CWE-624
Executable Regular Expression Error
Incomplete
2007-05-07
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Nom: Executable Regular Expression Error
The product uses a regular expression that either (1) contains an executable component with user-controlled inputs, or (2) allows a user to enable execution by inserting pattern modifiers.
Description du CWE
Case (2) is possible in the PHP preg_replace() function, and possibly in other languages when a user-controlled input is inserted into a string that is later parsed as a regular expression.
Informations générales
Modes d'introduction
ImplementationPlateformes applicables
Langue
Name: PHP (Undetermined)Name: Perl (Undetermined)
Conséquences courantes
| Portée | Impact | Probabilité |
|---|---|---|
| Confidentiality Integrity Availability | Execute Unauthorized Code or Commands |
Exemples observés
| Références | Description |
|---|---|
CVE-2006-2059 | Executable regexp in PHP by inserting "e" modifier into first argument to preg_replace |
CVE-2005-3420 | Executable regexp in PHP by inserting "e" modifier into first argument to preg_replace |
CVE-2006-2878 | Complex curly syntax inserted into the replacement argument to PHP preg_replace(), which uses the "/e" modifier |
CVE-2006-2908 | Function allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier. |
Mesures d’atténuation potentielles
Phases : ImplementationThe regular expression feature in some languages allows inputs to be quoted or escaped before insertion, such as \Q and \E in Perl.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
Under-studied. The existing PHP reports are limited to highly skilled researchers, but there are few examples for other languages. It is suspected that this is under-reported for all languages. Usability factors might make it more prevalent in PHP, but this theory has not been investigated.Soumission
| Nom | Organisation | Date | Date de publication | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | Draft 6 |
Modifications
| Nom | Organisation | Date | Commentaire |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships, Observed_Example | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
