1. Home
  2. Weaknesses
  3. CWE-353

CWE-353: Missing Support for Integrity Check

ID CWE-353
Abstraction Base
Structure Simple
Status Draft
Number of CVEs 22
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product uses a transmission protocol that does not include a mechanism for verifying the integrity of the data during transmission, such as a checksum.

If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.

Modes of Introduction

Phase Note
Architecture and Design OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase.
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-345 Insufficient Verification of Data Authenticity Class Simple Draft
CWE-1000 Research Concepts Draft CWE-354 Improper Validation of Integrity Check Value Base Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-13 Subverting Environment Variable Values CWE-353
CAPEC-14 Client-side Injection-induced Buffer Overflow CWE-353
CAPEC-39 Manipulating Opaque Client-based Data Tokens CWE-353
CAPEC-74 Manipulating State CWE-353
CAPEC-75 Manipulating Writeable Configuration Files CWE-353
CAPEC-389 Content Spoofing Via Application API Manipulation CWE-353
CAPEC-665 Exploitation of Thunderbolt Protection Flaws CWE-353

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date