CWE-434: Unrestricted Upload of File with Dangerous Type
ID
CWE-434
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
2495
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Modes of Introduction
Phase | Note |
---|---|
Implementation | |
Architecture and Design | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | ASP.NET | ||
Language | PHP | ||
Language | Not Language-Specific | ||
Technology | Web Server |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-669 | Incorrect Resource Transfer Between Spheres | Class | Simple | Draft | |
CWE-1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities | Incomplete | CWE-669 | Incorrect Resource Transfer Between Spheres | Class | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-351 | Insufficient Type Distinction | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-436 | Interpretation Conflict | Class | Simple | Incomplete | |
CWE-1000 | Research Concepts | Draft | CWE-430 | Deployment of Wrong Handler | Base | Simple | Incomplete |
Common Attack Pattern Enumeration and Classification (CAPEC)
The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.
CAPEC at Mitre.orgCVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...