Weakness Name | |
---|---|
Improper Control of Generation of Code ('Code Injection') The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
|
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template. |
|
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval"). |
|
Improper Neutralization of Server-Side Includes (SSI) Within a Web Page The product generates a web page, but does not neutralize or incorrectly neutralizes user-controllable input that could be interpreted as a server-side include (SSI) directive. |
|
Least Privilege Violation The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
|
Improper Link Resolution Before File Access ('Link Following') The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
|
Improper Ownership Management The product assigns the wrong ownership, or does not properly verify the ownership, of an object or resource. |
|
Privilege Context Switching Error The product does not properly manage privileges while it is switching between different contexts that have different privileges or spheres of control. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Description, Description Summary, Examples-Instances, Related_Attack_Patterns, Type (Attack_Pattern -> Relationship) | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances, Taxonomy_Mappings | |
CAPEC Content Team | The MITRE Corporation | Updated Taxonomy_Mappings |