CWE-471Modification of Assumed-Immutable Data (MAID)

PUBLISHEDweakness record
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-471
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Modification of Assumed-Immutable Data (MAID)

描述

The product does not properly protect an assumed-immutable element from being modified by an attacker.

This occurs when a particular input is critical enough to the functioning of the application that it should not be modifiable at all, but it is. Certain resources are often assumed to be immutable when they are not, such as hidden form fields in web applications, cookies, and reverse DNS lookups.

常见后果

范围:
Integrity
影响:
Modify Application Data
注释:
Common data types that are attacked are environment variables, web application parameters, and HTTP headers.
范围:
Integrity
影响:
Unexpected State

相关 CWE