CINXE.COM

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <?xml version="1.0" encoding="iso-8859-1"?> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head><script type="text/javascript" src="/_static/js/bundle-playback.js?v=HxkREWBo" charset="utf-8"></script> <script type="text/javascript" src="/_static/js/wombat.js?v=txqj7nKC" charset="utf-8"></script> <script>window.RufflePlayer=window.RufflePlayer||{};window.RufflePlayer.config={"autoplay":"on","unmuteOverlay":"hidden"};</script> <script type="text/javascript" src="/_static/js/ruffle/ruffle.js"></script> <script type="text/javascript"> __wm.init("https://web.archive.org/web"); __wm.wombat("https://cwe.mitre.org/data/definitions/77.html","20230127193726","https://web.archive.org/","web","/_static/", "1674848246"); </script> <link rel="stylesheet" type="text/css" href="/_static/css/banner-styles.css?v=S1zqJCYt" /> <link rel="stylesheet" type="text/css" href="/_static/css/iconochive.css?v=3PDvdIFv" />  <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <meta name="description" content="Common Weakness Enumeration (CWE) is a list of software weaknesses."/> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <link rel="shortcut icon" href="/web/20230127193726im_/https://cwe.mitre.org/favicon.ico"/> <link href="/web/20230127193726cs_/https://cwe.mitre.org/css/main.css?version=4.0.022420" rel="stylesheet" type="text/css"/>  <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/browserheight.js" language="JavaScript" type="text/javascript"></script> <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/jquery.js" language="JavaScript" type="text/javascript"></script> <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/cwe_minimizer.js" language="JavaScript" type="text/javascript"></script> <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/cookie.js" language="JavaScript" type="text/javascript"></script> <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/includeglossarydef.js" language="JavaScript" type="text/javascript"></script> <link href="/web/20230127193726cs_/https://cwe.mitre.org/css/print.css?version=1.11" rel="stylesheet" media="print" type="text/css"/> <link href="/web/20230127193726cs_/https://cwe.mitre.org/css/user_skins/complete.css" rel="stylesheet" type="text/css"/> <noscript> <style type="text/css"> #script { visibility:collapse; visibility:hidden; font-size:0px; height:0px; width:0px } #noscript { visibility:visible; font-size:inherit; height:inherit; width:inherit} </style> </noscript> <title>CWE - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') (4.9) </title> </head> <body onload="onloadCookie()"> <a name="top" id="top"></a> <div id="MastHead" style="width:100%"> <div style="width:70%;float:left;padding-top:15px;padding-left:10px;padding-bottom:2px;"> <a href="/web/20230127193726/https://cwe.mitre.org/index.html" style="color:#32498D; text-decoration:none"> <img src="/web/20230127193726im_/https://cwe.mitre.org/images/cwe_logo.jpg" width="153" height="55" style="float:left;border:0;margin-right:6px" alt="CWE"/> <h1 style="color:#314a8d;font-size:1.5em;font-family:'Verdana',sans-serif;text-shadow: 2px 2px #eee;margin: .1em auto">Common Weakness Enumeration</h1> <p style="color:#314a8d;font-style:italic;font-family:'Times New Roman';font-size:1em;text-shadow: 2px 2px #eee;margin:.1em auto 0 auto">A Community-Developed List of Software & Hardware Weakness Types</p> </a> </div> </div> <div style="width:20%;float:right;padding-top:0px;text-align:right;padding-left:0px;padding-right:14px;padding-bottom:0px;"><a href="/web/20230127193726/https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html" title="2021 CWE Most Important Hardware Weaknesses"> <img src="/web/20230127193726im_/https://cwe.mitre.org/images/mihw_logo.svg" width="90" border="0" alt="2021 CWE Most Important Hardware Weaknesses" style="vertical-align:bottom"/></a> <div style="width:20%;float:right;padding-top:0px;text-align:right;padding-left:4px;padding-right:40px;padding-bottom:0px;"><a href="/web/20230127193726/https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html" title="CWE Top 25"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/cwe_top_25_logo_simple.svg" width="90" border="0" alt="CWE Top 25 Most Dangerous Weaknesses" style="vertical-align:bottom"/></a></div></div> <div id="HeaderBar" class="noprint"> <table width="100%" border="0" cellpadding="0" cellspacing="0"> <tr> <td width="100%" align="left" style="padding-left:10px; font-size:75%;"> <a href="/web/20230127193726/https://cwe.mitre.org/">Home</a> > <a href="/web/20230127193726/https://cwe.mitre.org/data/index.html">CWE List</a> > CWE- Individual Dictionary Definition (4.9)   </td> <td align="right" nowrap="nowrap" style="padding-right:12px">  <div class="noprint"> <form action="/web/20230127193726/https://cwe.mitre.org/cgi-bin/jumpmenu.cgi" align="right" style="padding:0px; margin:0px"> ID <label for="id" style="padding-right:5px">Lookup:</label> <input id="id" name="id" type="text" style="width:50px; font-size:80%" maxlength="10"/> <input value="Go" style="padding: 0px; font-size:80%" type="submit"> </form> </div>  </td> </tr> </table> </div>  <div class="yesprint"> <hr width="100%" size="1" style="clear:both" color="#000000"/> </div> <div class="topnav"> <ul> <li><a href="/web/20230127193726/https://cwe.mitre.org/index.html">Home</a></li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/about/index.html"><button class="dropbtn">About</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/about/index.html">Overview</a> <a href="/web/20230127193726/https://cwe.mitre.org/about/board.html">Board</a> <a href="/web/20230127193726/https://cwe.mitre.org/about/board.html#boardarchives">Board Meeting Minutes</a> <a href="/web/20230127193726/https://cwe.mitre.org/about/history.html">History</a> <a href="/web/20230127193726/https://cwe.mitre.org/about/documents.html">Documents</a> <a href="/web/20230127193726/https://cwe.mitre.org/about/faq.html">FAQs</a> <a href="/web/20230127193726/https://cwe.mitre.org/documents/glossary/index.html">Glossary</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/data/index.html"><button class="dropbtn">CWE List</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/data/index.html">Latest Version</a> <a href="/web/20230127193726/https://cwe.mitre.org/data/downloads.html">Downloads</a> <a href="/web/20230127193726/https://cwe.mitre.org/data/reports.html">Reports</a> <a href="/web/20230127193726/https://cwe.mitre.org/data/pdfs.html">Visualizations</a> <a href="/web/20230127193726/https://cwe.mitre.org/data/archive.html">Archive</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/scoring/index.html"><button class="dropbtn">Scoring</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/scoring/index.html">Methodologies</a> <a href="/web/20230127193726/https://cwe.mitre.org/community/swa/priority.html">Prioritizing Weaknesses</a> <a href="/web/20230127193726/https://cwe.mitre.org/cwss/cwss_v1.0.1.html">CWSS</a> <a href="/web/20230127193726/https://cwe.mitre.org/cwraf/index.html">CWRAF</a> <a href="/web/20230127193726/https://cwe.mitre.org/top25/index.html">Top 25</a> <a href="/web/20230127193726/https://cwe.mitre.org/scoring/lists/2021_CWE_MIHW.html">Top Hardware</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/documents/cwe_usage/guidance.html"><button class="dropbtn">Mapping Guidance</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/documents/cwe_usage/guidance.html">CVE → CWE Mapping Guidance</a> <a href="/web/20230127193726/https://cwe.mitre.org/documents/cwe_usage/quick_tips.html">CVE → CWE Mapping Quick Tips</a> <a href="/web/20230127193726/https://cwe.mitre.org/documents/cwe_usage/mapping_examples.html">CVE → CWE Mapping Examples</a> <a href="/web/20230127193726/https://cwe.mitre.org/documents/cwe_usage/common_terms_cheatsheet.html">Common Terms Cheatsheet</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/community/index.html"><button class="dropbtn">Community</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/community/index.html">Community</a> <a href="/web/20230127193726/https://cwe.mitre.org/community/members.html">Members</a> <a href="/web/20230127193726/https://cwe.mitre.org/community/working_groups.html">Working Groups & Special Interest Groups</a> <a href="/web/20230127193726/https://cwe.mitre.org/compatible/index.html">Compatibility</a> <a href="/web/20230127193726/https://cwe.mitre.org/community/registration.html">Discussion List</a> <a target="_blank" href="https://web.archive.org/web/20230127193726/https://www.mail-archive.com/cwe-research-list@mitre.org/">Discussion Archives</a> <a href="/web/20230127193726/https://cwe.mitre.org/community/submissions/guidelines.html">Content Suggestions</a> </div> </div> </li> <li> <div class="dropdown"> <a href="/web/20230127193726/https://cwe.mitre.org/news/index.html"><button class="dropbtn">News</button></a> <div class="dropdown-content"> <a href="/web/20230127193726/https://cwe.mitre.org/news/index.html">Current News</a> <a href="https://web.archive.org/web/20230127193726/https://twitter.com/CweCapec" target="_blank" rel="noopener noreferrer">Twitter <img src="/web/20230127193726im_/https://cwe.mitre.org/images/twitter_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="Twitter"></a> <a href="https://web.archive.org/web/20230127193726/https://www.linkedin.com/showcase/cve-cwe-capec" target="_blank" rel="noopener noreferrer">LinkedIn <img src="/web/20230127193726im_/https://cwe.mitre.org/images/linkedin_sm.jpg" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" title="LinkedIn"></a> <a href="https://web.archive.org/web/20230127193726/https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA" target="_blank" rel="noopener noreferrer">YouTube <img src="/web/20230127193726im_/https://cwe.mitre.org/images/youtube.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="YouTube"></a> <a href="/web/20230127193726/https://cwe.mitre.org/news/podcast.html">Podcast <img src="/web/20230127193726im_/https://cwe.mitre.org/images/out_of_bounds_read_logo.png" width="16" height="16" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Out of Bounds Read Podcast"></a> <a href="https://web.archive.org/web/20230127193726/https://medium.com/@CWE_CAPEC" target="_blank" rel="noopener noreferrer">Medium <img src="/web/20230127193726im_/https://cwe.mitre.org/images/medium_sm.png" width="14" height="14" style="position:relative; vertical-align:bottom; padding-left:3px; top:-1px" alt="Medium"></a> <a href="/web/20230127193726/https://cwe.mitre.org/news/archives/index.html">News Archive</a> </div> </li> <li style="border-color:#aaaaaa"><a href="/web/20230127193726/https://cwe.mitre.org/find/index.html">Search</a></li> </ul> </div> <table width="100%" border="0" cellspacing="0" cellpadding="0" id="MainPane"> <tr>  <td valign="top" rowspan="2" id="LeftPane">  <script type="text/javascript">browserheight();</script> </td>  <td style="height:1px"></td>  <td valign="top" align="center" rowspan="2" nowrap="nowrap" id="RightPane"> </td>  </tr> <tr>  <td valign="top" width="100%" id="Contentpane">  <div id="styled_popup" name="styled_popup" style="display:none; position:fixed; top:300; height:auto; width:300px; z-index:1000"> <table width="300" cellpadding="0" cellspacing="0" border="0" style="border:1px solid #32498D;"> <tr style="background-color:#32498D; color:#ffffff;"> <td width="100%" style="padding:1px 5px 1px 5px; border-bottom:1px solid #000000"><div width="100%" style="font-weight:bold;">CWE Glossary Definition</div></td> <td nowrap="nowrap" style="padding:1px; border-bottom:1px solid #000000" valign="top"><a href="javascript:styledPopupClose();"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/layout/close.gif" border="0" alt="x"></a></td> </tr> <tr><td colspan="2" style="background: url(/web/20230127193726im_/https://cwe.mitre.org/images/layout/ylgradient.jpg); background-repeat: repeat-x repeat-y; padding:5px; background-color:#FFFFCC; " valign="top"> <div id="output" style="max-height:400px; overflow-y:auto"></div> </td></tr> </table> </div> <script src="/web/20230127193726js_/https://cwe.mitre.org/includes/nav.js" language="JavaScript" type="text/javascript"/></script> <noscript> <style>div.collapseblock { display:inline} </style> </noscript> <html xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" encoding="iso-8859-1">  <a xmlns:xhtml="http://www.w3.org/1999/xhtml" name="77"></a><div style="overflow:auto;"><h2 style="display:inline; margin:0px 0px 2px 0px; vertical-align: text-bottom">CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')</h2><div style="text-align:right; margin:5px 0px 0px 5px; padding-bottom:1px; white-space:nowrap;"></div></div><div xmlns:xhtml="http://www.w3.org/1999/xhtml" id="CWEDefinition" class="Weakness"><div class="title"><div class="status"><table cellpadding="0" cellspacing="0" border="0" width="100%"><tr><td valign="top" align="left" width="33%" nowrap><div style="font-weight:bold">Weakness ID: 77</div><span style="font-size:80%">Abstraction: <span style="font-weight:normal">Class</span><br>Structure: <span style="font-weight:normal">Simple</span></span></td></tr></table></div></div> <div id="Filter_Menu" style="padding-bottom:10px;"> <div style="font-size:75%; color:#000066; font-style:italic; display:inline">View customized information: </div> <div class="buttonlist" style="display:inline;"> <button id="ConceptualButton" type="button" onclick="buttonSkinSelector('conceptual');" title="For users who are interested in more notional aspects of a weakness. Example: educators, technical writers, and project/program managers.">Conceptual</button> <button id="OperationalButton" type="button" onclick="buttonSkinSelector('operational');" title="For users who are concerned with the practical application and details about the nature of a weakness and how to prevent it from happening. Example: tool developers, security researchers, pen-testers, incident response analysts.">Operational</button> <button id="MappingFriendlyButton" type="button" onclick="buttonSkinSelector('mappingfriendly');" title="For users who are mapping an issue to CWE/CAPEC IDs, i.e., finding the most appropriate CWE for a specific issue (e.g., a CVE record). Example: tool developers, security researchers.">Mapping-Friendly</button> <button id="CompleteButton" type="button" onclick="buttonSkinSelector('complete');" title="For users who wish to see all available information for the CWE/CAPEC entry">Complete</button> </div> </div> <div id="Description"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Description');"><img id="ocimg_77_Description" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Description</div><div name="oc_77_Description" id="oc_77_Description" class="expandblock"><div class="detail"><div class="indent">The software constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. </div></div></div></div><div id="Extended_Description"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Extended_Description');"><img id="ocimg_77_Extended_Description" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Extended Description</div><div name="oc_77_Extended_Description" id="oc_77_Extended_Description" class="expandblock"><div class="detail"><div class="indent"><p>Command injection vulnerabilities typically occur when: </p><div style="margin-left:1em;"><div>1. Data enters the application from an untrusted source. </div><div>2. The data is part of a string that is executed as a command by the application. </div><div>3. By executing the command, the application gives an attacker a privilege or capability that the attacker would not otherwise have. </div></div><p>Many protocols and products have their own custom command language. While OS or shell command strings are frequently discovered and targeted, developers may not realize that these other command languages might also be vulnerable to attacks. </p><p>Command injection is a common problem with wrapper programs. </p></div></div></div></div><div id="Relationships"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Relationships');"><img id="ocimg_77_Relationships" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Relationships</div><div name="oc_77_Relationships" id="oc_77_Relationships" class="expandblock"><div class="detail"><div class="indent"><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.</span></span><div id="relevant_table"><div class="reltable"><span id="script"><a href="javascript:toggleblocksOC('77_1000_relevant_table');"><img id="ocimg_77_1000_relevant_table" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Relevant to the view "Research Concepts" (CWE-1000)<div name="oc_77_1000_relevant_table" id="oc_77_1000_relevant_table" class="expandblock"><div class="tabledetail"><div class="indent"><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Weakness"><td valign="top">ChildOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td><td valign="top">74</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/74.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">78</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/78.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">88</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/88.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">624</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/624.html" target="_blank" rel="noopener noreferrer">Executable Regular Expression Error</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">917</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/917.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')</a></td></tr></tbody></table></div></div></div></div></div></div><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.</span></span><div id="relevant_table"><div class="reltable"><span id="script"><a href="javascript:toggleblocksOC('77_1003_relevant_table');"><img id="ocimg_77_1003_relevant_table" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Relevant to the view "Weaknesses for Simplified Mapping of Published Vulnerabilities" (CWE-1003)<div name="oc_77_1003_relevant_table" id="oc_77_1003_relevant_table" class="collapseblock"><div class="tabledetail"><div class="indent"><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Weakness"><td valign="top">ChildOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/class.gif" alt="Class" class="icon"><span class="tip">Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More specific than a Pillar Weakness, but more general than a Base Weakness. Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.</span></span></td><td valign="top">74</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/74.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')</a></td></tr></tbody></table></div></div></div></div></div></div><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.</span></span><div id="relevant_table"><div class="reltable"><span id="script"><a href="javascript:toggleblocksOC('77_1008_relevant_table');"><img id="ocimg_77_1008_relevant_table" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Relevant to the view "Architectural Concepts" (CWE-1008)<div name="oc_77_1008_relevant_table" id="oc_77_1008_relevant_table" class="collapseblock"><div class="tabledetail"><div class="indent"><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1019</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1019.html" target="_blank" rel="noopener noreferrer">Validate Inputs</a></td></tr></tbody></table></div></div></div></div></div></div><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.</span></span><div id="relevant_table"><div class="reltable"><span id="script"><a href="javascript:toggleblocksOC('77_1305_relevant_table');"><img id="ocimg_77_1305_relevant_table" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Relevant to the view "CISQ Quality Measures (2020)" (CWE-1305)<div name="oc_77_1305_relevant_table" id="oc_77_1305_relevant_table" class="collapseblock"><div class="tabledetail"><div class="indent"><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">78</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/78.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">88</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/88.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">624</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/624.html" target="_blank" rel="noopener noreferrer">Executable Regular Expression Error</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">917</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/917.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')</a></td></tr></tbody></table></div></div></div></div></div></div><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.</span></span><div id="relevant_table"><div class="reltable"><span id="script"><a href="javascript:toggleblocksOC('77_1340_relevant_table');"><img id="ocimg_77_1340_relevant_table" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Relevant to the view "CISQ Data Protection Measures" (CWE-1340)<div name="oc_77_1340_relevant_table" id="oc_77_1340_relevant_table" class="collapseblock"><div class="tabledetail"><div class="indent"><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">78</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/78.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">88</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/88.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">624</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/624.html" target="_blank" rel="noopener noreferrer">Executable Regular Expression Error</a></td></tr><tr class="primary Weakness"><td valign="top">ParentOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/base.gif" alt="Base" class="icon"><span class="tip">Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource.</span></span></td><td valign="top">917</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/917.html" target="_blank" rel="noopener noreferrer">Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')</a></td></tr></tbody></table></div></div></div></div></div></div></div></div></div></div><div id="Modes_Of_Introduction"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Modes_Of_Introduction');"><img id="ocimg_77_Modes_Of_Introduction" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Modes Of Introduction</div><div name="oc_77_Modes_Of_Introduction" id="oc_77_Modes_Of_Introduction" class="expandblock"><div class="tabledetail"><div class="indent"><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.</span></span><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="middle" width="110px">Phase</th><th valign="middle">Note</th></tr><tr><td valign="middle" nowrap>Architecture and Design</td><td valign="middle" width="100%"></td></tr><tr><td valign="middle" nowrap>Implementation</td><td valign="middle" width="100%">REALIZATION: This weakness is caused during implementation of an architectural security tactic. </td></tr></table></div></div></div></div><div id="Applicable_Platforms"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Applicable_Platforms');"><img id="ocimg_77_Applicable_Platforms" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Applicable Platforms</div><div name="oc_77_Applicable_Platforms" id="oc_77_Applicable_Platforms" class="expandblock"><div class="detail"><div class="indent"><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.</span></span><p class="subheading">Languages</p><div class="indent"><p> Class: Not Language-Specific <span class="smaller" style="font-style:italic">(Undetermined Prevalence)</span></p></div></div></div></div></div><div id="Common_Consequences"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Common_Consequences');"><img id="ocimg_77_Common_Consequences" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Common Consequences</div><div name="oc_77_Common_Consequences" id="oc_77_Common_Consequences" class="expandblock"><div class="tabledetail"><div class="indent"><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.</span></span><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="middle" width="135px" nowrap>Scope</th><th valign="middle">Impact</th><th valign="middle" width="100px" nowrap>Likelihood</th></tr><tr><td valign="middle" nowrap>Integrity<br>Confidentiality<br>Availability<br></td><td valign="middle" width="100%"><div style="padding-top:5px"><p class="smaller" style="font-weight:normal"><span class="subheading">Technical Impact:</span><i> Execute Unauthorized Code or Commands</i></p></div><div style="padding-top:5px">If a malicious user injects a character (such as a semi-colon) that delimits the end of one command and the beginning of another, it may be possible to then insert an entirely new and unrelated command that was not intended to be executed. </div></td><td valign="middle" nowrap></td></tr></table></div></div></div></div><div id="Likelihood_Of_Exploit"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Likelihood_Of_Exploit');"><img id="ocimg_77_Likelihood_Of_Exploit" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Likelihood Of Exploit</div><div name="oc_77_Likelihood_Of_Exploit" id="oc_77_Likelihood_Of_Exploit" class="expandblock"><div class="detail"><div class="indent">High</div></div></div></div><div id="Demonstrative_Examples"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Demonstrative_Examples');"><img id="ocimg_77_Demonstrative_Examples" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Demonstrative Examples</div><div name="oc_77_Demonstrative_Examples" id="oc_77_Demonstrative_Examples" class="expandblock"><div class="detail"><div class="indent"><p class="subheading">Example 1</p><p>The following simple program accepts a filename as a command line argument and displays the contents of the file back to the user. The program is installed setuid root because it is intended for use as a learning tool to allow system administrators in-training to inspect privileged system files without giving them the ability to modify them or damage the system.</p><div class="indent Bad"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(bad code)</div><div class="optheading smaller"><span style="font-weight:normal; font-style:italic">Example Language: </span>C </div></div><div class="top"> <div>int main(int argc, char** argv) {<div style="margin-left:1em;">char cmd[CMD_MAX] = "/usr/bin/cat ";<br>strcat(cmd, argv[1]);<br>system(cmd);</div>}</div> </div></div></div></div><p>Because the program runs with root privileges, the call to system() also executes with root privileges. If a user specifies a standard filename, the call works as expected. However, if an attacker passes a string of the form ";rm -rf /", then the call to system() fails to execute cat due to a lack of arguments and then plows on to recursively delete the contents of the root partition.</p><p>Note that if argv[1] is a very long argument, then this issue might also be subject to a buffer overflow (<a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/120.html">CWE-120</a>). </p><p class="subheading">Example 2</p><p>The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files. The script rmanDB.bat accepts a single command line parameter, which specifies what type of backup to perform. Because access to the database is restricted, the application runs the backup as a privileged user.</p><div class="indent Bad"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(bad code)</div><div class="optheading smaller"><span style="font-weight:normal; font-style:italic">Example Language: </span>Java </div></div><div class="top"> <div>...<br>String btype = request.getParameter("backuptype");<br>String cmd = new String("cmd.exe /K \"<div style="margin-left:1em;">c:\\util\\rmanDB.bat "<br>+btype+<br>"&&c:\\utl\\cleanup.bat\"")</div> <br>System.Runtime.getRuntime().exec(cmd);<br>...</div> </div></div></div></div><p>The problem here is that the program does not do any validation on the backuptype parameter read from the user. Typically the Runtime.exec() function will not execute multiple commands, but in this case the program first runs the cmd.exe shell in order to run multiple commands with a single call to Runtime.exec(). Once the shell is invoked, it will happily execute multiple commands separated by two ampersands. If an attacker passes a string of the form "& del c:\\dbms\\*.*", then the application will execute this command along with the others specified by the program. Because of the nature of the application, it runs with the privileges necessary to interact with the database, which means whatever command the attacker injects will run with those privileges as well.</p><p class="subheading">Example 3</p><p>The following code from a system utility uses the system property APPHOME to determine the directory in which it is installed and then executes an initialization script based on a relative path from the specified directory.</p><div class="indent Bad"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(bad code)</div><div class="optheading smaller"><span style="font-weight:normal; font-style:italic">Example Language: </span>Java </div></div><div class="top"> <div>...<br>String home = System.getProperty("APPHOME");<br>String cmd = home + INITCMD;<br>java.lang.Runtime.getRuntime().exec(cmd);<br>...</div> </div></div></div></div><p>The code above allows an attacker to execute arbitrary commands with the elevated privilege of the application by modifying the system property APPHOME to point to a different path containing a malicious version of INITCMD. Because the program does not validate the value read from the environment, if an attacker can control the value of the system property APPHOME, then they can fool the application into running malicious code and take control of the system.</p><p class="subheading">Example 4</p><p>The following code is a wrapper around the UNIX command cat which prints the contents of a file to standard out. It is also injectable:</p><div class="indent Bad"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(bad code)</div><div class="optheading smaller"><span style="font-weight:normal; font-style:italic">Example Language: </span>C </div></div><div class="top"> <div>#include <stdio.h><br>#include <unistd.h><br> <br>int main(int argc, char **argv) {<div style="margin-left:1em;"> <div> <br>char cat[] = "cat ";<br>char *command;<br>size_t commandLength;<br> <br>commandLength = strlen(cat) + strlen(argv[1]) + 1;<br>command = (char *) malloc(commandLength);<br>strncpy(command, cat, commandLength);<br>strncat(command, argv[1], (commandLength - strlen(cat)) );<br> <br>system(command);<br>return (0);</div> </div>}</div> </div></div></div></div><p>Used normally, the output is simply the contents of the file requested:</p><div class="indent Informative"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(informative)</div><div class="optheading smaller"> </div></div><div class="top"> <div>$ ./catWrapper Story.txt<br>When last we left our heroes...</div> </div></div></div></div><p>However, if we add a semicolon and another command to the end of this line, the command is executed by catWrapper with no complaint:</p><div class="indent Attack"><div id="ExampleCode" style="clear:both; padding-top:5px; padding-bottom:5px;"><div class="shadow"><div class="CodeHead"><div style="float:right; font-style:italic; font-size:10px; color:#98A9B7">(attack code)</div><div class="optheading smaller"> </div></div><div class="top"> <div>$ ./catWrapper Story.txt; ls<br>When last we left our heroes...<br>Story.txt<br>SensitiveFile.txt<br>PrivateData.db<br>a.out*</div> </div></div></div></div><p>If catWrapper had been set to have a higher privilege level than the standard user, arbitrary commands could be executed with that higher privilege.</p></div></div></div></div><div id="Observed_Examples"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Observed_Examples');"><img id="ocimg_77_Observed_Examples" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Observed Examples</div><div name="oc_77_Observed_Examples" id="oc_77_Observed_Examples" class="expandblock"><div class="tabledetail"><div class="indent"><div style="margin-top: 10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"><tr><th valign="top" width="165px" nowrap>Reference</th><th valign="top">Description</th></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2022-36069" target="_blank" rel="noopener noreferrer">CVE-2022-36069</a></div></td><td valign="top"><div class="indent">Python-based dependency management tool avoids OS command injection when generating Git commands but allows injection of optional arguments with input beginning with a dash, potentially allowing for code execution. </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-1999-0067" target="_blank" rel="noopener noreferrer">CVE-1999-0067</a></div></td><td valign="top"><div class="indent">Canonical example of OS command injection. CGI program does not neutralize "|" metacharacter when invoking a phonebook program. </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2020-9054" target="_blank" rel="noopener noreferrer">CVE-2020-9054</a></div></td><td valign="top"><div class="indent">Chain: improper input validation (<a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/20.html">CWE-20</a>) in username parameter, leading to OS command injection (<a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>), as exploited in the wild per CISA KEV. </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2022-1509" target="_blank" rel="noopener noreferrer">CVE-2022-1509</a></div></td><td valign="top"><div class="indent">injection of sed script syntax ("sed injection") </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2021-41282" target="_blank" rel="noopener noreferrer">CVE-2021-41282</a></div></td><td valign="top"><div class="indent">injection of sed script syntax ("sed injection") </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2019-13398" target="_blank" rel="noopener noreferrer">CVE-2019-13398</a></div></td><td valign="top"><div class="indent">injection of sed script syntax ("sed injection") </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2019-12921" target="_blank" rel="noopener noreferrer">CVE-2019-12921</a></div></td><td valign="top"><div class="indent">image program allows injection of commands in "Magick Vector Graphics (MVG)" language. </div></td></tr> <tr><td valign="top"><div><a href="https://web.archive.org/web/20230127193726/https://www.cve.org/CVERecord?id=CVE-2020-11698" target="_blank" rel="noopener noreferrer">CVE-2020-11698</a></div></td><td valign="top"><div class="indent">anti-spam product allows injection of SNMP commands into confiuration file </div></td></tr> </table></div></div></div></div></div><div id="Potential_Mitigations"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Potential_Mitigations');"><img id="ocimg_77_Potential_Mitigations" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Potential Mitigations</div><div name="oc_77_Potential_Mitigations" id="oc_77_Potential_Mitigations" class="expandblock"><div class="detail"><div class="indent"><div id="Grouped"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tr><td valign="top"><p class="subheading">Phase: Architecture and Design</p><div class="indent">If at all possible, use library calls rather than external processes to recreate the desired functionality. </div></td></tr> <tr><td valign="top"><p class="subheading">Phase: Implementation</p><div class="indent">If possible, ensure that all external commands called from the program are statically created. </div></td></tr> <tr><td valign="top"><p class="subheading">Phase: Implementation</p><div class="indent"><p class="suboptheading">Strategy: Input Validation</p></div><div class="indent"> </div><p><div class="indent">Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. </div></p><div class="indent"> </div><p><div class="indent">When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue." </div></p><div class="indent"> </div><p><div class="indent">Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright. </div></p><div class="indent"> </div></td></tr> <tr><td valign="top"><p class="subheading">Phase: Operation</p><div class="indent">Run time: Run time policy enforcement may be used in an allowlist fashion to prevent use of any non-sanctioned commands. </div></td></tr> <tr><td valign="top"><p class="subheading">Phase: System Configuration</p><div class="indent">Assign permissions to the software system that prevents the user from accessing/opening privileged files. </div></td></tr> </table></div></div></div></div></div><div id="Weakness_Ordinalities"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Weakness_Ordinalities');"><img id="ocimg_77_Weakness_Ordinalities" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Weakness Ordinalities</div><div name="oc_77_Weakness_Ordinalities" id="oc_77_Weakness_Ordinalities" class="expandblock"><div class="tabledetail"><div class="indent"><div style="margin-top: 10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"><tr><th valign="top" nowrap>Ordinality</th><th valign="top" width="100%">Description</th></tr> <tr><td valign="top"><div style="font-size:90%;">Primary</div></td><td valign="top"><div style="font-size:90%; font-style:italic; padding:5px;">(where the weakness exists independent of other weaknesses)</div></td></tr> </table></div></div></div></div></div><div id="Memberships"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Memberships');"><img id="ocimg_77_Memberships" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Memberships</div><div name="oc_77_Memberships" id="oc_77_Memberships" class="expandblock"><div class="detail"><div class="indent"><span class="section tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/dictionary.gif" alt="Section Help"><span class="tip">This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.</span></span><div xmlns:saxon="http://saxon.sf.net/" xmlns:xalan="http://xml.apache.org/xalan" class="tabledetail" style="padding-top:10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" id="Detail"><tr><th valign="top" width="110px">Nature</th><th valign="top" width="40px">Type</th><th valign="top" width="50px">ID</th><th valign="top">Name</th></tr><tbody><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">713</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/713.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2007 Category A2 - Injection Flaws</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">722</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/722.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2004 Category A1 - Unvalidated Input</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">727</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/727.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2004 Category A6 - Injection Flaws</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">929</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/929.