|
|
|
|
CWE-183 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 183 (Weakness Base) | | Description | Summary An application uses a "whitelist" of acceptable values, but the whitelist permits at
least one unsafe value. | | Potential Mitigations | Define rigid requirements specifications for input and strictly accept input based on
those specifications. Determine if any of the valid data include special characters that are
associated with security exploits (use this taxonomy and the Common Vulnerabilities and
Exposures as a start to determine what characters are potentially malicious). If permitted,
then follow the potential mitigations associated with the weaknesses in this taxonomy. Always
handle these data carefully and anticipate attempts to exploit your system. | | Context Notes | Note that a permissive whitelist produces resultant vulnerabilities. | | Relationships | | | Source Taxonomies | PLOVER - Permissive Whitelist | | Applicable Platforms | All | | Time of Introduction | Architecture and Design Implementation | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 71 | Using Unicode Encoding to Bypass Validation Logic | | 3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters | | 43 | Exploiting Multiple Input Interpretation Layers |
|
|