Détail du CWE-151

CWE-151

Improper Neutralization of Comment Delimiters
Draft
2006-07-19
00h00 +00:00
2023-06-29
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Improper Neutralization of Comment Delimiters

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as comment delimiters when they are sent to a downstream component.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Conséquences courantes

Portée Impact Probabilité
IntegrityUnexpected State

Exemples observés

Références Description

CVE-2002-0001

Mail client command execution due to improperly terminated comment in address list.

CVE-2004-0162

MIE. RFC822 comment fields may be processed as other fields by clients.

CVE-2004-1686

Well-placed comment bypasses security warning.

CVE-2005-1909

Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow ">!--" while denying most other tags.

CVE-2005-1969

Information hiding using a manipulation involving injection of comment code into product. Note: these vulnerabilities are likely vulnerable to more general XSS problems, although a regexp might allow "