CWE-349

Acceptance of Extraneous Untrusted Data With Trusted Data

Base

Draft

Description

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Parent Weaknesses (ChildOf)

CWE-345: Insufficient Verification of D...

Common Consequences

Scope

Access Control

Integrity

Impact

Bypass Protection Mechanism, Modify Application Data

CVE-2002-0018

Does not verify that trusted entity is authoritative for all entities in its response.

CVE-2006-5462

use of extra data in a signature allows certificate signature forging

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-349

Acceptance of Extraneous Untrusted Data With Trusted Data

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms