OWASP Top Ten 2007 Category A2 - Injection Flaws
Category ID: 713 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the A2 category in the OWASP Top Ten 2007.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ParentOfWeakness ClassWeakness Class77Improper Sanitization of Special Elements used in a Command ('Command Injection')
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base90Failure to Sanitize Data into LDAP Queries ('LDAP Injection')
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base91XML Injection (aka Blind XPath Injection)
Weaknesses in OWASP Top Ten (2007) (primary)629
ParentOfWeakness BaseWeakness Base93Failure to Sanitize CRLF Sequences ('CRLF Injection')
Weaknesses in OWASP Top Ten (2007) (primary)629
MemberOfViewView629Weaknesses in OWASP Top Ten (2007)
Weaknesses in OWASP Top Ten (2007) (primary)629
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
7Blind SQL Injection
14Client-side Injection-induced Buffer Overflow
15Command Delimiters
23File System Function Injection, Content Based
93Log Injection-Tampering-Forging
88OS Command Injection
44Overflow Binary Resource File
101Server Side Include (SSI) Injection
66SQL Injection
75Manipulating Writeable Configuration Files
83XPath Injection
6Argument Injection
86Embedding Script (XSS ) in HTTP Headers
32Embedding Scripts in HTTP Query Strings
18Embedding Scripts in Nonscript Elements
19Embedding Scripts within Scripts
34HTTP Response Splitting
63Simple Script Injection
41Using Meta-characters in E-mail Headers to Inject Malicious Payloads
81Web Logs Tampering
84XQuery Injection
91XSS in IMG Tags
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2008-09-09MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2009-12-28CWE Content TeamMITREInternal
updated Related Attack Patterns