ソスyソスソスソスpソスKソスCソスhソスz

CWE-78

Weakness ID:78(Weakness Base)

Status: Draft

OSソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソス

ソスソスソス

ソスソスソスソスvソスソス

ソスソスハコソスソスソス|ソス[ソスlソスソスソスgソスノゑソスソスOソスソスソスソスソスソスフ影ソスソスソスソスソスソスソスソスソスソスヘゑソスソスgソスpソスソスソスソスOS ソスRソス}ソスソスソスhソスフ全ソスソスソスAソスソスソスソスソスソスソスヘ一部ソスソスソス\ソスzソスソスソスソス\ソスtソスgソスEソスFソスAソスノゑソスソスソスソスト、ソスモ図ソスソスソスソス OS ソスRソス}ソスソスソスhソスフ会ソスソスソスソスソスツ能ソスネ要ソスfソスソスKソスリに厄ソスソスソスソスソスソスソスソスソスソスノ会ソスソスハコソスソスソス|ソス[ソスlソスソスソスgソスノ托ソスソスMソスソスソスソスロに費ソスソスソスソスソスソスソスニ弱性ソスナゑソスソスB

ソスレ細な会ソスソス

ソス{ソスニ弱性ソスヘ、Web ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ様ソスネ、ソスUソスソスソスメゑソスOSソスノ抵ソスソスレアソスNソスZソスXソスソスソスソスソスソスソスソスソスネゑソスソスツ具ソスソスナ費ソスソスソスソスソスソスAソスUソスソスソスメにゑソス闥シソスソスOS ソスノ対ゑソスソスト予ソスソスソスソスソスネゑソスソス険ソスネコソス}ソスソスソスhソスソスソスソスソスsソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソス{ソスニ弱性ソスソスソスソスソスソスソスソスソスソスソスツプソスソスソスOソスソスソスソスソスソスナ費ソスソスソスソスソスソスソスソス鼾ソスAソスUソスソスソスメゑソスソスハ擾ソスヘアソスNソスZソスXソスナゑソスソスネゑソスソスRソス}ソスソスソスhソスソスソスwソス閧キソスソスAソスワゑソスソスヘ攻ソスソスソスメゑソスソスソスソスソスソスネゑソスソスソスソスソスソスソスソスソスソスツ別のコソス}ソスソスソスhソスソスソストび出ソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスフコソス}ソスソスソスhソスヘ、ソスソスQソスフ深ソスソスソスソスソスソスソスソスソスソスソスVソスXソスeソスソスソスソスソスソスソスナ趣ソスソスsソスソスソスソス驍スソス゚、ソスUソスソスソスソスソスけゑソスソスvソスソスソスZソスXソスソスソスナ擾ソスソスソスソスソスソスフ鯉ソスソスソスソスソスソスソスソス轤オソスネゑソスソス鼾ソスAソス{ソスニ弱性ソスヘ更ソスノ深ソスソスソスネゑソスソスフとなゑソスワゑソスソスB

OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスノは擾ソスソスネゑソスソスニゑソスソスソスソズゑソスソスソスソスンゑソスソスワゑソスソスB

1) ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスソスソスソスフ趣ソスソスネ撰ソスソスソスvソスソスソスOソスソスソスソスソスソスソスソスソスsソスソスソスAソスソスソスソスソスニゑソスソスト外ソスソスソスソスソスヘゑソスソスgソスpソスソスソスソス鼾ソスBソス痰ヲソスホ、ソスvソスソスソスOソスソスソスソスソスヘシソスXソスeソスソスソスヨ撰ソス ("nslookup [HOSTNAME]") ソスソスソスgソスpソスソスソスソス nslookup ソスソスソスソスソスsソスソスソスAソスソスソスソスソスニゑソスソスト使ソスpソスソスソスソスソスHOSTNAME ソスノ対ゑソスソストソスソス[ソスUソスソスソスソスフ難ソスソスヘゑソスソスソスソスツゑソスソストゑソスソスワゑソスソスBソスUソスソスソスメゑソス nslookup ソスフ趣ソスソスsソスソスWソスQソスソスソス驍アソスニはでゑソスソスワゑソスソスが、ソスvソスソスソスOソスソスソスソスソスソスソスRソス}ソスソスソスhソスZソスpソスソスソス[ソス^ソスソス HOSTNAME ソスソスソスソス除ソスソスソスネゑソスソスソスソスソスソス鼾ソスA HOSTNAME ソスソスソスソスソスノ任ソスモのプソスソスソスOソスソスソスソスソスソスソスソスソスsソスソスソスソスソスソスZソスpソスソスソス[ソス^ソスソスソスソスヘゑソスソスAnslookup ソスフ終ソスソスソスソスノ趣ソスソスsソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB

2) ソスOソスソスソスソスソスヘにゑソスソスソスソスsソスソスソスソスvソスソスソスOソスソスソスソスソスソスRソス}ソスソスソスhソスソスIソスソスソスソスソスAOS ソスノ全ソスRソス}ソスソスソスhソスソスソスソスソス_ソスCソスソスソスNソスgソスソスソスソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ場合ソスB
ソス痰ヲソスホ、ソスソスソス[ソスUソスソスソスソスソスソスヘゑソスソス黷ス [COMMAND] ソスソス "exec ソスヨ撰ソス ([COMMAND])" ソスソスpソスソスソスト趣ソスソスsソスソスソスソスvソスソスソスOソスソスソスソスソスノゑソスソスソスソスト、COMMAND ソスソスソスUソスソスソスメの撰ソスソス芍コソスノゑソスソスソス鼾ソスAソスUソスソスソスメは任ソスモのコソス}ソスソスソスhソスソスvソスソスソスOソスソスソスソスソスソスソスソスソスsソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスRソス}ソスソスソスhソスソス exec() ソスソス CreateProcess() ソスフようソスネ関撰ソスソスナ趣ソスソスsソスソスソスソストゑソスソスソス鼾ソスノは、ソスソスソスソスソスsソスノ包ソスソスソスソスフコソス}ソスソスソスhソスソスソスLソスqソスナゑソスソスネゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスソスLソスソスソズゑソス OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスノは、ソスニ弱性ソスフ観点ソスノゑソスソスソスソスト厄ソスソスmソスネプソスソスソスOソスソスソスソスソスソスフエソスソスソス[ソスソスソスソスソスンゑソスソスワゑソスソスB
ソスソスソズ目にゑソスソスソスソスト、ソスソスソスsソスソスソスソスソスRソス}ソスソスソスhソスフ茨ソスソスソスソスニゑソスソスト信ソスソスソスナゑソスソスネゑソスソスソスOソスメゑソスソスソスフ難ソスソスヘゑソスソスけ難ソスソスソストゑソスソスワゑソスソスB
ソスソスソズ目にゑソスソスソスソスト、ソスMソスソスソスナゑソスソスネゑソスソスソスOソスメゑソスソスソスフコソス}ソスソスソスhソスヨのアソスNソスZソスXソスヘ具ソスソスロゑソスソストゑソスソスワゑソスソスソスソスAソスソスソス轤ュソスAソスUソスソスソスメゑソスソスソスソスヘでゑソスソスソスソスヨ包ソスソス@ソスソスソスソスソスソスソスソスソストゑソスソスワゑソスソスソスB

ソスハ厄ソス

ソスVソスFソスソスソスCソスソスソスWソスFソスNソスVソスソスソスソス
ソスVソスFソスソスソスソスソス^ソスLソスソスソスソスソスNソス^

ソスソスソス_ソスIソスネ補足

ソスuOS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスvソスニゑソスソスソスソスpソスソスフ指ソスソスソスソスソスソスソスモ厄ソスソスフ範囲は、ソスlソスノゑソスソスルなゑソスワゑソスソスB
ソスソスツは、ソスUソスソスソスメゑソスソスCソスモゑソス OS ソスRソス}ソスソスソスhソスソスソスソスソスsソスツ能ソスナゑソスソスソスSソストの攻ソスソスソスソスソスwソスソスソス鼾ソスBソスソスソスフ場合ソスナは、ソスUソスソスソスメの撰ソスソス芍コソスノゑソスソスソスvソスソスソスOソスソスソスソスソスソスソスソスソスソスソスAソスソスソスsソスソスソスソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスノゑソスソスソスソスソスソスNソスソスソスソスソスソスソス untrusted path weaknesses(CWE-426) ソスソスソスワみまゑソスソスB
ソスソスソスソスソスソスツは、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスソスソス艪キソスソスvソスソスソスOソスソスソスソスソスノゑソスソスソスソスト、ソスソスソスソスソスノ攻ソスソスソスメゑソスソスRソス}ソスソスソスhソスZソスpソスソスソス[ソス^ソスソス}ソスソスソスソスソスソスpソス^ソス[ソスソスソスフみゑソスソスwソスソスソス鼾ソスB

ソスソスソスソスソスソスソスAargument injection (CWE-88) ソスノゑソスソスソスソスト、ソスソスソスソスソスソスソスソスソスソスソスRソス}ソスソスソスhソスニゑソスソスト趣ソスソスsソスソスソスソス ソスu-execソスv ソスXソスCソスbソス`ソスiUNIX ソスフ「findソスv ソスRソス}ソスソスソスhソスネど)ソスフようソスネコソス}ソスソスソスhソスソスソスCソスソスソスXソスCソスbソス`ソスソスAソスRソス}ソスソスソスhソスソスソスCソスソスソスノ挿ソスソスソスソスソスソスソスIソスvソスVソスソスソスソスソスソスリゑソスヨゑソスソスソス鼾ソスネどゑソスソスソスソス驍スソス゚、OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフ抵ソス`ソスヘ包ソスソスGソスネ厄ソスソスニなゑソスソストゑソスソスワゑソスソスB
ソスソスツ目に具ソスソスソスソスソスソスソス`ソスフ場合ソスノは、 CWE-88 ソスソス CWE-78 ソスフ鯉ソスソスソスソスニなゑソスニ弱性ソスiprimary weaknessソスjソスナゑソスソスソスニ鯉ソスソスネゑソスソスソストゑソスソスワゑソスソスB

ソスニ弱性ソスフ費ソスソスソスソスソスソスソス

ソスAソス[ソスLソスeソスNソス`ソスソスソスyソスム設計
ソスソスソスソス

ソスYソスソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソス

ソスソスソスソス

ソスSソスソス

ソスソスハ的ソスネ影ソスソス

 

ソスeソスソスソスソスソスけゑソスヘ茨ソス ソスeソスソス
ソス@ソスソスソスソス
ソスソスソスSソスソス
ソスツ用ソスソス
ソスロ認ソスhソス~		 ソスZソスpソスIソスCソスソスソスpソスNソスgソスFソスソスソスツゑソスソスソストゑソスソスネゑソスソスRソス[ソスhソスソスRソス}ソスソスソスhソスフ趣ソスソスsソスADoSソスAcrash / exit / restartソスAソスtソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスフ読み搾ソスソスン、ソスソスソスソスソスソスAソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスfソス[ソス^ソスフ読み搾ソスソスン、ソスソスソスソスソスソス

ソスUソスソスソスメは使ソスpソスソスソスソスソスフなゑソスソスRソス}ソスソスソスhソスノゑソスソス\ソスtソスgソスEソスFソスAソス無鯉ソスソスソスソスソスソスソスソスソスAソスAソスNソスZソスXソスソスソスフなゑソスソスfソス[ソス^ソスソスヌみ搾ソスソスン、ソスソスソスソスソスすゑソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスUソスソスソスホ象のアソスvソスソスソスPソス[ソスVソスソスソスソスソスヘ攻ソスソスソスメに托ソスソスソスRソス}ソスソスソスhソスソスソスソスソスsソスソスソス驍スソス゚、ソスSソストの茨ソスソスモゑソスソスソスsソスソスソスヘアソスvソスソスソスPソス[ソスVソスソスソスソスソスソスAソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ擾ソスソスLソスメのゑソスソスフでゑソスソスソスニ鯉ソスソスネゑソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスUソスソスソスソスソスけゑソスツ能ソスソス

ソスソスソスソス

ソスソスソスoソスソスi

ソスソスソスソスソステ的ソスソスソスソス
ソス{ソスニ弱性ソスヘ趣ソスソスソスソステ的ソスソスソスヘにゑソスソスソスト鯉ソスソスoソスソスソスツ能ソスナゑソスソスBソスナ近のツソス[ソスソスソスフ托ソスソスソスソスヘ、ソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスナ擾ソスソスソスソスソスソス驍スソス゚に、ソスfソス[ソス^ソスtソスソスソス[ソスソスソスヘや制ソスソスxソス[ソスXソスフ技ソスpソスソスソスgソスpソスソスソストゑソスソスワゑソスソスB
ソスソスソスソスソステ的ソスソスソスヘは、ソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスソスソスKソスリに行ソスソスソストゑソスソスソス鼾ソスAソス痰ヲソスホ、ソスZソスLソスソスソスソスソスeソスBソスソスeソスソスソスフなゑソスソスxソスソスソスソスAソスRソス[ソスhソスフ変更ソスソスvソスソスソスソスソスソスxソスソスソスニゑソスソスソスソスソスソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスソスソスハでゑソスソスネゑソスソス鼾ソスソスソスソスソスソスワゑソスソスB
ソスソスソスソスソステ的ソスソスソスヘは、ソスソスソスソス OS ソスRソス}ソスソスソスhソスソスソストび出ソスソスソス謔、ソスネカソスXソス^ソスソス API ソスtソス@ソスソスソスNソスVソスソスソスソスソスソスAソスTソス[ソスhソスpソス[ソスeソスBソスフソスソスCソスuソスソスソスソスソスフ使ソスpソスソスソスソスソスoソスナゑソスソスネゑソスソス鼾ソスAソスソスソスソス API ソス窿会ソスCソスuソスソスソスソスソスフコソス[ソスhソスソスソスソスソスヘに使ソスpソスナゑソスソスネゑソスソス鼾ソスノゑソスソスソスソスト、ソスtソスHソス[ソスソスソスXソスlソスKソスeソスBソスuソスソスソスソスソスソスソスNソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソスソスソスフ趣ソスiソスノゑソスソスソスソスソス100ソスソスソスフ撰ソスソスxソスソスJソスoソス[ソスヘ不ソスツ能ソスネゑソスソス゚、ソスソスソスソスソスネ会ソスソスソスソスソスナはゑソスソスソスワゑソスソスソスB

ソスソスソスソスソスソスソスIソスソスソスソス
ソス{ソスニ弱性ソスヘ、ソスtソス@ソスYソスeソスXソスg(ソスtソス@ソスWソスソスソスO)ソスAソスソスソスoソスXソスgソスlソスXソスeソスXソスg(ソス謖抵ソスソスソスフテソスXソスg)ソスソスAソスtソスHソス[ソスソスソスgソスCソスソスソスWソスFソスNソスVソスソスソスソス(ソスGソスソスソス[ソスソスソスざソスニ起ソスソスソスソスソスeソスXソスg)ソスソスソスAソスソスソス多ソスlソスネ難ソスソスヘゑソスソスソスソスツ膨ソスソスネテソスXソスgソスPソス[ソスXソスソスソスgソスpソスソスソストソソスtソスgソスEソスFソスAソス分析ゑソスソスソスAソスソスソスIソスネツソス[ソスソスソスソスZソスpソスソスpソスソスソスト鯉ソスソスoソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソス\ソスtソスgソスEソスFソスAソスフ擾ソスソスソスソスソスソスxソスヘ低下ソスソスソスワゑソスソスソスソスAソスソスソスソスソスソスソスsソスソスソスソスノなゑソスソスソスソスソスAソスNソスソスソスbソスVソスソスソスソスソスソスAソスsソスソスソスmソスネ鯉ソスソスハゑソスソスoソスソスソスニゑソスソスソスソスソスソスソスソスニはゑソスソスソスワゑソスソスソスB

ソスLソスソスソスソスソスFソスソス

ソス闢ョソステ的ソスソスソスソス
ソス{ソスニ弱性ソスヘ通擾ソスAソスソスツのソソスtソスgソスEソスFソスAソスpソスbソスPソス[ソスWソスソスソスナは搾ソスソスpソスxソスナは費ソスソスソスソスソスソスネゑソスソスソスソス゚、ソスソスソスヤ的ソスソスソスソスフ抵ソスソスナ、ソスニ趣ソスネ可能ソスソスソスソスソスソスソス髀茨ソスソスソスフ全ソストゑソス]ソスソスソスソスソス驍アソスニゑソスソスツ能ソスネ場合ソスAソス闢ョソスノゑソスソスzソスソスソスCソスgソス{ソスbソスNソスXソスソス@ソスヘ十ソスソスソスネコソス[ソスhソスフ範囲ゑソスヤ暦ソスソスソスソスAソスtソスHソス[ソスソスソスXソス|ソスWソスeソスBソスuソスソスソスソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB

ソスLソスソスソスソスソスFソスソス

ソスニ趣ソスネコソス[ソスhソスソス

ソスソス 1:

 

ソスネ会ソスソスフ暦ソスヘ、ソスソスソス[ソスUソスソスソスソスソスヘゑソスソスソスhソスソスソスCソスソスソスソスソスノ対ゑソス DNS lookup ソスフ厄ソスソスソスソスソスSソスソス Web ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスナゑソスソスBOS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフ茨ソスツ目の趣ソズに包ソスソズゑソスソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスFPerl ソスiソスソスソスソスソスソスj 
use CGI qw(:standard);
$name = param('name');
$nslookup = "/path/to/nslookup";
print header;
if (open($fh, "$nslookup $name|")) {
while (<$fh>) {
print escapeHTML($_);
print "<br>¥n";
}
close($fh);
}

ソスUソスソスソスメゑソスソスネ会ソスソスフようソスネドソスソスソスCソスソスソスソスソスソスソスソスヘゑソスソスソスソスニ想ソス閧オソスワゑソスソスB

ソスiソスUソスソスソスj 
     cwe.mitre.org%20%3B%20/bin/ls%20-l

ソスfソスRソス[ソスhソスソスソスソスニ、"%3B" ソスソス ";" ソスノ、"%20ソスh ソスヘスソスyソス[ソスXソスニなゑソスAOpen() ソスヨ撰ソスソスヘ以会ソスソスフ様ソスノ包ソスソスソスソスソスソスソスソスソスソスソスソスソス驍アソスニになゑソスワゑソスソスB 
/path/to/nslookup cwe.mitre.org ; /bin/ls -l

ソスソスソスハ、ソスUソスソスソスメゑソス "/bin/ls -l" ソスニゑソスソスソスソスRソス}ソスソスソスhソスソスソスソスソスsソスソスソスAソスvソスソスソスOソスソスソスソスソスフソスソス[ソスLソスソスソスOソスfソスBソスソスソスNソスgソスソスソスノゑソスソスソスSソスtソス@ソスCソスソスソスフソスソスXソスgソスソスソスソス閧オソスワゑソスソスBソスソスソスフ難ソスソスヘは、ソスソスソスモゑソスソスソスvソスソスソスOソスソスソスソスソスソスソスTソス[ソスoソスノイソスソスソスXソスgソス[ソスソスソスソスソスソスネど、ソスソスソスソスノ危険ソスネコソス}ソスソスソスhソスノ置ソスソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスソス 2:

 

ソスネ会ソスソスフ暦ソスヘ、ソスVソスXソスeソスソスソスvソスソスソスpソスeソスBソスソスソスソスソスソスsソスソスソスソスVソスFソスソスソスXソスNソスソスソスvソスgソスフ厄ソスソスOソスソスヌみ搾ソスソスンまゑソスソスB OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフ難ソスツ目の趣ソズに包ソスソズゑソスソスソスワゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスFJava ソスiソスソスソスソスソスソスj 
String script = System.getProperty("SCRIPTNAME");
if (script != null)
System.exec(script);

