[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Enforcement of Message or Data Structure

ID: 707Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Class





Description

The software does not enforce or incorrectly enforces that structured messages or data are well-formed before being read from an upstream component or sent to a downstream component.

Extended Description

If a message is malformed it may cause the message to be incorrectly interpreted.

This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Other
 
Other
 
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-707 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings
None

References:
None

CVE    3
CVE-2018-3918
CVE-2019-10052
CVE-2020-11080

© SecPod Technologies