CWE
Home > CWE List > CWE-140 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-140 Individual Dictionary Definition (Draft 9)

Failure to Sanitize Delimiters
Weakness ID
Status: Draft

140 (Weakness Base)

Description

Summary

The software does not properly sanitize delimiters.

Potential Mitigations

Developers should anticipate that delimiters will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of black lists and white lists to ensure only valid, expected and appropriate input is processed by the system.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class138Failure to Sanitize Special Elements
ParentOfWeakness VariantWeakness VariantWeakness Variant141Failure to Sanitize Parameter/Argument Delimiters
ParentOfWeakness VariantWeakness VariantWeakness Variant142Failure to Sanitize Value Delimiters
ParentOfWeakness VariantWeakness VariantWeakness Variant143Failure to Sanitize Record Delimiters
ParentOfWeakness VariantWeakness VariantWeakness Variant144Failure to Sanitize Line Delimiters
ParentOfWeakness VariantWeakness VariantWeakness Variant145Failure to Sanitize Section Delimiters
ParentOfWeakness VariantWeakness VariantWeakness Variant146Failure to Sanitize Expression/Command Delimiters
Source Taxonomies

PLOVER - Delimiter Problems

Related Attack Patterns
CAPEC-IDAttack Pattern Name
15Command Delimiters
Back to top
Page Last Updated: April 21, 2008
 

CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us