Data Access Operations Outside of Expected Data Manager Component
1
Base
-
The product uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.
Inclusion of Sensitive Information in Source Code Comments
1
Variant
-
While adding general comments is very useful, some programmers tend to leave important data, such as: filenames related to the web application, old links or links which were not meant to be browsed by users, old code fragments, etc.
Improper Handling of File Names that Identify Virtual Resources
1
Base
-
The product does not handle or incorrectly handles a file name that identifies a "virtual" resource that is not directly specified within the directory that is associated with the file name, causing the product to perform file-based operations on a resource that is not a file.
The product does not perform access checks on a resource every time the resource is accessed by an entity, which can create resultant weaknesses if that entity's rights or privileges change over time.
Insufficient Granularity of Address Regions Protected by Register Locks
1
Variant
-
The product defines a large address region protected from modification by the same register lock control bit. This results in a conflict between the functional requirement that some addresses need to be writable by software during operation and the security requirement that the system configuration lock bit must be set during the boot process.
The product accepts path input in the form of internal dot ('file.ordir') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain).
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as record delimiters when they are sent to a downstream component.
Private Data Structure Returned From A Public Method
1
Variant
-
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.
The code uses a data representation that relies on low-level
data representation or constructs that may vary across different processors,
physical machines, OSes, or other physical components.
Observable Behavioral Discrepancy With Equivalent Products
1
Variant
-
The product operates in an environment in which its existence or specific identity should not be known, but it behaves differently than other products with equivalent functionality, in a way that is observable to an attacker.
The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '\dir\..\filename' (leading backslash dot dot) sequences that can resolve to a location that is outside of that directory.
The product contains code that is not essential for execution,
i.e. makes no state changes and has no side effects that alter
data or control flow, such that removal of the code would have no impact
to functionality or correctness.
The product accepts path input in the form of multiple trailing dot ('filedir....') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.