|
|
|
|
CWE-156 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 156 (Weakness Variant) | | Description | Summary White space injected into an application through input can be used to compromise a
system. As data is parsed, improperly handled white space may cause the process to take unexpected
actions. | | Alternate Terms | White space | | Potential Mitigations | Developers should anticipate that whitespace will be injected/removed/manipulated in
the input vectors of their software system. Use an appropriate combination of black lists and
white lists to ensure only valid, expected and appropriate input is processed by the
system. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-0637 | MIE. virus protection bypass with RFC violations involving extra whitespace, or
missing whitespace. | | CVE-2004-0942 | CPU consumption with MIME headers containing lines with many space characters,
probably due to algorithmic complexity (RESOURCE.AMP.ALG). | | CVE-2003-1015 | MIE. whitespace interpreted differently by mail clients. |
| | Context Notes | This can include space, tab, etc. Can overlap other separator characters or delimiters. | | Relationships | | | Source Taxonomies | PLOVER - Whitespace | | Applicable Platforms | All |
|
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated
