CWE-346
Origin Validation Error
Description
The product does not properly verify that the source of data or communication is valid.
Parent Weaknesses (ChildOf)
Common Consequences
Scope
Impact
Gain Privileges or Assume Identity, Varies by Context
CVE-2000-1218DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
CVE-2018-6074Browser does not set Mark-of-the-Web (MotW) for a downloaded .EXE file if the name is close to the maximum path length, preventing recording of a zone identifier in the filename
CVE-2025-0411Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2025-46652Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
CVE-2005-0877DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
CVE-2001-1452DNS server caches glue records received from non-delegated name servers
CVE-2005-2188user ID obtained from untrusted source (URL)
CVE-2003-0174LDAP service does not verify if a particular attribute was set by the LDAP server
CVE-1999-1549product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Overlaps special elements.
CVE-2003-0981product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now