|
|
|
|
CWE-146 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Incomplete 146 (Weakness Variant) | | Description | Summary Delimiters between expressions or commands injected into the software through
input can be used to compromise a system. As data is parsed, an
injected/absent/malformed delimiter may cause the process to take unexpected actions
that result in an attack. | | Potential Mitigations | Developers should anticipate that inter-expression and inter-command
delimiters will be injected/removed/manipulated in the input vectors of their
software system. Use an appropriate combination of black lists and white lists to
ensure only valid, expected and appropriate input is processed by the
system. | | Context Notes | Shell metacharacters (covered elsewhere) is one example. | | Relationships | | | Source Taxonomies | PLOVER - Delimiter between Expressions or Commands | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 15 | Command Delimiters | | 6 | Argument Injection |
|
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