ソスUソスソスソスメゑソスソスソスソスフプソスソスソスpソスeソスBソス制鯉ソスナゑソスソスソス鼾ソスAソス険ソスネプソスソスソスOソスソスソスソスソスソスソスwソスソスソスソスソスソスソス謔、ソスノプソスソスソスpソスeソスBソスソスソスソスソスソスソスすゑソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスソスソスソスソスソスソス黷スソスソスソスソス

 

ソスQソスソス ソスレ搾ソス
CVE-1999-0067 Canonical example. CGI program does not neutralize "|" metacharacter when invoking a phonebook program.
CVE-2001-1246 Language interpreter's mail function accepts another argument that is concatenated to a string used in a dangerous popen() call. Since there is no neutralization of this argument, both OS Command Injection (CWE-78) and Argument Injection (CWE-88) are possible.
CVE-2002-0061 Web server allows command execution using "|" (pipe) character.
CVE-2003-0041 FTP client does not filter "|" from filenames returned by the server, allowing for OS command injection.
CVE-2008-2575 Shell metacharacters in a filename in a ZIP archive
CVE-2002-1898 Shell metacharacters in a telnet:// link are not properly handled when the launching application processes the link.
CVE-2008-4304 OS command injection through environment variable.
CVE-2008-4796 OS command injection through https:// URLs
CVE-2007-3572 Chain: incomplete blacklist for OS command injection

 

ソスソスQソスフ緩和ソスソス

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス]ソスワゑソスソス@ソス\ソスソスソスト作成ソスソスソスソスロには、ソスツ能ソスネ鯉ソスソスソスOソスソスソスソスソスソスソスナはなゑソスソスソスソスCソスuソスソスソスソスソスRソス[ソスソスソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスTソスソスソスhソス{ソスbソスNソスXソスAJail
ソスvソスソスソスZソスXソスニオソスyソスソスソス[ソスeソスBソスソスソスOソスVソスXソスeソスソスソスフ間で鯉ソスソスdソスネ具ソスソスEソスソスソスソスソスソスソスソスソスソス "jail" ソスソスAソズ趣ソスソスソスソスソスTソスソスソスhソス{ソスbソスNソスXソスツ具ソスソスフ抵ソスソスナコソス[ソスhソスソスソスソスソスsソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスツ々ソスフデソスBソスソスソスNソスgソスソスソスノゑソスソスソスソストどのフソス@ソスCソスソスソスノ対ゑソスソスAソスNソスZソスXソスツ能ソスソスソスAソスソスソス驍「ソスヘ、ソスソスソスフソソスtソスgソスEソスFソスAソスノゑソスソスソストどのコソス}ソスソスソスhソスソスソスソスソスsソスツ能ソスソスソスソスソスソスソスハ的ソスノ撰ソスソスソスソスナゑソスソスワゑソスソスB
OSソスソスソスxソスソスソスフ暦ソスニゑソスソスト、Unix chroot jailソスAAppArmor ソスyソスソス SELinux ソスソスソスソスソスソスソスソスソスワゑソスソスBソスソスハ的ソスノ、ソス}ソスlソス[ソスWソスhソスRソス[ソスhソスヘゑソスソスソスソスツゑソスソスフ防ソスソス@ソス\ソスソス供ゑソスソスワゑソスソスBソス痰ヲソスホ、Java SecurityManager ソスフ趣ソスソスソス java.io.FilePermission ソスヘ、ソスtソス@ソスCソスソスソスソスソスソスソスノゑソスソスソスソス髏ァソスソスソスソスソスwソス閧キソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソスソスソスソスヘ、ソスソスソスソスソスツ能ソスネ会ソスソスソスソスソスナはなゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスワゑソスソスAソスIソスyソスソスソス[ソスeソスBソスソスソスOソスVソスXソスeソスソスソスヨの費ソスQソスソスソスソスソス閧キソス驍セソスソスソスナゑソスソスソスAソスcソスソスフアソスvソスソスソスPソス[ソスVソスソスソスソスソスヘ侵ソスQソスフ対象のままでゑソスソスB
CWE-243 ソスyソスムゑソスソスフ托ソスソスソス jail ソスノ関連ソスソスソスソスニ弱性ソスフ会ソスソスソスノは抵ソスソスモゑソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスFソスUソスソスソスハの難ソスソスソスニ縮ソスソス
ソスソスソスsソスソスソスソスRソス}ソスソスソスhソスフ撰ソスソスソスソスノ使ソスpソスソスソスソスfソス[ソス^ソスヘ、ソスナ托ソスソスソスAソスOソスソスソスソスソスソスフ撰ソスソスソスソスrソスソスソスソスソスト会ソスソスソスソスソスソスBWeb ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフ場合ソスノは、  ソスZソスbソスVソスソスソスソスソスソスヤゑソス hidden form ソスtソスBソス[ソスソスソスhソスナクソスソスソスCソスAソスソスソスgソスノ托ソスソスMソスソスソスソスソスソスソスノ、ソスfソス[ソス^ソスソスソスソスソス[ソスJソスソスソスノ保托ソスソスソスソス驍アソスニゑソスソスvソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

