目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-477 对废弃函数的使用 类漏洞列表 15

CWE-477 对废弃函数的使用 类弱点 15 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-477指使用过时或已弃用的函数,表明代码缺乏持续维护与安全审查。攻击者常利用此类函数中已知但未修复的安全缺陷,如缓冲区溢出或逻辑漏洞,实施远程代码执行或数据泄露。开发者应定期更新代码库,严格遵循最新语言规范,优先采用经过安全验证的现代替代函数,并借助静态分析工具检测废弃API调用,以确保软件架构的安全性与健壮性。

MITRE CWE 官方描述
CWE:CWE-477 使用过时函数 (Use of Obsolete Function) 英文:代码使用了已弃用 (deprecated) 或过时 (obsolete) 的函数,这表明该代码未经过积极的审查或维护。 随着编程语言的发展,函数偶尔会因以下原因变得过时:语言的进步;对如何有效且安全地执行操作的深入理解;对规范某些操作的惯例的变更。被移除的函数通常会被执行相同任务但方式不同且 hopefully 有所改进的新对应函数所取代。
常见影响 (1)
OtherQuality Degradation
缓解措施 (2)
ImplementationRefer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality.
RequirementsConsider seriously the security implications of using an obsolete function. Consider using alternate functions.
代码示例 (2)
The following code uses the deprecated function getpw() to verify that a plaintext password matches a user's encrypted password. If the password is valid, the function sets result to 1; otherwise it is set to 0.
... getpw(uid, pwdline); for (i=0; i<3; i++){ cryptpw=strtok(pwdline, ":"); pwdline=0; } result = strcmp(crypt(plainpw,cryptpw), cryptpw) == 0; ...
Bad · C
In the following code, the programmer assumes that the system always has a property named "cmd" defined. If an attacker can control the program's environment so that "cmd" is not defined, the program throws a null pointer exception when it attempts to call the "Trim()" method.
String cmd = null; ... cmd = Environment.GetEnvironmentVariable("cmd"); cmd = cmd.Trim();
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-49217 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49216 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49214 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 8.8 High2025-06-17
CVE-2025-49213 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49212 Trend Micro Endpoint Encryption PolicyServer 安全漏洞 — Trend Micro Endpoint Encryption Policy Server 9.8 Critical2025-06-17
CVE-2025-49220 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central 9.8 Critical2025-06-17
CVE-2025-49219 Trend Micro Apex Central 安全漏洞 — Trend Micro Apex Central 9.8 Critical2025-06-17
CVE-2023-28829 Siemens SIMATIC PCS 7 安全漏洞 — SIMATIC NET PC Software V14 3.9 Low2023-06-13
CVE-2023-23451 多款SICK产品访问控制错误漏洞 — SICK FX0-GENT00000, SICK FX0-GENT00030, SICK FX0-GMOD00000, SICK FX0-GMOD00010, SICK FX0-GPNT00000, SICK FX0-GPNT00030, SICK UE410-EN1, SICK UE410-EN3, SICK UE410-EN3S04, SICK UE410-EN4 9.8 -2023-04-19
CVE-2022-1384 Mattermost 安全漏洞 — Mattermost 4.7 Medium2022-04-19
CVE-2020-6978 Honeywell WIN-PAK 安全漏洞 — Honeywell WIN-PAK 4.7.2, Web and prior versions 7.2 -2020-03-24
CVE-2019-18251 Omron CX-Supervisor Teamviewer 安全漏洞 — Omron CX-Supervisor 8.8 -2019-11-25
CVE-2019-10988 Philips HDI 4000 Ultrasound Systems 信息泄露漏洞 — Philips HDI 4000 Ultrasound Systems 3.4 -2019-09-04
CVE-2019-10968 Philips Holter 2010 Plus 访问控制错误漏洞 — Philips Holter 2010 Plus 6.0 -2019-07-24
CVE-2018-17890 NUUO CMS 安全漏洞 — NUUO CMS 9.8 -2018-10-12

CWE-477(对废弃函数的使用) 是常见的弱点类别,本平台收录该类弱点关联的 15 条 CVE 漏洞。