CWE-698
Execution After Redirect (EAR)
Incomplete
2008-09-09
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Execution After Redirect (EAR)
The web application sends a redirect to another location, but instead of exiting, it executes additional code.
General Informations
Modes Of Introduction
ImplementationApplicable Platforms
Language
Class: Not Language-Specific (Undetermined)Technologies
Class: Web Based (Undetermined)Name: Web Server (Sometimes)
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Other Confidentiality Integrity Availability | Alter Execution Logic, Execute Unauthorized Code or Commands Note: This weakness could affect the control flow of the application and allow execution of untrusted code. |
Observed Examples
| References | Description |
|---|---|
CVE-2013-1402 | Execution-after-redirect allows access to application configuration details. |
CVE-2009-1936 | chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal. |
CVE-2007-2713 | Remote attackers can obtain access to administrator functionality through EAR. |
CVE-2007-4932 | Remote attackers can obtain access to administrator functionality through EAR. |
CVE-2007-5578 | Bypass of authentication step through EAR. |
CVE-2007-2713 | Chain: Execution after redirect triggers eval injection. |
CVE-2007-6652 | chain: execution after redirect allows non-administrator to perform static code injection. |
Detection Methods
Black Box
This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss.Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
References
REF-565
Fear the EAR: Discovering and Mitigating Execution After Redirect VulnerabilitiesAdam Doupé, Bryce Boe, Christopher Kruegel, Giovanni Vigna.
https://sites.cs.ucsb.edu/~chris/research/doc/ccs11_ear.pdf
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.0 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated Alternate_Terms, Name, Observed_Examples, References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Demonstrative_Examples | |
| CWE Content Team | MITRE | updated References | |
| CWE Content Team | MITRE | updated Applicable_Platforms |