CWE-602 ソスソスhソスソスソスソスソス゚に、ソスNソスソスソスCソスAソスソスソスgソスソスソスナ行ソスソスソスソスSソストのセソスLソスソスソスソスソスeソスBソス`ソスFソスbソスNソスノゑソスソスソスソスト、ソスソスソスソスソスフチソスFソスbソスNソスソスソスTソス[ソスoソスソスソスナゑソスソスソスソスlソスノ行ソスソスソストゑソスソス驍アソスニゑソスソスmソスFソスソスソストゑソスソスソスソスソスソスソスソスBソスUソスソスソスメはチソスFソスbソスNソスソスソスsソスソス黷スソスソスソスニに値ソスソスソスソスソスソスソスすゑソスAソスソスソス驍「ソスヘチソスFソスbソスNソスソスソスソスソスSソスノ擾ソスソスソスソスソスソス驍アソスニで、ソスNソスソスソスCソスAソスソスソスgソスソスソスフチソスFソスbソスNソスソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスソスソスフ場合ソスAソスソスソスソスソスされたソスlソスソスソスTソス[ソスoソスノ托ソスソスMソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスF ソスソスソスCソスuソスソスソスソスソスAソスtソスソスソス[ソスソスソスソスソス[ソスN
ソス{ソスニ弱性ソスフ費ソスソスソスソスソスhソスソスソスAソスソスソス驍「ソスヘ本ソスニ弱性ソスソスソスソスソスソスソスソス竄キソスソスソス\ソスソスソスソス供ゑソスソスソスAソス\ソスソスソスノ鯉ソスソスソスソスソスソス黷スソスソスソスCソスuソスソスソスソスソスソスtソスソスソス[ソスソスソスソスソス[ソスNソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスB
ソスソスニゑソスソスト、ESAPI Encoding control ソスソズ趣ソスソスソスソスソスcソス[ソスソスソスAソスソスソスCソスuソスソスソスソスソスAソスtソスソスソス[ソスソスソスソスソス[ソスNソスソスソスソスソスソスソスソスソスワゑソスソスBソスgソスpソスソスソス驍アソスニにゑソスソスソスト、ソスGソスソスソス[ソスノなゑソスノゑソスソスソスソスソスソス@ソスナ出ソスヘゑソスソスGソスソスソスRソス[ソスhソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソス略ソスFソスoソスヘエソスソスソスRソス[ソスfソスBソスソスソスO
ソスソスソスXソスNソスソスソスソスeソスソスソスAソスソスソスIソスノ撰ソスソスソスソスソスソスソスソスNソスGソスソスソスソスRソス}ソスソスソスhソスソスソスgソスpソスソスソスソスKソスvソスソスソスソスソスソス鼾ソスノは、ソスKソスリに茨ソスソスソスソスソスソスNソスHソス[ソスgソスソスソスAソスソスソスソスソスノ含まゑソスソスソスソス齦カソスソスソスソスソスGソスXソスPソス[ソスvソスソスソスト会ソスソスソスソスソスソスBソスナゑソスソスTソスdソスネ趣ソス@ソスニゑソスソスト、ソスソスソスノ鯉ソスソスdソスネホソスソスソスCソスgソスソスソスXソスgソスソスハ過ゑソスソスネゑソスソスSソストの包ソスソスソスソスノつゑソスソスト、ソスGソスXソスPソス[ソスvソスソスソスヘフソスBソスソスソス^ソスソスソスソスソスOソスソスソスsソスソス(ソスpソスソスソスソスソスネ外ソスフ全ソストの包ソスソスソスソスソス白難ソス)ソスソスソスニゑソスソスソスソスソスソスソスソスワゑソスソスBソス白難ソスソスフ難ソスソス齦カソスソスソスフ使ソスpソスソスソスKソスvソスネ場合ソスヘ、ソスGソスXソスPソス[ソスvソスソスソスヘフソスBソスソスソス^ソスソスソスソスソスOソスフ擾ソスソスソスソスソスAソスソスソス黷シソスソスフ茨ソスソスソスソスソスソスNソスHソス[ソスgソスナ囲ゑソスソストゑソスソスソスソスソスソスソスソスBargument injectionソスiCWE-88ソスjソスフ脆弱性ソスソスソスソスソスソスソスソスソスネゑソスソス謔、ソスソスソスモゑソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスソスソスsソスソスソスソスvソスソスソスOソスソスソスソスソスソスソスAソスソスソスヘフソス@ソスCソスソスソスワゑソスソスヘ標ソスソスソスソスソスヘにゑソスソスソスソスソスソスwソスソスソスソスソスソスツゑソスソストゑソスソスソス鼾ソスAソスRソス}ソスソスソスhソスソスソスCソスソスソスフ托ソスソスソスノ茨ソスソスソスソスソスnソスソスソスソスソス[ソスhソスフ暦ソスソスpソスソスソスソスソスソスソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスFソスpソスソスソスソスソス[ソス^ソスソス
ソスツ能ソスナゑソスソスソスホ、ソスソスソスソスソスIソスノデソス[ソス^ソスニコソス[ソスhソスヤの包ソスソスソスソスソスソスソスソスソスソスソスソスソス謔、ソスネ、ソス\ソスソスソスソスソスソスソス黷スソスdソスgソスンゑソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスB
ソスソスソスフようソスネ仕ソスgソスンにゑソスソスAソスJソスソスソスメゑソスソス闢ョソスナ行ソスソスソスソスソスソスノ、ソスoソスヘゑソスソスソスソスソスソスソスソスソスソスSソストの箇擾ソスソスノ、ソスヨ連ソスソスソスソスソスソスpソスAソスGソスソスソスRソス[ソスhソスAソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスフ機ソス\ソスソスソスソスソスソスソスIソスノ提供ゑソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソスソスソスソスノゑソスソスソストはコソス}ソスソスソスhソスソスソストび出ソスソスソスヨ撰ソスソスソスソスソスソスソスソス供ゑソスソスソストゑソスソスワゑソスソスBソスツ能ソスナゑソスソスソスホ、ソスソスsソスフ包ソスソスソスソスソスソスソスgソスpソスソスソスソスRソス}ソスソスソスhソスVソスFソスソスソスソスソストび出ソスソスソスヨ撰ソスソスソスソスソス閧オソスAソスソスソスフ関撰ソスソスソスソスツ別の茨ソスソスソスソスソスKソスvソスニゑソスソスソスヨ撰ソスソスノ置ソスソスソスソスソスソスソスト会ソスソスソスソスソスソスBソスソスハ的ソスノゑソスソスソスソスフ関撰ソスソスヘ、ソスソスソスソスソスノ適ソスリなクソスHソス[ソスgソスソスKソスpソスソスソスAソスKソスリなフソスBソスソスソス^ソスソスソスソスソスOソスソスソスソスソス{ソスソスソスワゑソスソスB
ソス痰ヲソスホ、Cソスソスソスソスナは、system() ソスヨ撰ソスソスヘ趣ソスソスsソスソスソスソスソスSソストのコソス}ソスソスソスhソスソスソスワむ包ソスソスソスソスソスソスソスけ付ソスソスソスワゑソスソスBソスソスソスソスナ、execl()ソスAexecve()ソスソスソスフ関撰ソスソスヘ、ソスeソスソスソスソスソスノ包ソスソスソスソスソスフ配ソスが必ソスvソスナゑソスソスBWindows ソスナは、CreateProcess() ソスヘ茨ソスxソスノ茨ソスツのコソス}ソスソスソスhソスソスソスソスソスけ付ソスソスソスワゑソスソスソスBPerl ソスナは、 system() ソスノ対ゑソスソスト、ソスソスソスソスソスフ配ソスが提供ゑソスソスソスソス鼾ソスAソスeソスソスソスソスソスノクソスHソス[ソスgソスソスKソスpソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソス略ソスF ソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスN
ソスSソストの難ソスソスヘは茨ソスソスモのゑソスソスソスソスソスフと想ソス閧オソストゑソスソスソスソスソスソスソスソスBソスdソスlソスノ鯉ソスソスソスソスノ従ソスソスソスソスソスツゑソスソスソスソスソスヘのホソスソスソスCソスgソスソスソスXソスgソスソスソスgソスpソスソスソス體呻ソスAソスソスソスmソスフ受け難ソスソスソスソスソストゑソスソスソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスソス@ソスソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスdソスlソスノ費ソスソスソスソスソスソスソスヘゑソスソスソスソスロゑソスソスソスAソスソスソス驍「ソスヘ難ソスソスヘゑソスソスdソスlソスノ適ソスソスソスソスソスソス`ソスノ変会ソスソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスuソスソスソスbソスNソスソスソスXソスgソスノ依托ソスソスソスソストゑソスソスワゑソスソスソスソスAソスソスソスモのゑソスソスソスAソスソスソス驍「ソスヘ不ソスソスソスネ難ソスソスヘゑソスTソスソスソスソスソスニのみに暦ソスソスソスネゑソスソスナゑソスソスソスソスソスソスソスソスBソスソスソスソスソスソスソスAソスuソスソスソスbソスNソスソスソスXソスgソスヘ予ソスソスソスソスソスソスソスUソスソスソスフ鯉ソスソスmソスソスAソスソスソスソスソスソスソスノ具ソスソスロゑソスソスソスラゑソスソスsソスソスソスネ難ソスソスヘゑソスソスソスソス閧キソスソスロに役立ゑソスソスワゑソスソスB

