Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-494 (下载代码缺少完整性检查) — Vulnerability Class 101

101 vulnerabilities classified as CWE-494 (下载代码缺少完整性检查). AI Chinese analysis included.

CWE-494 represents a critical integrity verification weakness where software retrieves and executes code from remote sources without adequately validating its origin or authenticity. This vulnerability is typically exploited by attackers who compromise the distribution server, manipulate DNS records to redirect requests to malicious hosts, or intercept and alter the code during transit via man-in-the-middle attacks. Consequently, the application unknowingly runs compromised payloads, leading to full system takeover or data exfiltration. To mitigate this risk, developers must implement robust cryptographic verification mechanisms, such as digital signatures or checksums, ensuring that downloaded artifacts match their expected values. Additionally, utilizing secure transport protocols like HTTPS and maintaining strict certificate validation further prevents tampering, thereby guaranteeing that only trusted, unmodified code is executed within the application environment.

MITRE CWE Description
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
Common Consequences (1)
Integrity, Availability, Confidentiality, OtherExecute Unauthorized Code or Commands, Alter Execution Logic, Other
Executing untrusted code could compromise the control flow of the program. The untrusted code could execute attacker-controlled commands, read or modify sensitive resources, or prevent the software from functioning correctly for legitimate users.
Mitigations (5)
ImplementationPerform proper forward and reverse DNS lookups to detect DNS spoofing.
Architecture and Design, OperationEncrypt the code with a reliable encryption scheme before transmitting. This will only be a partial solution, since it will not detect DNS spoofing and it will not prevent your code from being modified on the hosting site.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. Speficially, it may be helpful to use tools or frameworks to perform integrity checking on the transmitted code. When providing the code that is to be downloaded, such as for automatic updates of the software, then use cryptographic signatures for …
Architecture and Design, OperationRun your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database ad…
Architecture and Design, OperationRun the code in a "jail" or similar sandbox environment that enforces strict boundaries between the process and the operating system. This may effectively restrict which files can be accessed in a particular directory or which commands can be executed by the software. OS-level examples include the Unix chroot jail, AppArmor, and SELinux. In general, managed code may provide some protection. For ex…
Effectiveness: Limited
Examples (2)
This example loads an external class from a local subdirectory.
URL[] classURLs= new URL[]{ new URL("file:subdir/") }; URLClassLoader loader = new URLClassLoader(classURLs); Class loadedClass = Class.forName("loadMe", true, loader);
Bad · Java
This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.
//assume the password is already encrypted, avoiding CWE-312 function authenticate($username,$password){ include("http://external.example.com/dbInfo.php"); //dbInfo.php makes $dbhost, $dbuser, $dbpass, $dbname available mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql'); mysql_select_db($dbname); $query = 'Select * from users where username='.$username.' And password='.$password; $result = mysql_query($query); if(mysql_numrows($result) == 1){ mysql_close(); return true; } else{ mysql_close(); return false; } }
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2019-9534 The Cobham EXPLORER 710, firmware version 1.07, does not validate its firmware image — Explorer 710 7.8 -2019-10-10
CVE-2019-14845 Red Hat OpenShift 安全漏洞 — openshift 5.9 -2019-10-08
CVE-2019-13534 多款Philips产品安全漏洞 — Philips IntelliVue WLAN, portable patient monitors 7.2 -2019-09-12
CVE-2019-12809 Yes24ViewerX ActiveX Control 输入验证错误漏洞 — YES24 PC VIEWER 8.8 -2019-08-15
CVE-2018-5409 PrinterLogic Print Management Software updates and executes the code without origin and code verification — Management Software 9.8 -2019-05-08
CVE-2019-3801 Java Projects using HTTP to fetch dependencies — CredHub 9.8 -2019-04-25
CVE-2018-14620 Red Hat Openstack 安全漏洞 — openstack-rabbitmq-container 9.8 -2018-09-10
CVE-2016-6564 Ragentek Android software contains an over-the-air update mechanism that communicates over an unencrypted channel, which can allow a remote attacker to execute arbitrary code with root privileges — Android software 8.1 -2018-07-13
CVE-2016-6567 SHDesigns' Resident Download Manager (as well as the Ethernet Download Manager) does not authenticate firmware downloads before executing code and deploying them to devices — Resident Download Manager 9.8 -2018-07-13
CVE-2017-12740 Siemens LOGO! Soft Comfort 安全漏洞 — Siemens LOGO! Soft Comfort (All versions before V8.2) 5.9 -2017-12-26
CVE-2014-2378 Sensys Networks Traffic Sensor Download of Code Without Integrity Check — VSN240-F 7.5 -2014-09-05

Vulnerabilities classified as CWE-494 (下载代码缺少完整性检查) represent 101 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.