CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-169: Technology-Specific Special Elements

 
Technology-Specific Special Elements
Category ID: 169 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to improper handling of special elements within particular technologies.
+ Applicable Platforms

Languages

All

+ Potential Mitigations
PhaseDescription

Developers should anticipate that technology-specific special elements will be injected/removed/manipulated in the input vectors of their software system. Use an appropriate combination of black lists and white lists to ensure only valid, expected and appropriate input is processed by the system.

+ Other Notes

Note that special elements problems can arise from designs or languages that (1) do not separate "code" from "data" or (2) mix meta-information with information.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class138Improper Sanitization of Special Elements
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base170Improper Null Termination
Development Concepts (primary)699
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERTechnology-Specific Special Elements
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
Back to top
Page Last Updated: October 29, 2009
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us