Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2017-6464 Vulnerability in dos (CVE-2017-6464)
CVE-2017-7183 Vulnerability in dos (CVE-2017-7183)
CVE-2017-5932 Vulnerability in gnu (CVE-2017-5932)
CVE-2017-7262 Vulnerability in dos (CVE-2017-7262)
CVE-2017-7261 Vulnerability in c (CVE-2017-7261)
CVE-2016-6206 Vulnerability in dos (CVE-2016-6206)
CVE-2015-8678 Vulnerability in dos (CVE-2015-8678)
CVE-2016-9390 Vulnerability in c (CVE-2016-9390)
CVE-2016-9394 Vulnerability in c (CVE-2016-9394)
CVE-2016-9395 Vulnerability in c (CVE-2016-9395)
CVE-2016-5755 Vulnerability in netiq (CVE-2016-5755)
CVE-2016-9168 Vulnerability in novell (CVE-2016-9168)
CVE-2017-7235 Vulnerability in cloudflare-scrape-project (CVE-2017-7235)
CVE-2017-3852 Vulnerability in cisco (CVE-2017-3852)
CVE-2017-3858 Vulnerability in cisco (CVE-2017-3858)
CVE-2017-3849 Vulnerability in dos (CVE-2017-3849)
CVE-2017-3850 Vulnerability in dos (CVE-2017-3850)
CVE-2016-4927 Vulnerability in juniper (CVE-2016-4927)
CVE-2016-6816 Vulnerability in apache (CVE-2016-6816)
CVE-2017-6837 Vulnerability in cpp (CVE-2017-6837)
CVE-2014-9851 ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVE-2017-3875 Vulnerability in cisco (CVE-2017-3875)
CVE-2014-8705 Vulnerability in wondercms (CVE-2014-8705)
CVE-2017-6955 Vulnerability in wordpress (CVE-2017-6955)
CVE-2017-6961 Vulnerability in apng2gif-project (CVE-2017-6961)
CVE-2017-0076 Vulnerability in dos (CVE-2017-0076)
CVE-2017-0095 Vulnerability in microsoft (CVE-2017-0095)
CVE-2017-0097 Vulnerability in dos (CVE-2017-0097)
CVE-2017-0098 Vulnerability in dos (CVE-2017-0098)
CVE-2017-0099 Vulnerability in dos (CVE-2017-0099)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →