CWE-915 动态确定对象属性修改的控制不恰当

Improperly Controlled Modification of Dynamically-Determined Object Attributes

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.

扩展描述

If the object contains attributes that were only intended for internal use, then their unexpected modification could lead to a vulnerability.

This weakness is sometimes known by the language-specific mechanisms that make it possible, such as mass assignment, autobinding, or object injection.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 913 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 913 cwe_View_ID: 1003 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 913 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: PeerOf cwe_CWE_ID: 502 cwe_View_ID: 1000

适用平台

Language: [{'cwe_Name': 'Ruby', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'ASP.NET', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'PHP', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'Python', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}]

常见的影响

范围 影响 注释
Integrity Modify Application Data An attacker could modify sensitive data or program variables.
Integrity Execute Unauthorized Code or Commands
['Other', 'Integrity'] ['Varies by Context', 'Alter Execution Logic']

可能的缓解方案

Implementation

策略:

If available, use features of the language or framework that allow specification of whitelists of attributes or fields that are allowed to be modified. If possible, prefer whitelists over black lists. For applications written with Ruby on Rails, use the attr_accessible (whitelist) or attr_protected (blacklist) macros in each class that may be used in mass assignment.

['Architecture and Design', 'Implementation']

策略:

If available, use the signing/sealing features of the programming language to assure that deserialized data has not been tainted. For example, a hash-based message authentication code (HMAC) could be used to ensure that data has not been modified.

Implementation

策略: Input Validation

For any externally-influenced input, check the input against a white list of internal object attributes or fields that are allowed to be modified.

['Implementation', 'Architecture and Design']

策略: Refactoring

Refactor the code so that object attributes or fields do not need to be dynamically identified, and only expose getter/setter functionality for the intended attributes.

分析过的案例

标识 说明 链接
CVE-2012-2054 Mass assignment allows modification of arbitrary attributes using modified URL. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2054
CVE-2012-2055 Source version control product allows modification of trusted key using mass assignment. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2055
CVE-2008-7310 Attackers can bypass payment step in e-commerce software. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7310
CVE-2013-1465 Use of PHP unserialize function on untrusted input allows attacker to modify application configuration. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1465
CVE-2012-3527 Use of PHP unserialize function on untrusted input in content management system might allow code execution. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3527
CVE-2012-0911 Use of PHP unserialize function on untrusted input in content management system allows code execution using a crafted cookie value. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911
CVE-2012-0911 Content management system written in PHP allows unserialize of arbitrary objects, possibly allowing code execution. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0911
CVE-2011-4962 Content management system written in PHP allows code execution through page comments. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4962
CVE-2009-4137 Use of PHP unserialize function on cookie value allows remote code execution or upload of arbitrary files. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4137
CVE-2007-5741 Content management system written in Python interprets untrusted data as pickles, allowing code execution. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5741
CVE-2011-2520 Python script allows local users to execute code via pickled data. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2520
CVE-2005-2875 Python script allows remote attackers to execute arbitrary code using pickled objects. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2875
CVE-2013-0277 Ruby on Rails allows deserialization of untrusted YAML to execute arbitrary code. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0277
CVE-2011-2894 Spring framework allows deserialization of objects from untrusted sources to execute arbitrary code. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2894
CVE-2012-1833 Grails allows binding of arbitrary parameters to modify arbitrary object properties. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1833
CVE-2010-3258 Incorrect deserialization in web browser allows escaping the sandbox. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3258
CVE-2008-1013 Media library allows deserialization of objects by untrusted Java applets, leading to arbitrary code execution. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1013

Notes

引用