Data Neutralization Issues
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to the creation or neutralization of data using an incorrect format.
Weaknesses
The accidental addition of a data-structure sentinel can cause serious programming logic problems.
The accidental deletion of a data-structure sentinel can cause serious programming logic problems.
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments...
The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF ...
The product does not neutralize or incorrectly neutralizes delimiters.
The product correctly neutralizes certain special elements, but it improperly neutralizes equivalent special elements.
The product saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could ...
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
The product constructs all or part of an expression language (EL) statement in a framework such as a Java Server Page (JSP) using externally-influenced input from an u...
The product constructs all or part of an LDAP query using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes...
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralize...
The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
The product does not neutralize or incorrectly neutralizes output that is written to logs.
The product constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting name.
The product uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected...
The product receives data from an upstream component, but does not completely filter special elements before sending it to a downstream component.
The product uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is p...
Concepts
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.