Origin Validation ErrorID: 346 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The software does not properly verify that the source of data
or communication is valid.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Related Attack Patterns
Common Consequences
Scope | Technical Impact | Notes |
---|
Access_ControlOther | Gain privileges / assume
identityVaries by context | |
Detection MethodsNone
Potential MitigationsNone
RelationshipsThis is a factor in many weaknesses, both primary and resultant. The
problem could be due to design or implementation. This is a fairly general
class.
Related CWE | Type | View | Chain |
---|
CWE-346 ChildOf CWE-898 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2000-1218 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2005-0877 : DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2001-1452 : DNS server caches glue records received from non-delegated name servers
- CVE-2005-2188 : user ID obtained from untrusted source (URL)
- CVE-2003-0174 : LDAP service does not verify if a particular attribute was set by the LDAP server
- CVE-1999-1549 : product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
- CVE-2003-0981 : product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Origin Validation Error | |
References:None