ソスソスソスヘ値ソスフ妥難ソスソスソスソスソスソス`ソスFソスbソスNソスソスソスソスロ、ソスヨ連ソスソスソスソスソスソスソスネ全ソストの要ソスfソスiソスソスソスソスソスAソスソスソスヘタソスCソスvソスAソスソスソスeソスソスソスソスlソスフ範囲、ソスソスソスヘの過不ソスソスソスAソス\ソスソスソスAソスヨ連ソスソスソスソスtソスBソス[ソスソスソスhソスヤの茨ソスム撰ソスソスAソスyソスムビソスWソスlソスXソスソスソス[ソスソスソスフ茨ソスvソスAソスソスソスjソスノつゑソスソスト考ソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスrソスWソスlソスXソスソスソス[ソスソスソスフ暦ソスニゑソスソスト、"boat" ソスヘ英ソスソスソスソスソスソスソスソスソスワまなゑソスソスソスソス゚構ソスソスソスIソスノ有ソスソスソスナゑソスソスソスソスAソスソスソスソスソスJソスソスソスメゑソス "red" ソスソス "blue" ソスフようソスネ色ソスフ厄ソスソスOソスソスzソス閧キソスソス鼾ソスノは有ソスソスソスナはなゑソスソスAソスニゑソスソスソスソスソスソスWソスbソスNソスソスソスソスソスソスソスソスソスワゑソスソスB

