CWE-795: Only Filtering Special Elements at a Specified Location
The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.
Last updated
Overview
A filter might only account for instances of special elements when they occur: relative to a marker (e.g. "at the beginning/end of string; the second argument"), or at an absolute position (e.g. "byte number 10"). This may leave special elements in the data that did not match the filter position, but still may be dangerous.
Common consequences
What can happen when CWE-795 is exploited.
Unexpected State
Affects: Integrity
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Code examples
Illustrative examples from MITRE showing how the weakness appears in code.
The following code takes untrusted input and uses a regular expression to filter a "../" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Vulnerable example
my $Username = GetUntrustedInput();Attack input
../../../etc/passwdResulting query
../../etc/passwd