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2013 Category A1 - Injection</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">990</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/990.html" target="_blank" rel="noopener noreferrer">SFP Secondary Cluster: Tainted Input to Command</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1005</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1005.html" target="_blank" rel="noopener noreferrer">7PK - Input Validation and Representation</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1027</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1027.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2017 Category A1 - Injection</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1179</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1179.html" target="_blank" rel="noopener noreferrer">SEI CERT Perl Coding Standard - Guidelines 01. Input Validation and Data Sanitization (IDS)</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1308</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1308.html" target="_blank" rel="noopener noreferrer">CISQ Quality Measures - Security</a></td></tr><tr class="primary View"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/view.gif" alt="View" class="icon"><span class="tip">View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).</span></span></td><td valign="top">1337</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1337.html" target="_blank" rel="noopener noreferrer">Weaknesses in the 2021 CWE Top 25 Most Dangerous Software Weaknesses</a></td></tr><tr class="primary View"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/view.gif" alt="View" class="icon"><span class="tip">View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).</span></span></td><td valign="top">1340</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1340.html" target="_blank" rel="noopener noreferrer">CISQ Data Protection Measures</a></td></tr><tr class="primary Category"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/category.gif" alt="Category" class="icon"><span class="tip">Category - a CWE entry that contains a set of other entries that share a common characteristic.</span></span></td><td valign="top">1347</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1347.html" target="_blank" rel="noopener noreferrer">OWASP Top Ten 2021 Category A03:2021 - Injection</a></td></tr><tr class="primary View"><td valign="top">MemberOf</td><td valign="top" nowrap class="right" align="center" style="padding-top:1px"><span class="tool"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/icons/view.gif" alt="View" class="icon"><span class="tip">View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).</span></span></td><td valign="top">1387</td><td valign="top"><a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/1387.html" target="_blank" rel="noopener noreferrer">Weaknesses in the 2022 CWE Top 25 Most Dangerous Software Weaknesses</a></td></tr></tbody></table></div></div></div></div></div><div id="Notes"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Notes');"><img id="ocimg_77_Notes" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Notes</div><div name="oc_77_Notes" id="oc_77_Notes" class="expandblock"><div class="detail"><div class="indent"><div class="Mapping_Note"><p class="subheading">Mapping</p><div class="indent"> <p>Use for Mapping: Allowed-with-Review (this CWE ID could be used to map to real-world vulnerabilities in limited situations requiring careful review).</p> <p>Rationale: <a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/77.html">CWE-77</a> is often used when OS command injection (<a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/78.html">CWE-78</a>) was intended instead [<a href="#REF-1287">REF-1287</a>]. </p> <p>Comments: if the weakness involves a command language besides OS shell invocation, then <a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/77.html">CWE-77</a> could be used. </p> </div></div><div class="Terminology_Note"><p class="subheading">Terminology</p><div class="indent"> <p>The "command injection" phrase carries different meanings to different people. For some people, it refers to any type of attack that can allow the attacker to execute commands of their own choosing, regardless of how those commands are inserted. The command injection could thus be resultant from another weakness. This usage also includes cases in which the functionality allows the user to specify an entire command, which is then executed; within CWE, this situation might be better regarded as an authorization problem (since an attacker should not be able to specify arbitrary commands.)</p> <p>Another common usage, which includes <a href="/web/20230127193726/https://cwe.mitre.org/data/definitions/77.html">CWE-77</a> and its descendants, involves cases in which the attacker injects separators into the command being constructed. </p> </div></div></div></div></div></div><div id="Taxonomy_Mappings"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Taxonomy_Mappings');"><img id="ocimg_77_Taxonomy_Mappings" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Taxonomy Mappings</div><div name="oc_77_Taxonomy_Mappings" id="oc_77_Taxonomy_Mappings" class="expandblock"><div class="tabledetail"><div class="indent"><div style="margin-top: 10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"><tr><th valign="top" nowrap width="230px">Mapped Taxonomy Name</th><th valign="top" nowrap width="100px">Node ID</th><th valign="top" nowrap>Fit</th><th valign="top">Mapped Node Name</th></tr> <tr><td valign="top">7 Pernicious Kingdoms</td><td valign="top"></td><td valign="top"></td><td valign="top">Command Injection</td></tr> <tr><td valign="top">CLASP</td><td valign="top"></td><td valign="top"></td><td valign="top">Command injection</td></tr> <tr><td valign="top">OWASP Top Ten 2007</td><td valign="top">A2</td><td valign="top">CWE More Specific</td><td valign="top">Injection Flaws</td></tr> <tr><td valign="top">OWASP Top Ten 2004</td><td valign="top">A1</td><td valign="top">CWE More Specific</td><td valign="top">Unvalidated Input</td></tr> <tr><td valign="top">OWASP Top Ten 2004</td><td valign="top">A6</td><td valign="top">CWE More Specific</td><td valign="top">Injection Flaws</td></tr> <tr><td valign="top">Software Fault Patterns</td><td valign="top">SFP24</td><td valign="top"></td><td valign="top">Tainted input to command</td></tr> <tr><td valign="top">SEI CERT Perl Coding Standard</td><td valign="top">IDS34-PL</td><td valign="top">CWE More Specific</td><td valign="top">Do not pass untrusted, unsanitized data to a command interpreter</td></tr> </table></div></div></div></div></div><div id="Related_Attack_Patterns"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Related_Attack_Patterns');"><img id="ocimg_77_Related_Attack_Patterns" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Related Attack Patterns</div><div name="oc_77_Related_Attack_Patterns" id="oc_77_Related_Attack_Patterns" class="expandblock"><div class="tabledetail"><div class="indent"><div style="margin-top: 10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"><tr><th valign="top" nowrap width="110px">CAPEC-ID</th><th valign="top">Attack Pattern Name</th></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/136.html" target="_blank" rel="noopener noreferrer">CAPEC-136</a></td><td valign="top">LDAP Injection</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/15.html" target="_blank" rel="noopener noreferrer">CAPEC-15</a></td><td valign="top">Command Delimiters</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/183.html" target="_blank" rel="noopener noreferrer">CAPEC-183</a></td><td valign="top">IMAP/SMTP Command Injection</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/248.html" target="_blank" rel="noopener