CWE WEAKNESSES / CWE-346
CWE-346
Origin Validation Error
Class
What it is
The product does not properly verify that the source of data or communication is valid.
Impact
| Access Control, Other | Gain Privileges or Assume Identity, Varies by Context |
Real-world CVE examples
- CVE-2000-1218 — DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2018-6074 — Browser does not set Mark-of-the-Web (MotW) for a downloaded .EXE file if the name is close to the maximum path length, preventing recording of a zone identifie
- CVE-2025-0411 — Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
- CVE-2025-46652 — Zip file extraction program does not propagate Mark-of-the-Web (MotW) metadata to files that are extracted from an Internet-downloaded Zip file
- CVE-2005-0877 — DNS server can accept DNS updates from hosts that it did not query, leading to cache poisoning
- CVE-2001-1452 — DNS server caches glue records received from non-delegated name servers
- CVE-2005-2188 — user ID obtained from untrusted source (URL)
- CVE-2003-0174 — LDAP service does not verify if a particular attribute was set by the LDAP server
- CVE-1999-1549 — product does not sufficiently distinguish external HTML from internal, potentially dangerous HTML, allowing bypass using special strings in the page title. Over
- CVE-2003-0981 — product records the reverse DNS name of a visitor in the logs, allowing spoofing and resultant XSS.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →