Description

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-185
CWE-187
CWE-184
CWE-183

Consequences

Access Control: Bypass Protection Mechanism

Potential Mitigations

Phase: Implementation

Description: 

When applicable, ensure that the regular expression marks beginning and ending string patterns, such as “/^string$/” for Perl.

CVE References

• CVE-2006-1895
  • “.*” regexp leads to static code injection

• CVE-2002-2175
  • insertion of username into regexp results in partial comparison, causing wrong database entry to be updated when one username is a substring of another.

• CVE-2006-4527
  • regexp intended to verify that all characters are legal, only checks that at least one is legal, enabling file inclusion.

• CVE-2005-1949
  • Regexp for IP address isn’t anchored at the end, allowing appending of shell metacharacters.

• CVE-2002-2109
  • Regexp isn’t “anchored” to the beginning or end, which allows spoofed values that have trusted values as substrings.

• CVE-2006-6511
  • regexp in .htaccess file allows access of files whose names contain certain substrings

• CVE-2006-6629
  • allow load of macro files whose names contain certain substrings.