Détail du CWE-511

CWE-511

Logic/Time Bomb
Incomplete
2006-07-19
00h00 +00:00
2024-07-16
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Logic/Time Bomb

The product contains code that is designed to disrupt the legitimate operation of the product (or its environment) when a certain time passes, or when a certain logical condition is met.

Description du CWE

When the time bomb or logic bomb is detonated, it may perform a denial of service such as crashing the system, deleting critical data, or degrading system response time. This bomb might be placed within either a replicating or non-replicating Trojan horse.

Informations générales

Modes d'introduction

Architecture and Design
Implementation

Plateformes applicables

Langue

Class: Not Language-Specific (Undetermined)

Technologies

Class: Mobile (Undetermined)

Conséquences courantes

Portée Impact Probabilité
Other
Integrity
Varies by Context, Alter Execution Logic

Mesures d’atténuation potentielles

Phases : Installation
Always verify the integrity of the product that is being installed.
Phases : Testing
Conduct a code coverage analysis using live testing, then closely inspect any code that is not covered.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Références

REF-172

Mobile App Top 10 List
Chris Wysopal.
https://www.veracode.com/blog/2010/12/mobile-app-top-10-list

REF-1431

A Taxonomy of Computer Program Security Flaws, with Examples
Carl E. Landwehr, Alan R. Bull, John P. McDermott, William S. Choi.
https://cwe.mitre.org/documents/sources/ATaxonomyofComputerProgramSecurityFlawswithExamples%5BLandwehr93%5D.pdf

Soumission

Nom Organisation Date Date de publication Version
Landwehr 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Nom Organisation Date Commentaire
Eric Dalci Cigital 2008-07-01 +00:00 updated Potential_Mitigations, Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2008-10-14 +00:00 updated Description
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-27 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2013-02-21 +00:00 updated Applicable_Platforms, Potential_Mitigations, References, Time_of_Introduction
CWE Content Team MITRE 2017-11-08 +00:00 updated References
CWE Content Team MITRE 2020-02-24 +00:00 updated Applicable_Platforms, Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description, Potential_Mitigations
CWE Content Team MITRE 2023-04-27 +00:00 updated References, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2024-07-16 +00:00 updated References