目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-642 对关键状态数据的外部可控制 类漏洞列表 13

CWE-642 对关键状态数据的外部可控制 类弱点 13 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-642 指外部控制关键状态数据漏洞,属于安全配置缺陷。攻击者通过篡改存储在可访问位置的用户或系统关键状态信息,绕过预期逻辑以执行未授权操作或访问敏感资源。开发者应避免将此类数据置于公共可写区域,实施严格的访问控制与完整性校验,确保状态变更仅由可信内部流程触发,从而防止恶意修改。

MITRE CWE 官方描述
CWE:CWE-642 外部控制关键状态数据 英文:产品将其用户或产品自身的安全关键状态信息存储在非授权主体可访问的位置。 如果攻击者能够在未被检测到的情况下修改状态信息,则可能利用该信息执行未授权操作或访问意外资源,因为应用程序开发人员并未预期状态会被更改。状态信息可以存储在多种位置,例如 Cookie、隐藏 Web 表单字段、输入参数或参数、环境变量、数据库记录、设置文件中等。所有这些位置都有可能被攻击者修改。当此类状态信息用于控制安全性或确定资源使用时,可能会产生漏洞。例如,应用程序可能执行身份验证,然后将状态保存在一个包含“authenticated=true”的 Cookie 中。攻击者只需创建该 Cookie 即可绕过身份验证。
常见影响 (3)
Access ControlBypass Protection Mechanism, Gain Privileges or Assume Identity
An attacker could potentially modify the state in malicious ways. If the state is related to the privileges or level of authentication that the user has, then state modification might allow the user to bypass authentication or elevate privileges.
ConfidentialityRead Application Data
The state variables may contain sensitive information that should not be known by the client.
AvailabilityDoS: Crash, Exit, or Restart
By modifying state variables, the attacker could violate the application's expectations for the contents of the state, leading to a denial of service due to an unexpected error condition.
缓解措施 (5)
Architecture and DesignUnderstand all the potential locations that are accessible to attackers. For example, some programmers assume that cookies and hidden form fields cannot be modified by an attacker, or they may not consider that environment variables can be modified before a privileged program is invoked.
Architecture and DesignStore state information and sensitive data on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions. If information must be stored on the cli…
Architecture and DesignStore state information on the server side only. Ensure that the system definitively and unambiguously keeps track of its own state and user state and has rules defined for legitimate state transitions. Do not allow any application user to affect state directly in any way other than through legitimate actions leading to state transitions.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482]. With a stateless protocol such as HTTP, use some frameworks can maintain the state for you. Examples include ASP.NET View State and the OWASP ESAPI Session Management feature. Be careful of language features that provide state support, since these …
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
代码示例 (2)
In the following example, an authentication flag is read from a browser cookie, thus allowing for external control of user state data.
Cookie[] cookies = request.getCookies(); for (int i =0; i< cookies.length; i++) { Cookie c = cookies[i]; if (c.getName().equals("authenticated") && Boolean.TRUE.equals(c.getValue())) { authenticated = true; } }
Bad · Java
The following code uses input from an HTTP request to create a file name. The programmer has not considered the possibility that an attacker could provide a file name such as "../../tomcat/conf/server.xml", which causes the application to delete one of its own configuration files (CWE-22).
String rName = request.getParameter("reportName"); File rFile = new File("/usr/local/apfr/reports/" + rName); ... rFile.delete();
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2025-49090 Matrix 安全漏洞 — Matrix specification 7.1 High2025-10-02
CVE-2024-58265 snow crate 安全漏洞 — snow 3.1 Low2025-07-27
CVE-2025-54566 QEMU 安全漏洞 — QEMU 4.2 Medium2025-07-25
CVE-2024-8754 GitLab 安全漏洞 — GitLab 6.4 Medium2024-09-12
CVE-2024-22387 Gallagher Controller 6000和Gallagher Controller 7000 安全漏洞 — Controller 6000 and Controller 7000 6.8 Medium2024-07-11
CVE-2023-0575 Yugabyte YugabyteDB Managed 安全漏洞 — YugabyteDB 7.2 High2023-02-09
CVE-2022-22154 Juniper Networks Junos OS 安全漏洞 — Junos OS 6.8 Medium2022-01-19
CVE-2020-27872 NETGEAR R7450 安全漏洞 — R7450 8.8 -2021-02-04
CVE-2020-26186 Dell Inspiron 5675 BIOS 访问控制错误漏洞 — CPG BIOS 6.8 Medium2021-01-08
CVE-2020-1976 Palo Alto Networks GlobalProtect 输入验证错误漏洞 — GlobalProtect 4.7 Medium2020-02-12
CVE-2019-9496 hostapd 授权问题漏洞 — hostapd with SAE support 7.5 -2019-04-17
CVE-2018-15382 Cisco HyperFlex Software 安全漏洞 — Cisco HyperFlex HX-Series 8.6 -2018-10-05
CVE-2017-0928 html-janitor 安全漏洞 — html-janitor node module 5.4 -2018-06-04

CWE-642(对关键状态数据的外部可控制) 是常见的弱点类别,本平台收录该类弱点关联的 13 条 CVE 漏洞。