CWE-707 对消息或数据结构的处理不恰当
Improper Enforcement of Message or Data Structure
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software does not enforce or incorrectly enforces that structured messages or data are well-formed before being read from an upstream component or sent to a downstream component.
扩展描述
If a message is malformed it may cause the message to be incorrectly interpreted.
This weakness typically applies in cases where the product prepares a control message that another process must act on, such as a command or query, and malicious input that was intended as data, can enter the control plane instead. However, this weakness also applies to more general cases where there are not always control implications.
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Other |
相关攻击模式
- CAPEC-250
- CAPEC-276
- CAPEC-277
- CAPEC-278
- CAPEC-279
- CAPEC-3
- CAPEC-33
- CAPEC-34
- CAPEC-43
- CAPEC-468
- CAPEC-52
- CAPEC-53
- CAPEC-64
- CAPEC-66
- CAPEC-7
- CAPEC-78
- CAPEC-79
- CAPEC-83
- CAPEC-84