noreferrer">CAPEC-248</a></td><td valign="top">Command Injection</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/40.html" target="_blank" rel="noopener noreferrer">CAPEC-40</a></td><td valign="top">Manipulating Writeable Terminal Devices</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/43.html" target="_blank" rel="noopener noreferrer">CAPEC-43</a></td><td valign="top">Exploiting Multiple Input Interpretation Layers</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/75.html" target="_blank" rel="noopener noreferrer">CAPEC-75</a></td><td valign="top">Manipulating Writeable Configuration Files</td></tr> <tr><td valign="top"><a href="https://web.archive.org/web/20230127193726/http://capec.mitre.org/data/definitions/76.html" target="_blank" rel="noopener noreferrer">CAPEC-76</a></td><td valign="top">Manipulating Web Input to File System Calls</td></tr> </table></div></div></div></div></div><div id="References"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_References');"><img id="ocimg_77_References" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>References</div><div name="oc_77_References" id="oc_77_References" class="expandblock"><div class="detail"><div class="indent"><div id="Grouped"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"> <tr><td valign="top"><div id="REF-6">[REF-6] Katrina Tsipenyuk, Brian Chess and Gary McGraw. "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors". NIST Workshop on Software Security Assurance Tools Techniques and Metrics. NIST. 2005-11-07. <<a href="https://web.archive.org/web/20230127193726/https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf" target="_blank" rel="noopener noreferrer">https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf</a>>.</div></td></tr> <tr><td valign="top"><div id="REF-140">[REF-140] Greg Hoglund and Gary McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02-27. <<a href="https://web.archive.org/web/20230127193726/https://www.amazon.com/Exploiting-Software-How-Break-Code/dp/0201786958" target="_blank" rel="noopener noreferrer">https://www.amazon.com/Exploiting-Software-How-Break-Code/dp/0201786958</a>>.</div></td></tr> <tr><td valign="top"><div id="REF-44">[REF-44] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 10: Command Injection." Page 171. McGraw-Hill. 2010. </div></td></tr> <tr><td valign="top"><div id="REF-1287">[REF-1287] MITRE. "Supplemental Details - 2022 CWE Top 25". Details of Problematic Mappings. 2022-06-28. <<a href="https://web.archive.org/web/20230127193726/https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails" target="_blank" rel="noopener noreferrer">https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails</a>>.</div></td></tr> </table></div></div></div></div></div><div id="Content_History"><div class="heading"><span id="script"><a href="javascript:toggleblocksOC('77_Content_History');"><img id="ocimg_77_Content_History" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Content History</div><div name="oc_77_Content_History" id="oc_77_Content_History" class="expandblock"><div class="tabledetail"><div class="indent"><div style="margin-top: 10px"><table width="98%" cellpadding="0" cellspacing="0" border="0" class="Detail"><thead class="Submissions"><tr><th valign="top" colspan="3" class="title"><span id="script"><a href="javascript:toggleblocksOC('77_Submissions');"><img id="ocimg_77_Submissions" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Submissions</th></tr></thead><tbody id="oc_77_Submissions" class="expandblock"><tr><th valign="top">Submission Date</th><th valign="top" nowrap>Submitter</th><th valign="top" nowrap>Organization</th></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2006-07-19</td><td valign="top">7 Pernicious Kingdoms</td><td valign="top"></td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee"></td></tr></tbody><thead class="Contributions"><tr><th valign="top" colspan="3" class="title"><span id="script"><a href="javascript:toggleblocksOC('77_Contributions');"><img id="ocimg_77_Contributions" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_more.gif" border="0" alt="+"></a> </span>Contributions</th></tr></thead><tbody id="oc_77_Contributions" class="expandblock"><tr><th valign="top">Contribution Date</th><th valign="top" nowrap>Contributor</th><th valign="top" nowrap>Organization</th></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2022-05-20</td><td valign="top">Anonymous External Contributor</td><td valign="top"></td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">reported typo in Terminology note</td></tr></tbody><thead class="Modifications"><tr><th valign="top" colspan="3" class="title"><span id="script"><a href="javascript:toggleblocksOC('77_Modifications');"><img id="ocimg_77_Modifications" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Modifications</th></tr></thead><tbody id="oc_77_Modifications" class="collapseblock"><tr><th valign="top">Modification Date</th><th valign="top" nowrap>Modifier</th><th valign="top" nowrap>Organization</th></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2008-07-01</td><td valign="top">Eric Dalci</td><td valign="top">Cigital</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Time_of_Introduction</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2008-08-15</td><td valign="top"></td><td valign="top">Veracode</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">Suggested OWASP Top Ten 2004 mapping</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2008-09-08</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings, Weakness_Ordinalities</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2009-05-27</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Demonstrative_Examples, Name</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2009-07-27</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Demonstrative_Examples, Description, Name</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2009-10-29</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Common_Consequences, Description, Other_Notes, Potential_Mitigations</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2010-02-16</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Potential_Mitigations, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2010-06-21</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Description, Name</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2011-03-29</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Demonstrative_Examples</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2011-06-01</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Common_Consequences</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2012-05-11</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Common_Consequences, Demonstrative_Examples, References, Related_Attack_Patterns, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2012-10-30</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Potential_Mitigations</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2013-02-21</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2013-07-17</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2014-02-18</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Applicable_Platforms, Demonstrative_Examples, Description, Other_Notes, Terminology_Notes</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2014-06-23</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2014-07-30</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships, Taxonomy_Mappings</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2015-12-07</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Demonstrative_Examples, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2017-05-03</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