Improper Sanitization of Special Elements
Weakness ID: 138 (Weakness Class)Status: Draft
+ Description

Description Summary

The software receives input from an upstream component, but it does not sanitize or incorrectly sanitizes special elements that could be interpreted as control elements or syntactic markers when they are sent to a downstream component.

Extended Description

Most languages and protocols have their own special elements such as characters and reserved words. These special elements can carry control implications. If software fails to prevent external control or influence over the inclusion of such special elements, the control flow of the program may be altered from what was intended. For example, both Unix and Windows interpret the symbol < ("less than") as meaning "read input from a file".

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

Language-independent

+ Observed Examples
ReferenceDescription
CVE-2001-0677Read arbitrary files from mail client by providing a special MIME header that is internally used to store pathnames for attachments.
CVE-2000-0703Setuid program does not cleanse special escape sequence before sending data to a mail program, causing the mail program to process those sequences.
CVE-2003-0020Multi-channel issue. Terminal escape sequences not filtered from log files.
CVE-2003-0083Multi-channel issue. Terminal escape sequences not filtered from log files.
+ Potential Mitigations

Phase: Implementation

Developers should anticipate that special elements (e.g. delimiters, symbols) will be injected into input vectors of their software system. One defense is to create a white list (e.g. a regular expression) that defines valid input according to the requirements specifications. Strictly filter any input that does not match against the white list. Properly encode your output, and quote any elements that have special meaning to the component with which you are communicating.

Phases: Architecture and Design; Implementation

Assume all input is malicious. Use a standard input validation mechanism to validate all input for length, type, syntax, and business rules before accepting the data to be displayed or stored. Use an "accept known good" validation strategy.

Phase: Implementation

Use and specify an appropriate output encoding to ensure that the special elements are well-defined. A normal byte sequence in one encoding could be a special element in another.

Phase: Implementation

Do not rely exclusively on blacklist validation to detect malicious input or to encode output. There are too many variants to encode a character; you're likely to miss some variants.

Phase: Implementation

Inputs should be decoded and canonicalized to the application's current internal representation before being validated. Make sure that your application does not decode the same input twice. Such errors could be used to bypass whitelist schemes by introducing dangerous inputs after they have been checked.

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class74Failure to Sanitize Data into a Different Plane ('Injection')
Development Concepts (primary)699
ChildOfCategoryCategory137Representation Errors
Development Concepts699
ChildOfWeakness ClassWeakness Class707Improper Enforcement of Message or Data Structure
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base140Failure to Sanitize Delimiters
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant147Improper Sanitization of Input Terminators
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant148Failure to Sanitize Input Leaders
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant149Failure to Sanitize Quoting Syntax
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant150Failure to Sanitize Escape, Meta, or Control Sequences
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant151Improper Sanitization of Comment Delimiters
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant152Improper Sanitization of Macro Symbols
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant153Improper Sanitization of Substitution Characters
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant154Improper Sanitization of Variable Name Delimiters
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant155Improper Sanitization of Wildcards or Matching Symbols
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant156Improper Sanitization of Whitespace
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant157Failure to Sanitize Paired Delimiters
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant158Failure to Sanitize Null Byte or NUL Character
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class159Failure to Sanitize Special Element
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfCategoryCategory169Technology-Specific Special Elements
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base464Addition of Data Structure Sentinel
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class790Improper Filtering of Special Elements
Research Concepts (primary)1000
+ Relationship Notes

This weakness can be related to interpretation conflicts or interaction errors in intermediaries (such as proxies or application firewalls) when the intermediary's model of an endpoint does not account for protocol-specific special elements.

See this entry's children for different types of special elements that have been observed at one point or another. However, it can be difficult to find suitable CVE examples. In an attempt to be complete, CWE includes some types that do not have any associated observed example.

+ Research Gaps

This weakness is probably under-studied for proprietary or custom formats. It is likely that these issues are fairly common in applications that use their own custom format for configuration files, logs, meta-data, messaging, etc. They would only be found by accident or with a focused effort based on an understanding of the format.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERSpecial Elements (Characters or Reserved Words)
PLOVERCustom Special Character Injection
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
15Command Delimiters
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Description, Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships, Other Notes, Taxonomy Mappings
2009-03-10CWE Content TeamMITREInternal
updated Description, Name
2009-07-27CWE Content TeamMITREInternal
updated Applicable Platforms, Description, Observed Examples, Other Notes, Potential Mitigations, Relationship Notes, Relationships, Research Gaps, Taxonomy Mappings, Weakness Ordinalities
2009-12-28CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Special Elements (Characters or Reserved Words)
2009-03-10Failure to Sanitize Special Elements
Back to top