CWE-472

Nome

External Control of Assumed-Immutable Web Parameter

Stato

Draft

Pubblicato

2006-07-19
00h00 +00:00

Modificato

2025-12-11
00h00 +00:00

Link ufficiali

CWE Mitre.org

Notifiche per un CWE specifico

Rimani informato su qualsiasi modifica relativa a un CWE specifico.

Gestione notifiche

Avvisi personalizzati

Attiva i tuoi avvisi personalizzati!

Per attivare i tuoi avvisi, è sufficiente essere connessi al proprio account gratuito. Se non hai ancora effettuato l'accesso, scegli una delle opzioni seguenti.

Accedi al tuo account Crea un account gratuito

Notifiche per un CWE specifico

Rimani informato su qualsiasi modifica relativa a un CWE specifico.

Parametri

È possibile specificare un titolo che verrà riportato negli avvisi inviati.

Specifica l'ID CWE che desideri monitorare.

Pianificazione

Mese

Calcolo della prossima esecuzione

Giorno

Giorno della settimana

Ora

Minuto

Data di creazione

Ultima esecuzione

Prossima esecuzione

Nome: External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

General Informations

Modes Of Introduction

Implementation : OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.

Piattaforme applicabili

Linguaggio

Class: Not Language-Specific (Undetermined)

Tecnologie

Class: Web Based (Undetermined)
Name: Web Server (Undetermined)

Conseguenze comuni

Ambito	Impatto	Probabilità
Integrity	Modify Application Data Note: Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies.

Esempi osservati

Riferimenti	Descrizione
CVE-2002-0108	Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.
CVE-2000-0253	Shopping cart allows price modification via hidden form field.
CVE-2000-0254	Shopping cart allows price modification via hidden form field.
CVE-2000-0926	Shopping cart allows price modification via hidden form field.
CVE-2000-0101	Shopping cart allows price modification via hidden form field.
CVE-2000-0102	Shopping cart allows price modification via hidden form field.
CVE-2000-0758	Allows admin access by modifying value of form field.
CVE-2002-1880	Read messages by modifying message ID parameter.
CVE-2000-1234	Send email to arbitrary users by modifying email parameter.
CVE-2005-1652	Authentication bypass by setting a parameter.
CVE-2005-1784	Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.
CVE-2005-2314	Logic error leads to password disclosure.
CVE-2005-1682	Modification of message number parameter allows attackers to read other people's messages.

Potential Mitigations

Phases : Implementation
Phases : Implementation
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Effectiveness : High

Note sulla mappatura delle vulnerabilità

Giustificazione : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commento : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Pattern di attacco correlati

CAPEC-ID	Nome del pattern di attacco
CAPEC-146	XML Schema Poisoning An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.
CAPEC-226	Session Credential Falsification through Manipulation An attacker manipulates an existing credential in order to gain access to a target application. Session credentials allow users to identify themselves to a service after an initial authentication without needing to resend the authentication information (usually a username and password) with every message. An attacker may be able to manipulate a credential sniffed from an existing connection in order to gain access to a target server.
CAPEC-31	Accessing/Intercepting/Modifying HTTP Cookies This attack relies on the use of HTTP Cookies to store credentials, state information and other critical data on client systems. There are several different forms of this attack. The first form of this attack involves accessing HTTP Cookies to mine for potentially sensitive data contained therein. The second form involves intercepting this data as it is transmitted from client to server. This intercepted information is then used by the adversary to impersonate the remote user/session. The third form is when the cookie's content is modified by the adversary before it is sent back to the server. Here the adversary seeks to convince the target server to operate on this falsified information.
CAPEC-39	Manipulating Opaque Client-based Data Tokens In circumstances where an application holds important data client-side in tokens (cookies, URLs, data files, and so forth) that data can be manipulated. If client or server-side application components reinterpret that data as authentication tokens or data (such as store item pricing or wallet information) then even opaquely manipulating that data may bear fruit for an Attacker. In this pattern an attacker undermines the assumption that client side tokens have been adequately protected from tampering through use of encryption or obfuscation.

Note

This is a primary weakness for many other weaknesses and functional consequences, including XSS, SQL injection, path disclosure, and file inclusion.
This is a technology-specific MAID problem.

Riferimenti

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Invio

Nome	Organizzazione	Data	Data di rilascio	Version
PLOVER		2006-07-19 +00:00	2006-07-19 +00:00	Draft 3

Modifiche

Nome	Organizzazione	Data	Commento
Sean Eidemiller	Cigital	2008-07-01 +00:00	added/updated demonstrative examples
Eric Dalci	Cigital	2008-07-01 +00:00	updated Potential_Mitigations, Time_of_Introduction
CWE Content Team	MITRE	2008-09-08 +00:00	updated Description, Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team	MITRE	2009-01-12 +00:00	updated Relationships
CWE Content Team	MITRE	2009-07-27 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2009-10-29 +00:00	updated Common_Consequences, Demonstrative_Examples, Description, Other_Notes, Relationship_Notes, Theoretical_Notes
CWE Content Team	MITRE	2010-04-05 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2010-12-13 +00:00	updated Description
CWE Content Team	MITRE	2011-03-29 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2011-06-27 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2012-05-11 +00:00	updated Demonstrative_Examples, References, Relationships
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships
CWE Content Team	MITRE	2015-12-07 +00:00	updated Relationships
CWE Content Team	MITRE	2017-11-08 +00:00	updated Applicable_Platforms, Demonstrative_Examples, Modes_of_Introduction, Relationships
CWE Content Team	MITRE	2019-01-03 +00:00	updated Related_Attack_Patterns
CWE Content Team	MITRE	2019-06-20 +00:00	updated Related_Attack_Patterns, Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Potential_Mitigations, Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2021-10-28 +00:00	updated Relationships
CWE Content Team	MITRE	2023-04-27 +00:00	updated Detection_Factors, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2025-12-11 +00:00	updated Applicable_Platforms, Relationships, Weakness_Ordinalities

CWE-472 Detail