DEPRECATED: Improper Sanitization of Custom Special Characters
Weakness ID: 92 (Deprecated Weakness Base)Status: Deprecated
+ Description

Description Summary

The software uses a custom or proprietary language or representation, but when it receives input from an upstream component, it does not sanitize or incorrectly sanitizes special elements when they are sent to a downstream component.

Extended Description

This allows attackers to modify the syntax, content, or commands before they are processed by a downstream component.

+ Maintenance Notes

This and some other CWE entries were distinct in PLOVER but effectively have overlap in CWE. PLOVER sometimes defined "other" and "miscellaneous" categories in order to satisfy exhaustiveness requirements for taxonomies. Within the context of CWE, the use of a more abstract entry is preferred in mapping situations.

+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Maintenance Notes, Relationships, Relationship Notes, Taxonomy Mappings, Weakness Ordinalities
2008-10-14CWE Content TeamMITREInternal
updated Description, Name
2009-05-27CWE Content TeamMITREInternal
updated Description, Name
2009-07-27CWE Content TeamMITREInternal
updated Applicable Platforms, Causal Nature, Maintenance Notes, Name, Observed Examples, Potential Mitigations, Related Attack Patterns, Relationship Notes, Relationships, Research Gaps, Taxonomy Mappings, Time of Introduction, Type, Weakness Ordinalities
2009-10-29CWE Content TeamMITREInternal
updated Relationships
2009-12-28CWE Content TeamMITREInternal
updated Related Attack Patterns
Previous Entry Names
Change DatePrevious Entry Name
2008-10-14Custom Special Character Injection
2009-05-27Insufficient Sanitization of Custom Special Characters
2009-07-27Improper Sanitization of Custom Special Characters