CWE-705: Incorrect Control Flow Scoping

Export to Word

Description

The product does not properly return control flow to the proper location after it has completed a task or detected an unusual condition.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase Note
Implementation N/A

Common Consequences

Potential Mitigations

Applicable Platforms

Demonstrative Examples

Intro: The following example attempts to resolve a hostname.

Body: A DNS lookup failure will cause the Servlet to throw an exception.

protected void doPost (HttpServletRequest req, HttpServletResponse res) throws IOException { String ip = req.getRemoteAddr(); InetAddress addr = InetAddress.getByName(ip); ... out.println("hello " + addr.getHostName()); }

Intro: This code queries a server and displays its status when a request comes from an authorized IP address.

Body: This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).

$requestingIP = $_SERVER['REMOTE_ADDR']; if(!in_array($requestingIP,$ipAllowList)){ echo "You are not authorized to view this page"; http_redirect($errorPageURL); } $status = getServerStatus(); echo $status; ...

Intro: Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.

Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { try { ... } catch (ApplicationSpecificException ase) { logger.error("Caught: " + ase.toString()); System.exit(1); } }

Notes

← Back to CWE list