CWE
Home > CWE List > CWE-74 Individual Dictionary Definition (Draft 9)   View the CWE List

CWE-74 Individual Dictionary Definition (Draft 9)

Failure to Sanitize Data into a Different Plane (aka 'Injection')
Weakness ID
Status: Incomplete

74 (Weakness Class)

Description

Summary

The software fails to adequately filter user-controlled input data for syntax that has control-plane implications. Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems span a wide range of instantiations. This is usually attempted in order to alter the control flow of the process.

Likelihood of Exploit

Very High

Weakness Ordinality

Primary (Weakness exists independent of other weaknesses)

Causal Nature

Explicit (This is an explicit weakness resulting from behavior of the developer)

Common Consequences

Confidentiality: Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation

Authentication: In some cases injectable code controls authentication; this may lead to remote vulnerability

Access Control: Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code.

Integrity: Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing.

Accountability: Often the actions performed by injected control code are unlogged.

Potential Mitigations

Requirements specification: Programming languages and supporting technologies might be chosen which are not subject to these issues.

Implementation: Utilize an appropriate mix of white-list and black-list parsing to filter control-plane syntax from all input.

Context Notes

Injection problems encompass a wide variety of issues -- all mitigated in very different ways. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.

Relationships
NatureTypeIDName
ChildOfWeakness ClassWeakness ClassWeakness Class20Insufficient Input Validation
ParentOfWeakness BaseWeakness BaseWeakness Base134Uncontrolled Format String
ParentOfWeakness ClassWeakness ClassWeakness Class75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
ParentOfWeakness ClassWeakness ClassWeakness Class77Failure to Sanitize Data into a Control Plane (aka 'Command Injection')
ParentOfWeakness BaseWeakness BaseWeakness Base79Failure to Sanitize Directives in a Web Page (aka 'Cross-site scripting' (XSS))
ParentOfWeakness BaseWeakness BaseWeakness Base88Argument Injection or Modification
ParentOfWeakness BaseWeakness BaseWeakness Base89Failure to Sanitize Data into SQL Queries (aka 'SQL Injection')
ParentOfWeakness BaseWeakness BaseWeakness Base90Failure to Sanitize Data into LDAP Queries (aka 'LDAP Injection')
ParentOfWeakness BaseWeakness BaseWeakness Base91XML Injection (aka Blind XPath Injection)
ParentOfWeakness BaseWeakness BaseWeakness Base92Custom Special Character Injection
ParentOfWeakness BaseWeakness BaseWeakness Base93Failure to Sanitize CRLF Sequences (aka 'CRLF Injection')
ParentOfWeakness ClassWeakness ClassWeakness Class94Code Injection
ParentOfWeakness BaseWeakness BaseWeakness Base99Insufficient Control of Resource Identifiers (aka 'Resource Injection')
Source Taxonomies

CLASP - Injection problem ('data' used as something else)

Applicable Platforms

All

Related Attack Patterns
CAPEC-IDAttack Pattern Name
10Buffer Overflow via Environment Variables
40Manipulating Writeable Terminal Devices
13Subverting Environment Variable Values
14Client-side Injection-induced Buffer Overflow
51Poison Web Service Registry
42MIME Conversion
24Filter Failure through Buffer Overflow
52Embedding NULL Bytes
43Exploiting Multiple Input Interpretation Layers
34HTTP Response Splitting
80Using UTF-8 Encoding to Bypass Validation Logic
71Using Unicode Encoding to Bypass Validation Logic
53Postfix, Null Terminate, and Backslash
72URL Encoding
45Buffer Overflow via Symbolic Links
91XSS in IMG Tags
64Using Slashes and URL Encoding Combined to Bypass Validation Logic
46Overflow Variables and Tags
28Fuzzing
83XPath Injection
47Buffer Overflow via Parameter Expansion
84XQuery Injection
66SQL Injection
76Manipulating Input to File System Calls
67String Format Overflow in syslog()
78Using Escaped Slashes in Alternate Encoding
79Using Slashes in Alternate Encoding
101Server Side Include (SSI) Injection
3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
7Blind SQL Injection
8Buffer Overflow in an API Call
9Buffer Overflow in Local Command-Line Utilities
Page Last Updated: April 22, 2008