Read Time:57 Second

Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-185
CWE-187
CWE-184
CWE-183

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

Phase: Implementation

Description: 

When applicable, ensure that the regular expression marks beginning and ending string patterns, such as “/^string$/” for Perl.

CVE References

  • CVE-2002-2175
    • insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.
  • CVE-2006-4527
    • regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.
  • CVE-2005-1949
    • Regexp for IP address isn’t anchored at the end, allowing appending of shell metacharacters.
  • CVE-2002-2109
    • Regexp isn’t “anchored” to the beginning or end, which allows spoofed values that have trusted values as substrings.
  • CVE-2006-6511
    • regexp in .htaccess file allows access of files whose names contain certain substrings
  • CVE-2006-6629
    • allow load of macro files whose names contain certain substrings.