CWE-941Incorrectly Specified Destination in a Communication Channel

PUBLISHEDweakness record
released 2014-02-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-941
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2014-02-19
更新日期:
2025-12-11

名称

Incorrectly Specified Destination in a Communication Channel

描述

The product creates a communication channel to initiate an outgoing request to an actor, but it does not correctly specify the intended destination for that actor.

Attackers at the destination may be able to spoof trusted servers to steal data or cause a denial of service. There are at least two distinct weaknesses that can cause the product to communicate with an unintended destination:

常见后果

范围:
Access Control, Other
影响:
Gain Privileges or Assume Identity, Varies by Context, Bypass Protection Mechanism
注释:
An attacker can access any functionality that is inadvertently accessible to the source.

相关 CWE