Modes d'introduction
Implementation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Integrity Access Control | Alter Execution Logic, Bypass Protection Mechanism | |
Exemples observés
Références |
Description |
| PHP remote file inclusion in web application that filters "http" and "https" URLs, but not "ftp". |
| Product does not prevent access to restricted directories due to partial string comparison with a public directory |
Mesures d’atténuation potentielles
Phases : Testing
Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is a Class and might have Base-level children that would be more appropriate
Commentaire : Examine children of this entry to see if there is a better fit
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
CWE Content Team |
MITRE |
2018-01-04 +00:00 |
2018-03-29 +00:00 |
3.1 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Description, Relationships, Type |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Demonstrative_Examples |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |
CWE Content Team |
MITRE |
2023-10-26 +00:00 |
updated Observed_Examples |