CWE-353: Missing Support for Integrity Check
If integrity check values or "checksums" are omitted from a protocol, there is no way of determining if data has been corrupted in transmission. The lack of checksum functionality in a protocol removes the first application-level check of data that can be used. The end-to-end philosophy of checks states that integrity checks should be performed at the lowest level that they can be completely implemented. Excluding further sanity checks and input validation performed by applications, the protocol's checksum is the most important level of checksum, since it can be performed more completely than at any previous level and takes into account entire messages, as opposed to single packets.
Modes of Introduction
Phase | Note |
---|---|
Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org# ID | Name | Weaknesses |
---|---|---|
CAPEC-13 | Subverting Environment Variable Values | CWE-353 |
CAPEC-14 | Client-side Injection-induced Buffer Overflow | CWE-353 |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens | CWE-353 |
CAPEC-74 | Manipulating State | CWE-353 |
CAPEC-75 | Manipulating Writeable Configuration Files | CWE-353 |
CAPEC-389 | Content Spoofing Via Application API Manipulation | CWE-353 |
CAPEC-665 | Exploitation of Thunderbolt Protection Flaws | CWE-353 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |