CWE-807: Reliance on Untrusted Inputs in a Security Decision
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
常见后果
影响范围: Confidentiality Access Control Availability Other
技术影响: Bypass Protection Mechanism Gain Privileges or Assume Identity Varies by Context
说明: Attackers can bypass the security decision to access whatever is being protected. The consequences will depend on the associated functionality, but they can range from granting additional privileges to untrusted users to bypassing important security checks. Ultimately, this weakness may lead to exposure or modification of sensitive data, system crash, or execution of arbitrary code.
潜在缓解措施
阶段: Architecture and Design
策略: Attack Surface Reduction
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Architecture and Design
描述: For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
阶段: Operation Implementation
策略: Environment Hardening
描述: When using PHP, configure the application so that it does not use register_globals. During implementation, develop the application so that it does not rely on this feature, but be wary of implementing a register_globals emulation that is subject to weaknesses such as CWE-95, CWE-621, and similar issues.
阶段: Architecture and Design Implementation
策略: Attack Surface Reduction
检测方法
方法: Manual Static Analysis
Since this weakness does not typically appear frequently within a single software package, manual white box techniques may be able to provide sufficient code coverage and reduction of false positives if all potentially-vulnerable operations can be assessed within limited time constraints.
有效性: High
方法: Automated Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Manual Static Analysis - Binary or Bytecode
有效性: SOAR Partial
方法: Dynamic Analysis with Automated Results Interpretation
有效性: SOAR Partial
方法: Dynamic Analysis with Manual Results Interpretation
有效性: SOAR Partial
方法: Manual Static Analysis - Source Code
有效性: High
方法: Automated Static Analysis - Source Code
有效性: SOAR Partial
方法: Architecture or Design Review
有效性: High
观察示例
参考: CVE-2009-1549
Attacker can bypass authentication by setting a cookie to a specific value.
参考: CVE-2009-1619
Attacker can bypass authentication and gain admin privileges by setting an "admin" cookie to 1.
参考: CVE-2009-0864
Content management system allows admin privileges by setting a "login" cookie to "OK."
参考: CVE-2008-5784
e-dating application allows admin privileges by setting the admin cookie to 1.
参考: CVE-2008-6291
Web-based email list manager allows attackers to gain admin privileges by setting a login cookie to "admin."
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | COMMISSION: This weakness refers to an incorrect design related to an architectural security tactic. |
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | SEC09-J | Do not base security checks on untrusted sources | - |