Variant weakness

Draft

CWE-293: Using Referer Field for Authentication

Also known as: referrer

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

High

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

CWE-293 (Using Referer Field for Authentication) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.

CWE-293: Using Referer Field for Authentication

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-293?

What CVEs are caused by CWE-293?

How do you prevent CWE-293?

How is CWE-293 detected?

What are the consequences of CWE-293?

Is CWE-293 actively exploited?

References

Stay ahead of CWE-293

Overview

Background

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Alternate terms

Mapped taxonomies

Frequently asked questions

What is CWE-293?

What CVEs are caused by CWE-293?

How do you prevent CWE-293?

How is CWE-293 detected?

What are the consequences of CWE-293?

Is CWE-293 actively exploited?

References

Stay ahead of CWE-293