Description
The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-1061
Consequences
Integrity, Confidentiality: Read Application Data, Modify Application Data
Making a critical variable public allows anyone with access to the object in which the variable is contained to alter or read the value.
Other: Reduce Maintainability
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Data should be private, static, and final whenever possible. This will assure that your code is protected by instantiating early, preventing access, and preventing tampering.
CVE References
- CVE-2010-3860
- variables declared public allows remote read of system properties such as user name and home directory.
Description
The software defines a public method that reads or modifies a private variable.
If an attacker modifies the variable to contain unexpected values, this could violate assumptions from other parts of the code. Additionally, if an attacker can read the private variable, it may expose sensitive information or make it easier to launch further attacks.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-668
Consequences
Integrity, Other: Modify Application Data, Other
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Use class accessor and mutator methods appropriately. Perform validation when accepting data from a public method that is intended to modify a critical private variable. Also be sure that appropriate access controls are being applied when a public method interfaces with critical data.
CVE References
Read Time:1 Minute, 9 Second
Description
The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.
While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
CWE-252
CWE-476
Consequences
Availability: DoS: Crash, Exit, or Restart
Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Read Memory, Modify Memory
In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.
Potential Mitigations
CVE References
- CVE-2008-1052
- Large Content-Length value leads to NULL pointer dereference when malloc fails.
- CVE-2006-6227
- Large message length field leads to NULL pointer dereference when malloc fails.
- CVE-2006-2555
- Parsing routine encounters NULL dereference when input is missing a colon separator.
- CVE-2003-1054
- URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
- CVE-2008-5183
- chain: unchecked return value can lead to NULL dereference
Description
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Other: Alter Execution Logic
Potential Mitigations
CVE References
Description
The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.
While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The “XSS Cheat Sheet” [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.
Modes of Introduction:
Likelihood of Exploit:
Related Weaknesses
CWE-184
CWE-79
Consequences
Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands
Potential Mitigations
CVE References
Description
The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
This weakness covers three distinct situations. A “missing” protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An “insufficient” protection mechanism might provide some defenses – for example, against the most common attacks – but it does not protect against everything that is intended. Finally, an “ignored” mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
CVE References
Description
The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-99
CWE-573
Consequences
Access Control: Bypass Protection Mechanism
If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.
Other: Quality Degradation
Potential Mitigations
Phase: Architecture and Design
Effectiveness:
Description:
Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.
CVE References
- CVE-2013-4787
- chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
Description
The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.
The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-573
Consequences
Other: Other
Potential Mitigations
CVE References
Description
The product performs multiple related behaviors, but the behaviors are performed in the wrong order in ways which may produce resultant weaknesses.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit:
Related Weaknesses
CWE-691
Consequences
Integrity: Alter Execution Logic
Potential Mitigations
CVE References
- CVE-2019-9805
- Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
- CVE-2007-5191
- file-system management programs call the setuid and setgid functions in the wrong order and do not check the return values, allowing attackers to gain unintended privileges
- CVE-2007-1588
- C++ web server program calls Process::setuid before calling Process::setgid, preventing it from dropping privileges, potentially allowing CGI programs to be called with higher privileges than intended
Description
The software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
Consequences
Other: Varies by Context
Potential Mitigations
CVE References
- CVE-2016-10003
- Proxy performs incorrect comparison of request headers, leading to infoleak