|
|
|
|
CWE-144 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 144 (Weakness Variant) | | Description | Summary Line delimiters injected into an application can be used to compromise a
system. As data is parsed, an injected/absent/malformed delimiter may cause the process
to take unexpected actions. | | Potential Mitigations | Developers should anticipate that line delimiters will be
injected/removed/manipulated in the input vectors of their software system. Use an
appropriate combination of black lists and white lists to ensure only valid,
expected and appropriate input is processed by the system. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-0267 | Linebreak in field of PHP script allows admin privileges when written to
data file. |
| | Context Notes | Depending on the language and syntax being used, this could be the same as
the record delimiter. | | Relationships | | | Source Taxonomies | PLOVER - Line Delimiter | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
