|
|
|
|
CWE-141 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 141 (Weakness Variant) | | Description | Summary Parameter delimiters injected into an application can be used to compromise a system. As
data is parsed, an injected/absent/malformed delimiter may cause the process to take unexpected
actions. | | Potential Mitigations | Developers should anticipate that parameter delimiters will be
injected/removed/manipulated in the input vectors of their software system. Use an appropriate
combination of black lists and white lists to ensure only valid, expected and appropriate
input is processed by the system. | | Observed Examples | | Reference | Description |
|---|
| CVE-2003-0307 | Attacker inserts field separator into input to specify admin privileges. |
| | Relationships | | | Source Taxonomies | PLOVER - Parameter Delimiter | | Applicable Platforms | All |
|