CWE-471: Modification of Assumed-Immutable Data (MAID)
ID
CWE-471
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
24
The product does not properly protect an assumed-immutable element from being modified by an attacker.
This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | |
| Architecture and Design |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Not Language-Specific |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.org| # ID | Name | Weaknesses |
|---|---|---|
| CAPEC-384 | Application API Message Manipulation via Man-in-the-Middle | CWE-471 |
| CAPEC-385 | Transaction or Event Tampering via Application API Manipulation | CWE-471 |
| CAPEC-386 | Application API Navigation Remapping | CWE-471 |
| CAPEC-387 | Navigation Remapping To Propagate Malicious Content | CWE-471 |
| CAPEC-388 | Application API Button Hijacking | CWE-471 |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...