal network scanning using a modified POP3 port number.
  • CVE-2009-0037
    • URL-downloading library automatically follows redirects to file:// and scp:// URLs

CWE-92 – DEPRECATED: Improper Sanitization of Custom Special Characters

Read Time:20 Second

Description

This entry has been deprecated. It originally came from PLOVER, which sometimes defined “other” and “miscellaneous” categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations. CWE-75 is a more appropriate mapping.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

 

Potential Mitigations

CVE References

 

CWE-920 – Improper Restriction of Power Consumption

Read Time:25 Second

Description

The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the amount of power that its operation consumes.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-400
CWE-400

 

Consequences

Availability: DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart

The power source could be drained, causing the application – and the entire device – to cease functioning.

 

Potential Mitigations

CVE References

 

CWE-921 – Storage of Sensitive Data in a Mechanism without Access Control

Read Time:24 Second

Description

The software stores sensitive information in a file system or device that does not have built-in access control.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-922

 

Consequences

Confidentiality: Read Application Data, Read Files or Directories

Attackers can read sensitive information by accessing the unrestricted storage mechanism.

Integrity: Modify Application Data, Modify Files or Directories

Attackers can modify or delete sensitive information by accessing the unrestricted storage mechanism.

 

Potential Mitigations

CVE References

 

CWE-922 – Insecure Storage of Sensitive Information

Read Time:34 Second

Description

The software stores sensitive information without properly limiting read or write access by unauthorized actors.

If read access is not properly restricted, then attackers can steal the sensitive information. If write access is not properly restricted, then attackers can modify and possibly delete the data, causing incorrect results and possibly a denial of service.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-664

 

Consequences

Confidentiality: Read Application Data, Read Files or Directories

Attackers can read sensitive information by accessing the unrestricted storage mechanism.

Integrity: Modify Application Data, Modify Files or Directories

Attackers can read sensitive information by accessing the unrestricted storage mechanism.

 

Potential Mitigations

CVE References

 

CWE-923 – Improper Restriction of Communication Channel to Intended Endpoints

Read Time:24 Second

Description

The software establishes a communication channel to (or from) an endpoint for privileged or protected operations, but it does not properly ensure that it is communicating with the correct endpoint.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-284

 

Consequences

Integrity, Confidentiality: Gain Privileges or Assume Identity

If an attacker can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

 

Potential Mitigations

CVE References

 

CWE-924 – Improper Enforcement of Message Integrity During Transmission in a Communication Channel

Read Time:34 Second

Description

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

Attackers might be able to modify the message and spoof the endpoint by interfering with the data as it crosses the network or by redirecting the connection to a system under their control.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-345
CWE-345

 

Consequences

Integrity, Confidentiality: Gain Privileges or Assume Identity

If an attackers can spoof the endpoint, the attacker gains all the privileges that were intended for the original endpoint.

 

Potential Mitigations

CVE References

 

CWE-925 – Improper Verification of Intent by Broadcast Receiver

Read Time:54 Second

Description

The Android application uses a Broadcast Receiver that receives an Intent but does not properly verify that the Intent came from an authorized source.

Certain types of Intents, identified by action string, can only be broadcast by the operating system itself, not by third-party applications. However, when an application registers to receive these implicit system intents, it is also registered to receive any explicit intents. While a malicious application cannot send an implicit system intent, it can send an explicit intent to the target application, which may assume that any received intent is a valid implicit system intent and not an explicit intent from another application. This may lead to unintended behavior.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-923

 

Consequences

Integrity: Gain Privileges or Assume Identity

Another application can impersonate the operating system and cause the software to perform an unintended action.

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Before acting on the Intent, check the Intent Action to make sure it matches the expected System action.

CVE References

 

CWE-926 – Improper Export of Android Application Components

Read Time:1 Minute, 7 Second

Description

The Android application exports a component for use by other applications, but does not properly restrict which applications can launch the component or access the data it contains.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-285

 

Consequences

Availability, Integrity: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context

Other applications, possibly untrusted, can launch the Activity.

Availability, Integrity: Unexpected State, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, DoS: Instability, Varies by Context

Other applications, possibly untrusted, can bind to the Service.

Confidentiality, Integrity: Read Application Data, Modify Application Data

Other applications, possibly untrusted, can read or modify the data that is offered by the Content Provider.

 

Potential Mitigations

Phase: Build and Compilation

Effectiveness:

Description: 

If they do not need to be shared by other applications, explicitly mark components with android_exported=”false” in the application manifest.

Phase: Build and Compilation

Effectiveness:

Description: 

If you only intend to use exported components between related apps under your control, use android_protectionLevel=”signature” in the xml manifest to restrict access to applications signed by you.

Phase: Build and Compilation, Architecture and Design

Effectiveness:

Description: 

Limit Content Provider permissions (read/write) as appropriate.

Phase: Build and Compilation, Architecture and Design

Effectiveness:

Description: 

Limit Content Provider permissions (read/write) as appropriate.

CVE References

 

CWE-927 – Use of Implicit Intent for Sensitive Communication

Read Time:33 Second

Description

The Android application uses an implicit intent for transmitting sensitive data to other applications.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-285
CWE-668

 

Consequences

Confidentiality: Read Application Data

Other applications, possibly untrusted, can read the data that is offered through the Intent.

Integrity: Varies by Context

The application may handle responses from untrusted applications on the device, which could cause it to perform unexpected or unauthorized actions.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

If the application only requires communication with its own components, then the destination is always known, and an explicit intent could be used.

CVE References