CWE-183 宽松定义的白名单

Permissive Whitelist

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

An application uses a "whitelist" of acceptable values, but the whitelist includes at least one unsafe value, leading to resultant weaknesses.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 697 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: CanPrecede cwe_CWE_ID: 434 cwe_View_ID: 1000

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Access Control Bypass Protection Mechanism

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Permissive Whitelist

相关攻击模式

  • CAPEC-120
  • CAPEC-3
  • CAPEC-43
  • CAPEC-71

引用