CWE-346: Origin Validation Error
Weakness ID: 346 (Weakness Base) Status: Draft
Description
Description Summary
The software does not properly verify that the source of data
or communication is valid.
Time of Introduction
Architecture and Design
Implementation
Observed Examples
Reference Description CVE-2000-1218 DNS server can accept DNS updates from hosts that
it did not query, leading to cache poisoning CVE-2005-0877 DNS server can accept DNS updates from hosts that
it did not query, leading to cache poisoning CVE-2001-1452 DNS server caches glue records received from
non-delegated name servers CVE-2005-2188 user ID obtained from untrusted source
(URL) CVE-2003-0174 LDAP service does not verify if a particular
attribute was set by the LDAP server CVE-1999-1549 product does not sufficiently distinguish external
HTML from internal, potentially dangerous HTML, allowing bypass using
special strings in the page title. Overlaps special
elements. CVE-2003-0981 product records the reverse DNS name of a visitor
in the logs, allowing spoofing and resultant
XSS.
Weakness Ordinalities
Ordinality Description Primary
(where the
weakness exists independent of other weaknesses)
Resultant
(where the
weakness is typically related to the presence of some other
weaknesses)
Relationships
Relationship Notes
This is a factor in many weaknesses, both primary and resultant. The
problem could be due to design or implementation. This is a fairly general
class.
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name PLOVER Origin Validation Error
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time of Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships, Relationship Notes,
Taxonomy Mappings, Weakness Ordinalities 2009-05-27 CWE Content Team MITRE Internal updated Related Attack Patterns
Description
