Modes d'introduction
Implementation
Plateformes applicables
Langue
Name: PHP (Sometimes)
Class: Not Language-Specific (Undetermined)
Conséquences courantes
Portée |
Impact |
Probabilité |
Integrity | Modify Application Data
Note: An attacker could gain access to and modify sensitive data or system information. | |
Exemples observés
Références |
Description |
| insecure default variable initialization in BIOS firmware for a hardware board allows DoS |
Mesures d’atténuation potentielles
Phases : System Configuration
Disable or change default settings when they can be used to abuse the system. Since those default settings are shipped with the product they are likely to be known by a potential attacker who is familiar with the product. For instance, default credentials should be changed or the associated accounts should be disabled.
Notes de cartographie des vulnérabilités
Justification : This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
NotesNotes
This overlaps other categories, probably should be split into separate items.
Soumission
Nom |
Organisation |
Date |
Date de publication |
Version |
PLOVER |
|
2006-07-19 +00:00 |
2006-07-19 +00:00 |
Draft 3 |
Modifications
Nom |
Organisation |
Date |
Commentaire |
Eric Dalci |
Cigital |
2008-07-01 +00:00 |
updated Potential_Mitigations, Time_of_Introduction |
CWE Content Team |
MITRE |
2008-09-08 +00:00 |
updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings |
CWE Content Team |
MITRE |
2010-06-21 +00:00 |
updated Maintenance_Notes, Other_Notes |
CWE Content Team |
MITRE |
2011-06-01 +00:00 |
updated Common_Consequences |
CWE Content Team |
MITRE |
2012-05-11 +00:00 |
updated Common_Consequences, Demonstrative_Examples, Relationships |
CWE Content Team |
MITRE |
2012-10-30 +00:00 |
updated Potential_Mitigations |
CWE Content Team |
MITRE |
2014-07-30 +00:00 |
updated Relationships |
CWE Content Team |
MITRE |
2017-11-08 +00:00 |
updated Applicable_Platforms |
CWE Content Team |
MITRE |
2019-06-20 +00:00 |
updated Relationships, Type |
CWE Content Team |
MITRE |
2020-02-24 +00:00 |
updated Relationships, Time_of_Introduction |
CWE Content Team |
MITRE |
2023-01-31 +00:00 |
updated Description |
CWE Content Team |
MITRE |
2023-04-27 +00:00 |
updated Relationships, Time_of_Introduction |
CWE Content Team |
MITRE |
2023-06-29 +00:00 |
updated Mapping_Notes |
CWE Content Team |
MITRE |
2023-10-26 +00:00 |
updated Demonstrative_Examples, Observed_Examples |