CWE-358 不恰当实现的标准安全检查
Improperly Implemented Security Check for Standard
结构: Simple
Abstraction: Base
状态: Draft
被利用可能性: unkown
基本描述
The software does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 573 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 693 cwe_View_ID: 1000
-
cwe_Nature: CanAlsoBe cwe_CWE_ID: 345 cwe_View_ID: 1000
-
cwe_Nature: CanAlsoBe cwe_CWE_ID: 290 cwe_View_ID: 1000
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Access Control | Bypass Protection Mechanism |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2002-0862 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0862 |
| CVE-2002-0970 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0970 |
| CVE-2002-1407 | Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1407 |
| CVE-2005-0198 | Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0198 |
| CVE-2004-2163 | Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2163 |
| CVE-2005-2181 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2181 |
| CVE-2005-2182 | Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2182 |
| CVE-2005-2298 | Security check not applied to all components, allowing bypass. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2298 |
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | Improperly Implemented Security Check for Standard |