Modes d'introduction
Implementation
Plateformes applicables
Langue
Class: Not Language-Specific (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Other Access Control | Quality Degradation, Gain Privileges or Assume Identity
Note: This weakness can cause unintended behavior and can lead to additional weaknesses such as allowing an attacker to gain unintended access to system resources. | |
Exemples observés
Références |
Description |
| The method calls the functions with the wrong argument order, which allows remote attackers to bypass intended access restrictions. |
Mesures d’atténuation potentielles
Phases : Build and Compilation
Once found, these issues are easy to fix. Use code inspection tools and relevant compiler features to identify potential violations. Pay special attention to code that is not likely to be exercised heavily during QA.
Phases : Architecture and Design
Make sure your API's are stable before you use them in production code.
Méthodes de détection
Other
Since these bugs typically introduce incorrect behavior that is obvious to users, they are found quickly, unless they occur in rarely-tested code paths. Managing the correct number of arguments can be made more difficult in cases where format strings are used, or when variable numbers of arguments are supported.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
CWE Content Team |
MITRE |
2007-05-07 +00:00 |
2007-05-07 +00:00 |
Draft 6 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Description, Relationships, Other_Notes, Weakness_Ordinalities |
CWE Content Team |
MITRE |
2008-11-24 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2009-10-29 +00:00 |
updated Detection_Factors, Other_Notes, Weakness_Ordinalities |
CWE Content Team |
MITRE |
2010-02-16 +00:00 |
updated Detection_Factors |
CWE Content Team |
MITRE |
2010-06-21 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2011-06-27 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Common_Consequences, Demonstrative_Examples, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2019-01-03 +00:00 |
updated Relationships, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2021-03-15 +00:00 |
updated Detection_Factors, Relationships |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |