CWE-554 ASP.NET误配置:没有使用输入验证框架
ASP.NET Misconfiguration: Not Using Input Validation Framework
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
The ASP.NET application does not use an input validation framework.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 1173 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 1173 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Name': 'ASP.NET', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Integrity | Unexpected State | Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others. |
可能的缓解方案
Architecture and Design
策略: Use the ASP.NET validation framework to check all program input before it is processed by the application. Example uses of the validation framework include checking to ensure that:
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP24 | Tainted input to command |