Use of Less Trusted Source
Weakness ID: 348 (Weakness Base)Status: Draft
+ Description

Description Summary

The software has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Observed Examples
CVE-2001-0860Product uses IP address provided by a client, instead of obtaining it from the packet headers, allowing easier spoofing.
CVE-2004-1950Web product uses the IP address in the X-Forwarded-For HTTP header instead of a server variable that uses the connecting IP address, allowing filter bypass.
BID:15326Similar to CVE-2004-1950
CVE-2001-0908Product logs IP address specified by the client instead of obtaining it from the packet headers, allowing information hiding.
CVE-2006-1126PHP application uses IP address from X-Forwarded-For HTTP header, instead of REMOTE ADDR.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class345Insufficient Verification of Data Authenticity
Development Concepts (primary)699
Research Concepts (primary)1000
RequiredByCompound Element: CompositeCompound Element: Composite291Trusting Self-reported IP Address
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERUse of Less Trusted Source
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
73User-Controlled Filename
85Client Network Footprinting (using AJAX/XSS)
86Embedding Script (XSS ) in HTTP Headers
18Embedding Scripts in Nonscript Elements
76Manipulating Input to File System Calls
63Simple Script Injection
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings