Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,695

ID Title
CVE-2017-0269 Vulnerability in dos (CVE-2017-0269)
CVE-2017-0273 Vulnerability in dos (CVE-2017-0273)
CVE-2017-0249 Vulnerability in csharp (CVE-2017-0249)
CVE-2017-0256 A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0247 Vulnerability in csharp (CVE-2017-0247)
CVE-2017-0231 Vulnerability in microsoft (CVE-2017-0231)
CVE-2017-0171 Vulnerability in dos (CVE-2017-0171)
CVE-2017-0212 Vulnerability in microsoft (CVE-2017-0212)
CVE-2017-5948 Vulnerability in oneplus (CVE-2017-5948)
CVE-2016-7476 Vulnerability in dos (CVE-2016-7476)
CVE-2017-6865 Vulnerability in siemens (CVE-2017-6865)
CVE-2017-6867 Out-of-Bounds Write in siemens (CVE-2017-6867)
CVE-2016-10371 Vulnerability in c (CVE-2016-10371)
CVE-2017-0346 Vulnerability in dos (CVE-2017-0346)
CVE-2017-0350 Vulnerability in c (CVE-2017-0350)
CVE-2017-0353 Vulnerability in dos (CVE-2017-0353)
CVE-2017-0354 Vulnerability in dos (CVE-2017-0354)
CVE-2017-0355 Vulnerability in dos (CVE-2017-0355)
CVE-2016-9253 Vulnerability in f5 (CVE-2016-9253)
CVE-2016-6877 Vulnerability in citrix (CVE-2016-6877)
CVE-2016-9692 Vulnerability in ibm (CVE-2016-9692)
CVE-2017-3733 Vulnerability in openssl (CVE-2017-3733)
CVE-2017-6620 Vulnerability in cisco (CVE-2017-6620)
CVE-2017-7428 Vulnerability in tomcat (CVE-2017-7428)
CVE-2016-10243 Vulnerability in debian (CVE-2016-10243)
CVE-2017-6551 Vulnerability in dos (CVE-2017-6551)
CVE-2017-8396 Vulnerability in gnu (CVE-2017-8396)
CVE-2017-7721 Vulnerability in irfanview (CVE-2017-7721)
CVE-2017-2153 Vulnerability in dos (CVE-2017-2153)
CVE-2017-2154 Vulnerability in justsystems (CVE-2017-2154)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →