Cwe 20

🧬 CWE Related 125
slug: cwe-20

Explanation

CWE-20は「ユーザーから受け取ったデータが、想定された形式・範囲・型かをきちんとチェックせずに使ってしまう欠陥」のことです。 非常に広い概念で、SQLi・XSS・コマンドインジェクションなど多くの攻撃の前段階となります。 「入力は信用するな (Trust Boundaries の概念)」がセキュリティ設計の基本原則です。
📌 Example
多くのCISA KEV登録CVEがこのCWEに分類されており、2024年だけで100件以上の悪用事例があります。

🔖 Related tags

🛡 Vulnerabilities tagged with this 1,690

ID Title
CVE-2016-6206 Vulnerability in dos (CVE-2016-6206)
CVE-2015-8678 Vulnerability in dos (CVE-2015-8678)
CVE-2016-9390 Vulnerability in c (CVE-2016-9390)
CVE-2016-9394 Vulnerability in c (CVE-2016-9394)
CVE-2016-9395 Vulnerability in c (CVE-2016-9395)
CVE-2016-5755 Vulnerability in netiq (CVE-2016-5755)
CVE-2016-9168 Vulnerability in novell (CVE-2016-9168)
CVE-2017-7235 Vulnerability in cloudflare-scrape-project (CVE-2017-7235)
CVE-2017-3852 Vulnerability in cisco (CVE-2017-3852)
CVE-2017-3858 Vulnerability in cisco (CVE-2017-3858)
CVE-2017-3849 Vulnerability in dos (CVE-2017-3849)
CVE-2017-3850 Vulnerability in dos (CVE-2017-3850)
CVE-2016-4927 Vulnerability in juniper (CVE-2016-4927)
CVE-2016-6816 Vulnerability in apache (CVE-2016-6816)
CVE-2017-6837 Vulnerability in cpp (CVE-2017-6837)
CVE-2014-9851 ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash).
CVE-2017-3875 Vulnerability in cisco (CVE-2017-3875)
CVE-2014-8705 Vulnerability in wondercms (CVE-2014-8705)
CVE-2017-6955 Vulnerability in wordpress (CVE-2017-6955)
CVE-2017-6961 Vulnerability in apng2gif-project (CVE-2017-6961)
CVE-2017-0076 Vulnerability in dos (CVE-2017-0076)
CVE-2017-0095 Vulnerability in microsoft (CVE-2017-0095)
CVE-2017-0097 Vulnerability in dos (CVE-2017-0097)
CVE-2017-0098 Vulnerability in dos (CVE-2017-0098)
CVE-2017-0099 Vulnerability in dos (CVE-2017-0099)
CVE-2017-0109 Vulnerability in microsoft (CVE-2017-0109)
CVE-2017-0033 Vulnerability in microsoft (CVE-2017-0033)
CVE-2017-0069 Vulnerability in microsoft (CVE-2017-0069)
CVE-2017-0074 Vulnerability in dos (CVE-2017-0074)
CVE-2017-0007 Vulnerability in microsoft (CVE-2017-0007)

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →