The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.
Modes of Introduction:
– Implementation
Integrity: Unexpected State
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as “..” that can resolve to a location that is outside of that directory.
This allows attackers to traverse the file system to access files or directories that are outside of the restricted directory.
Modes of Introduction:
– Implementation
Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands
The attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Integrity: Modify Files or Directories
The attacker may be able to overwrite or create critical files, such as programs, libraries, or important data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, appending a new account at the end of a password file may allow an attacker to bypass authentication.
Confidentiality: Read Files or Directories
The attacker may be able read the contents of unexpected files and expose sensitive data. If the targeted file is used for a security mechanism, then the attacker may be able to bypass that mechanism. For example, by reading a password file, the attacker could conduct brute force password guessing attacks in order to break into an account on the system.
Availability: DoS: Crash, Exit, or Restart
The attacker may be able to overwrite, delete, or corrupt unexpected critical files such as programs, libraries, or important data. This may prevent the software from working at all and in the case of a protection mechanisms such as authentication, it has the potential to lockout every user of the software.
Phase: Implementation
Description:
Phase: Implementation
Description:
The software does not properly handle when the expected number of values for parameters, fields, or arguments is not provided in input, or if those values are undefined.
Modes of Introduction:
– Architecture and Design
Integrity: Unexpected State
The product does not handle or incorrectly handles input that is not syntactically well-formed with respect to the associated specification.
Modes of Introduction:
– Implementation
Integrity, Availability: Unexpected State, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
If an input is syntactically invalid, then processing the input could place the system in an unexpected state that could lead to a crash, consume available system resources or other unintended behaviors.
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or “zeroize” the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Modes of Introduction:
– Architecture and Design
Confidentiality: Read Application Data
Phase: Architecture and Design, Implementation
Effectiveness: High
Description:
During critical state transitions, information not needed in the next state should be removed or overwritten with fixed patterns (such as all 0’s) or random data, before the transition to the next state.
Phase: Architecture and Design, Implementation
Effectiveness: High
Description:
When releasing, de-allocating, or deleting a resource, overwrite its data and relevant metadata with fixed patterns or random data. Be cautious about complex resource types whose underlying representation might be non-contiguous or change at a low level, such as how a file might be split into different chunks on a file system, even though “logical” file positions are contiguous at the application layer. Such resource types might require invocation of special modes or APIs to tell the underlying operating system to perform the necessary clearing, such as SDelete (Secure Delete) on Windows, although the appropriate functionality might not be available at the application layer.
This weakness can be found at CWE-199.
Modes of Introduction:
The software records security-relevant information according to an alternate name of the affected entity, instead of the canonical name.
Modes of Introduction:
– Architecture and Design
Non-Repudiation, Access Control: Hide Activities, Gain Privileges or Assume Identity
The application does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe.
Modes of Introduction:
– Architecture and Design
Non-Repudiation: Hide Activities
The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.
The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
Modes of Introduction:
– Architecture and Design
Non-Repudiation: Hide Activities
The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.