CWE-471: Modification of Assumed-Immutable Data (MAID)

Description

The product does not properly protect an assumed-immutable element from being modified by an attacker.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

Example Vulnerable Codes

Example - 1

In the code excerpt below, an array returned by a Java method is modified despite the fact that arrays are mutable.


String[] colors = car.getAllPossibleColors();colors[0] = "Red";

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 05, 2024 12:42