目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1076 对预期协议的遵守不足 类漏洞列表 1

CWE-1076 对预期协议的遵守不足 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1076指产品架构、代码或设计未遵循既定规范,属于合规性缺陷。攻击者常利用此漏洞通过混淆逻辑、绕过安全机制或触发未定义行为来实施攻击,导致系统不稳定或数据泄露。开发者应建立严格的编码标准与审查流程,确保所有组件严格遵循行业惯例与安全规范,从而降低被利用风险并提升系统整体安全性。

MITRE CWE 官方描述
CWE:CWE-1076 Insufficient Adherence to Expected Conventions(未能充分遵循预期惯例) 英文:The product's architecture, source code, design, documentation, or other artifact does not follow required conventions. 译文:产品的架构、源代码、设计、文档或其他工件未遵循所需的惯例。
常见影响 (1)
OtherReduce Maintainability
This issue makes it more difficult to maintain the product, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities.
代码示例 (2)
The usage of symbolic names instead of hard-coded constants is preferred.
char buffer[1024]; ... fgets(buffer, 1024, stdin);
Bad · C
enum { MAX_BUFFER_SIZE = 1024 }; ... char buffer[MAX_BUFFER_SIZE]; ... fgets(buffer, MAX_BUFFER_SIZE, stdin);
Good · C
The following code fragment calls finalize() explicitly:
// time to clean up widget.finalize();
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2021-1268 Cisco IOS XR 安全漏洞 — Cisco IOS XR Software 7.4 High2021-02-04

CWE-1076(对预期协议的遵守不足) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。