CWE-794: Incomplete Filtering of Multiple Instances of Special Elements
Learn about CWE-794 (Incomplete Filtering of Multiple Instances of Special Elements), its security impact, exploitation methods, and prevention guidelines.
What is Incomplete Filtering of Multiple Instances of Special Elements?
• Overview: Incomplete Filtering of Multiple Instances of Special Elements (CWE-794) occurs when an application receives data and fails to properly filter out or sanitize all occurrences of special elements before passing the data on to another part of the system. This can happen with elements that appear consecutively or are scattered throughout the data.
• Exploitation Methods:
- Attackers can inject malicious code or commands by exploiting unfiltered special elements.
- Common attack patterns include injection attacks, such as SQL injection, code injection, or cross-site scripting (XSS), where special characters are used to manipulate the intended behavior of the system.
• Security Impact:
- Direct consequences include unauthorized access, data corruption, or execution of arbitrary code.
- Potential cascading effects might include system compromise, data breaches, or service disruption.
- Business impact could involve loss of customer trust, financial penalties, and damage to reputation.
• Prevention Guidelines:
- Specific code-level fixes include consistently applying input validation and output encoding to all instances of data processing.
- Security best practices involve using allow-lists for acceptable input, escaping special characters, and employing secure coding guidelines.
- Recommended tools and frameworks include static analysis tools for code review, using frameworks that handle input validation automatically, and employing web application firewalls (WAFs) to block malicious inputs.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not specified
Affected Technologies: Not specified