CWE-349

Acceptance of Extraneous Untrusted Data With Trusted Data

Base

What it is

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Impact

Access Control, Integrity

Bypass Protection Mechanism, Modify Application Data

Real-world CVE examples

CVE-2002-0018 — Does not verify that trusted entity is authoritative for all entities in its response.
CVE-2006-5462 — use of extra data in a signature allows certificate signature forging

Related weaknesses

CWE-345 (childof)

Test & detect

Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.

Source: MITRE CWE. View on cwe.mitre.org →