Origin Validation Error |
Weakness ID: 346 (Weakness Base) | Status: Draft |
Description Summary
The software does not properly verify that the source of data or communication is valid.
Reference | Description |
---|---|
CVE-2000-1218 | DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning |
CVE-2005-0877 | DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning |
CVE-2001-1452 | DNS server caches glue records received from non-delegated name servers |
CVE-2005-2188 | user ID obtained from untrusted source (URL) |
CVE-2003-0174 | LDAP service does not verify if a particular attribute was set by the LDAP server |
CVE-1999-1549 | product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements. |
CVE-2003-0981 | product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Resultant | (where the weakness is typically related to the presence of some other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 345 | Insufficient Verification of Data Authenticity | Development Concepts (primary)699 Research Concepts (primary)1000 |
RequiredBy | Compound Element: Composite | 352 | Cross-Site Request Forgery (CSRF) | Research Concepts1000 |
RequiredBy | Compound Element: Composite | 384 | Session Fixation | Research Concepts1000 |
PeerOf | Weakness Base | 451 | UI Misrepresentation of Critical Information | Research Concepts1000 |
This is a factor in many weaknesses, both primary and resultant. The problem could be due to design or implementation. This is a fairly general class. |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
21 | Exploitation of Session Variables, Resource IDs and other Trusted Credentials | |
89 | Pharming | |
59 | Session Credential Falsification through Prediction | |
60 | Reusing Session IDs (aka Session Replay) | |
75 | Manipulating Writeable Configuration Files | |
76 | Manipulating Input to File System Calls | |
111 | JSON Hijacking (aka JavaScript Hijacking) |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Relationship Notes, Taxonomy Mappings, Weakness Ordinalities | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns |