CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.6)  

CWE-454: External Initialization of Trusted Variables

 
External Initialization of Trusted Variables
Weakness ID: 454 (Weakness Base)Status: Draft
+ Description

Description Summary

The software initializes critical internal variables using inputs that can come from externally controlled sources.

Extended Description

A software system should be reluctant to trust variables that have been initialized outside of its trust boundary, especially if they are initialized by users. They may have been initialized incorrectly. If an attacker can initialize the variable, then he/she can influence what the vulnerable system will do.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

PHP: (Sometimes)

All

Platform Notes

This is often found in PHP due to register_globals and the common practice of storing library/include files under the web document root so that they are available using a direct request.

+ Demonstrative Examples

Example 1

In the Java example below, a system property controls the debug level of the application. If an attacker is able to modify the system property, he may be able to coax the application into divulging sensitive information by virtue of the fact that additional debug information is printed/exposed as the debug level increases.

(Bad Code)
Java
int debugLevel = Integer.getInteger("com.domain.application.debugLevel").intValue();
+ Observed Examples
ReferenceDescription
CVE-2000-0959Does not clear dangerous environment variables, enabling symlink attack.
CVE-2001-0033Specify alternate configuration directory in environment variable, enabling untrusted path.
CVE-2001-0872Dangerous environment variable not cleansed.
CVE-2001-0084Specify arbitrary modules using environment variable.
+ Potential Mitigations
PhaseDescription

A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking (e.g. input validation) is performed when relying on input from outside a trust boundary.

Architecture and Design

Avoid any external control of variables. If necessary, restrict the variables that can be modified using a whitelist, and use a different namespace or naming convention if possible.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory452Initialization and Cleanup Errors
Development Concepts (primary)699
CanAlsoBeWeakness BaseWeakness Base456Missing Initialization
Research Concepts1000
ChildOfWeakness BaseWeakness Base665Improper Initialization
Research Concepts (primary)1000
+ Relationship Notes

Overlaps Missing variable initialization, especially in PHP.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERExternal initialization of trusted variables or values
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Sean EidemillerCigitalExternal
added/updated demonstrative examples
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Applicable Platforms, Description, Relationships, Other Notes, Taxonomy Mappings
2009-10-29CWE Content TeamMITREInternal
updated Other Notes, Relationship Notes
Page Last Updated: October 29, 2009