1. Home
  2. Weaknesses
  3. CWE-795

CWE-795: Only Filtering Special Elements at a Specified Location

ID CWE-795
Abstraction Base
Structure Simple
Status Incomplete
Detail Web & Social
The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.

A filter might only account for instances of special elements when they occur:

  • relative to a marker (e.g. "at the beginning/end of string; the second argument"), or
  • at an absolute position (e.g. "byte number 10").

This may leave special elements in the data that did not match the filter position, but still may be dangerous.

Modes of Introduction

Phase Note
Implementation REALIZATION: This weakness is caused during implementation of an architectural security tactic.

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-791 Incomplete Filtering of Special Elements Base Simple Incomplete