The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
2,444
Class
Medium
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Allocation of Resources Without Limits or Throttling
1,989
Base
High
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Improper Link Resolution Before File Access ('Link Following')
1,576
Base
Medium
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
URL Redirection to Untrusted Site ('Open Redirect')
1,563
Base
Low
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
1,267
Variant
High
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
Improper Restriction of XML External Entity Reference
1,264
Base
-
The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.