|
|
|
|
CWE-145 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 145 (Weakness Variant) | | Description | Summary Section delimiters injected into an application can be used to compromise a
system. As data is parsed, an injected/absent/malformed delimiter may cause the process
to take unexpected actions that result in an attack. One example of a section delimiter
is the boundary string in a multipart MIME message. In many cases, doubled line
delimiters can serve as a section delimiter. | | Potential Mitigations | Developers should anticipate that section delimiters will be
injected/removed/manipulated in the input vectors of their software system. Use an
appropriate combination of black lists and white lists to ensure only valid,
expected and appropriate input is processed by the system. | | Context Notes | Depending on the language and syntax being used, this could be the same as
the record delimiter. | | Relationships | | | Source Taxonomies | PLOVER - Section Delimiter | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
