Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

For each of the “even” numbered software errors discussed on http://cwe.mitre.or

ID: 3686056 • Letter: F

Question

For each of the “even” numbered software errors discussed on

http://cwe.mitre.org/top25/

Provide an example of a real attack. A reference to the attack description (URL) and one sentence description will be adequate.

Example:

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

http://www.debian.org/security/2004/dsa-469

Bug in a library libpam-pgsql, a Plugable Authentication Module (PAM) module. The input from user is not filtered to filter out dangerous charcaters/non-characters so that SQL injection attack is possible.

Using 2 level languge

Explanation / Answer

1.CWE-78

Improper Neutralization of Special Elements used in an OS Command

https://www.owasp.org/index.php/Command_Injection

OS command injection:This is an attack in which the attacker executed arbitrary commands on a host operating system with the help of a vulnerable application.

2.CWE-120:Buffer Copy without Checking Size of Input

https://www.owasp.org/index.php/Buffer_Overflow

classic buffer overflow attack:In this attack,The attacker sends the data to the program which is stored in an undersized stack buffer now,The information on the calls tack is overwritten including the return pointer of the function.As a result the data sets the value of the return pointer so that when the function returns,it transfers the control to malicious code.

3.CWE 352 Cross-Site Request Forgery (CSRF)

http://www.veracode.com/security/csrf

This is a kind of an attack where the malicious website will send a request to the web application that a user is already authenticated against from a different website.

4,CWE-798

https://cwe.mitre.org/data/definitions/259.html

Use of hardcoded credentials: it leads to authentication failure as system administrator is unable to detect it.

5.CWE-676

https://cwe.mitre.org/data/definitions/676.html

The program invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.

Related Questions

For each of the statements below, choose \"silicic magma\" or \"mafic magma\" fo
Question #293415
For each of the statements below, choose \"silicic magma\" or \"mafic magma\" or
Question #284777
For each of the statements below, explain why the statement is either TRUE or FA
Question #1223430
For each of the statements below, explain why the statement is either TRUE or FA
Question #1223700
For each of the statements below, if the argument is correct, then state the rul
Question #3013256
For each of the statements below, label it (a) if it is a group selectionist hyp
Question #18843
For each of the statements below. State whether it is True or False. If you chos
Question #2327891
For each of the statements regarding the leading statement, circle whether the s
Question #1440400

Navigate

Previous
For each of the variables listed below, indicate whether the measure is nominal,
Next
For each of these 6 requirements brifly identify and justify: - How you will val

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.