Category-417: 通道和路径错误
ID: 417 Status: Draft
Summary
Weaknesses in this category are related to improper handling of communication channels and access paths.
Membership
| ID | NAME |
|---|---|
| CWE-419 | 未保护的主要通道 |
| CWE-420 | 未保护的候选通道 |
| CWE-424 | 对候选路径的不恰当保护 |
| CWE-426 | 不可信的搜索路径 |
| CWE-427 | 对搜索路径元素未加控制 |
| CWE-428 | 未经引用的搜索路径或元素 |
| CWE-514 | 隐蔽通道 |
Taxonomy Mappings
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| PLOVER | CHAP.VIRTFILE | Channel and Path Errors |
Notes
Relationship
A number of vulnerabilities are specifically related to problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems. They are commonly used in "bypass" attacks, such as those that exploit authentication errors.
Maintenance
This category is being considered for deprecation. It is not clear whether communication channels are related closely enough to access paths. In addition, the "path" term is probably assumed by many readers to be associated with file paths, as opposed to the original meaning as intended in PLOVER.
Research Gap
Most of these issues are probably under-studied. Only a handful of public reports exist.