Potential_Mitigations, Related_Attack_Patterns, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2017-11-08</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Causal_Nature, Likelihood_of_Exploit, Modes_of_Introduction, References, Relationships, Taxonomy_Mappings</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2018-03-27</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2019-01-03</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Taxonomy_Mappings</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2019-06-20</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Related_Attack_Patterns, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2020-02-24</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Potential_Mitigations, References, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2020-06-25</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Potential_Mitigations</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2020-08-20</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2020-12-10</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2021-03-15</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2021-07-20</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Description, Observed_Examples, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2021-10-28</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2022-06-28</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Observed_Examples, Relationships</td></tr><tr><td valign="top" nowrap rowspan="2" style="border-bottom:1px solid #BAC5E3">2022-10-13</td><td valign="top">CWE Content Team</td><td valign="top">MITRE</td></tr><tr><td valign="top" colspan="2" style="border-bottom:1px solid #BAC5E3; font-size:90%; background-color:#eeeeee">updated Observed_Examples, References, Terminology_Notes</td></tr></tbody><thead class="Previous_Entry_Names"><tr><th valign="top" colspan="3" class="title"><span id="script"><a href="javascript:toggleblocksOC('77_Previous_Entry_Names');"><img id="ocimg_77_Previous_Entry_Names" src="/web/20230127193726im_/https://cwe.mitre.org/images/head_less.gif" border="0" alt="+"></a> </span>Previous Entry Names</th></tr></thead><tbody id="oc_77_Previous_Entry_Names" class="collapseblock"><tr><th valign="top" nowrap>Change Date</th><th valign="top" nowrap colspan="3">Previous Entry Name</th></tr><tr><td valign="top" nowrap>2008-04-11</td><td valign="top" colspan="2">Command Injection</td></tr><tr><td style="border-bottom:1px solid #BAC5E3" colspan="3"></td></tr><tr><td valign="top" nowrap>2009-05-27</td><td valign="top" colspan="2">Failure to Sanitize Data into a Control Plane (aka 'Command Injection')</td></tr><tr><td style="border-bottom:1px solid #BAC5E3" colspan="3"></td></tr><tr><td valign="top" nowrap>2009-07-27</td><td valign="top" colspan="2">Failure to Sanitize Data into a Control Plane ('Command Injection')</td></tr><tr><td style="border-bottom:1px solid #BAC5E3" colspan="3"></td></tr><tr><td valign="top" nowrap>2010-06-21</td><td valign="top" colspan="2">Improper Sanitization of Special Elements used in a Command ('Command Injection')</td></tr><tr><td style="border-bottom:1px solid #BAC5E3" colspan="3"></td></tr></tbody></table></div></div></div></div></div></div></html> <div id="More_Message"> <div style="background-color:#798795; padding:2px; color:#ffffff; font-size:95%; text-align:center">More information is available — Please select a different filter.</div></div> </td>  </tr> </table> <div id="FootPane" class="noprint"> <div id="footbar"> <b>Page Last Updated: </b> October 13, 2022 </div> <div class="Footer noprint"> <table width="100%" cellpadding="0" cellspacing="0" border="0" class="ltgreybackground" style="clear:both"> <tr> <td colspan="3" id="line"><div class="line"> </div></td> </tr> <tr> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="https://web.archive.org/web/20230127193726/http://www.mitre.org/" target="_blank" rel="noopener noreferrer"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/mitre_logo.gif" height="36" border="0" alt="MITRE" title="MITRE"/></a> </div> </td> <td width="100%" valign="top" style="padding:6px 0px;"> <div id="footerlinks"> <a href="/web/20230127193726/https://cwe.mitre.org/sitemap.html">Site Map</a> | <a href="/web/20230127193726/https://cwe.mitre.org/about/termsofuse.html">Terms of Use</a> | <a href="/web/20230127193726/https://cwe.mitre.org/about/privacy_policy.html">Privacy Policy</a> | <a href="https://web.archive.org/web/20230127193726/mailto:cwe@mitre.org">Contact Us</a> | <a target="_blank" href="https://web.archive.org/web/20230127193726/https://twitter.com/CweCapec"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/twitter.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Twitter" title="CWE Twitter"></a> <a target="_blank" href="https://web.archive.org/web/20230127193726/https://www.linkedin.com/showcase/cve-cwe-capec"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/linkedin_sm.jpg" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE on LinkedIn" title="CWE on LinkedIn"></a> <a target="_blank" href="https://web.archive.org/web/20230127193726/https://www.youtube.com/channel/UCpY9VIpRmFK4ebD6orssifA"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/youtube.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE YouTube channel" title="CWE YouTube Channel"></a> <a href="/web/20230127193726/https://cwe.mitre.org/news/podcast.html"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/out_of_bounds_read_logo.png" width="22" height="22" style="border:0;vertical-align:right;" alt="CWE Out-of-Bounds-Read Podcast" title="CWE Out-of-Bounds-Read Podcast"></a> <a target="_blank" href="https://web.archive.org/web/20230127193726/https://medium.com/@CWE_CAPEC"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/medium.png" width="20" height="20" style="border:0;vertical-align:right;" alt="CWE Blog on Medium blog" title="CWE Blog on Medium"></a> </div> <p>Use of the Common Weakness Enumeration (CWE) and the associated references from this website are subject to the <a href="/web/20230127193726/https://cwe.mitre.org/about/termsofuse.html">Terms of Use</a>. CWE is sponsored by the <a target="_blank" rel="noopener noreferrer" href="https://web.archive.org/web/20230127193726/https://www.dhs.gov/">U.S. Department of Homeland Security</a> (DHS) <a target="_blank" rel="noopener noreferrer" href="https://web.archive.org/web/20230127193726/https://www.dhs.gov/cisa/cybersecurity-division">Cybersecurity and Infrastructure Security Agency</a> (CISA) and managed by the <a href="https://web.archive.org/web/20230127193726/https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer">Homeland Security Systems Engineering and Development Institute</a> (HSSEDI) which is operated by <a target="_blank" rel="noopener noreferrer" href="https://web.archive.org/web/20230127193726/http://www.mitre.org/">The MITRE Corporation</a> (MITRE). Copyright © 2006–2023, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.</p> </td> <td valign="middle" nowrap="nowrap"> <div id="footerlinks" class="footlogo"> <a href="https://web.archive.org/web/20230127193726/https://www.dhs.gov/science-and-technology/hssedi" target="_blank" rel="noopener noreferrer"><img src="/web/20230127193726im_/https://cwe.mitre.org/images/hssedi.png" height="36" border="0" alt="HSSEDI" title="HSSEDI"/></a> </div> </td> </tr> </table> </div> </div>  <script type="text/javascript"> var gaJsHost = (("https:" == document.location.protocol) ? "https://web.archive.org/web/20230127193726/https://ssl." : "https://web.archive.org/web/20230127193726/http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); </script> <script type="text/javascript"> var pageTracker = _gat._getTracker("UA-5164081-1"); pageTracker._trackPageview(); </script> </body> </html>