Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2016-9263 Vulnerability in wordpress (CVE-2016-9263)
CVE-2017-15285 Vulnerability in qualiteam (CVE-2017-15285)
CVE-2017-8025 Vulnerability in emc (CVE-2017-8025)
CVE-2017-5721 Vulnerability in intel (CVE-2017-5721)
CVE-2017-8994 Vulnerability in hp (CVE-2017-8994)
CVE-2017-15185 Vulnerability in c (CVE-2017-15185)
CVE-2017-9272 Vulnerability in dos (CVE-2017-9272)
CVE-2017-1002153 Vulnerability in koji (CVE-2017-1002153)
CVE-2017-14087 Vulnerability in trendmicro (CVE-2017-14087)
CVE-2017-12244 Vulnerability in dos (CVE-2017-12244)
CVE-2017-12246 Vulnerability in dos (CVE-2017-12246)
CVE-2017-12264 Vulnerability in dos (CVE-2017-12264)
CVE-2017-1541 Vulnerability in ibm (CVE-2017-1541)
CVE-2017-8018 Vulnerability in dos (CVE-2017-8018)
CVE-2017-9538 Vulnerability in dos (CVE-2017-9538)
CVE-2017-14771 Vulnerability in skyboxsecurity (CVE-2017-14771)
CVE-2017-13704 Vulnerability in canonical (CVE-2017-13704)
CVE-2017-14935 Vulnerability in pulsesecure (CVE-2017-14935)
CVE-2017-14944 Vulnerability in inedo (CVE-2017-14944)
CVE-2017-12222 Vulnerability in dos (CVE-2017-12222)
CVE-2017-12226 Vulnerability in cisco (CVE-2017-12226)
CVE-2017-12228 Vulnerability in cisco (CVE-2017-12228)
CVE-2015-3138 Vulnerability in c (CVE-2015-3138)
CVE-2017-1000252 Vulnerability in c (CVE-2017-1000252)
CVE-2012-6696 Vulnerability in inspircd (CVE-2012-6696)
CVE-2010-3049 Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).
CVE-2010-3050 Vulnerability in dos (CVE-2010-3050)
CVE-2015-7318 Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses.
CVE-2017-1551 Vulnerability in ibm (CVE-2017-1551)
CVE-2017-1555 Vulnerability in ibm (CVE-2017-1555)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →