CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.1)  
Search by ID:

CWE-76: Failure to Resolve Equivalent Special Elements into a Different Plane

Individual Definition in a New Window
Failure to Resolve Equivalent Special Elements into a Different Plane
Status: Draft
Weakness ID: 76 (Weakness Base)
Description
Summary

The software fails to adequately filter non-typical special elements that are equivalent to control-relevant special elements that are already being filtered.

Likelihood of Exploit

High to Very High

Weakness Ordinalities
Primary (where the weakness exists independent of other weaknesses)
Causal Nature
Explicit (an explicit weakness resulting from behavior of the developer)
Potential Mitigations

Requirements specification: Programming languages and supporting technologies might be chosen which are not subject to these issues.

Implementation

Utilize an appropriate mix of white-list and black-list parsing to filter equivalent special element syntax from all input.

Other Notes

Can include encoded special characters.

Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness ClassWeakness Class75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Development Concepts (primary)699
Research Concepts (primary)1000
Taxonomy Mappings
Mapped Taxonomy NameMapped Node Name
PLOVEREquivalent Special Element Injection
Applicable Platforms
Languages
All
Time of Introduction
* Architecture and Design
* Implementation
Content History
Submissions
PLOVER. (Externally Mined)
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities
Previous Entry Names
* Equivalent Special Element Injection (changed 2008-04-11)
Page Last Updated: November 24, 2008