CWE-293 1 个 CVE MITRE 定义 ↗

CWE-293:Using Referer Field for Authentication

概览

CWE-293(Using Referer Field for Authentication)描述一种在漏洞数据库与安全评估中使用的弱点类型;定义、背景与映射 CVE 见下方各节。

安全影响
安全影响:因产品与场景而异;请结合 CVE 记录、严重度评分与 MITRE 说明进行优先级判断。

描述

The referer field in HTTP requests can be easily modified and, as such, is not a valid means of message integrity checking.

背景详情

来自 CWE 目录的扩展上下文(由 MITRE XHTML 渲染)。

The referer field in HTML requests can be simply modified by malicious users, rendering it useless as a means of checking the validity of the request in question.

适用平台

类型 名称 普遍性 OS / CPE
language Not Language-Specific Undetermined

本库相关 CVE

下列 CVE 在本库中映射到该弱点,并保留以便追溯与检索。

CVE 公开时间 摘要
CVE-2023-20025 2023-01-20 A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an aff…

内容提交

名称
CLASP
日期
2006-07-19
版本
Draft 3

内容修订

日期 名称 版本 重要性 评论
2008-09-08 CWE Content Team 1.0 updated Alternate_Terms, Background_Details, Common_Consequences, Relationships, Relevant_Properties, Taxonomy_Mappings
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Demonstrative_Examples, References, Relationships
2012-10-30 CWE Content Team 2.3 updated Demonstrative_Examples
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Modes_of_Introduction, Relationships, Relevant_Properties
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-03-15 CWE Content Team 4.4 updated References
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Relationships, Weakness_Ordinalities
cvelogic Threat Intelligence