OS ソスRソス}ソスソスソスhソスソスソス\ソスzソスソスソスソスロ、ソスソスソスNソスGソスXソスgソスフパソスソスソスソスソス[ソス^ソスニゑソスソスト想ソス閧キソスソスlソスノ奇ソステゑソスソスソスソスソスソスZソスbソスgソス制鯉ソスソスソスソスソス謔、ソスネ、ソスソスソスソスソスソスソスzソスソスソスCソスgソスソスソスXソスgソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスヤ接的ソスノ攻ソスソスソスフ範囲ゑソスソスソスソス閧キソス驍アソスニゑソスソスツ能ソスナゑソスソスソスソスAソスKソスリな出ソスヘエソスソスソスRソス[ソスhソスyソスムエソスXソスPソス[ソスvソスニ費ソスrソスソスソスソスニ緩和ソスソスニゑソスソストの重ソスvソスxソスヘ会ソスソスソスソスソスワゑソスソスB

ソスKソスリな出ソスヘのエソスソスソスRソス[ソスhソスAソスGソスXソスPソス[ソスvソスAソスNソスHソス[ソスgソスヘ、OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスソスhソスソスソスソスソス゚に最ゑソスソスソスソスハ的ソスネ会ソスソスソスソスソスナゑソスソスソスフに対ゑソスソスAソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスヘ托ソスソスwソスhソスソスソス供ゑソスソスソスソスソスフでゑソスソス驍アソスニに抵ソスソスモゑソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスヘ、ソスソスソスロに出ソスヘゑソスソスソスソスソスソスeソスソスソスソスソスハ的ソスノ撰ソスソスソスソスソスソス驍ゥソスソスナゑソスソスBソスソスソスヘの妥難ソスソスソスソスフチソスFソスbソスNソスソスソスソスソスソスOSソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスソスhソスソスソスソスけソスナはゑソスソスソスワゑソスソスソスBソスソスソスノ、ソスCソスモの難ソスソスeソスソスソスソスソスRソスノ難ソスソスヘ可能ソスネテソスLソスXソスgソスtソスBソス[ソスソスソスhソスフサソス|ソス[ソスgソスソスKソスvソスニゑソスソスソス鼾ソスヘ搾ソスソスソスノなゑソスワゑソスソスBソス痰ヲソスソスOSソスRソス}ソスソスソスhソスニゑソスソストソスソス[ソスソスソスvソスソスソスOソスソスソスソスソスソスソストび出ソスソスソスロには、";" ソスソス ">" ソスフようソスノ、ソスソスソスフプソスソスソスOソスソスソスソスソスナは危険ソスソスソスフゑソスソスソスソスソスヘゑソスソスワむ鯉ソスソスソスソスtソスBソス[ソスソスソスhソスソスソスソスソスツゑソスソスソスKソスvソスソスソスソスソス驍スソス゚、ソスGソスXソスPソス[ソスvソス竄サソスフ托ソスソスフ包ソスソス@ソスナ擾ソスソスソスソスソスソスネゑソスソスソスホなゑソスワゑソスソスソスBソスソスソスフ場合ソスAソス険ソスネ包ソスソスソスソスフ削除ソスノゑソスソスAOS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフソスソスXソスNソスソスソスソスソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスソスソスAソスソスソス[ソスソスソスフ鯉ソスソスソスソスソスソスソスソス[ソスUソスフ意図ソスソスソスソスソスハゑソスナはなゑソスソスソスソス゚、ソスsソスソスソスmソスネふゑソスワゑソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスラな厄ソスソスノ鯉ソスソスソスソスワゑソスソスソスソスAソスソスソスフ厄ソスソスヘ、ソスソスソスフコソスソスソス|ソス[ソスlソスソスソスgソスヨソスソスbソスZソス[ソスWソスソスソスソスソスソスソスnソスソスソスソスソス゚に、ソスvソスソスソスOソスソスソスソスソスソスソス\ソスソスソスソスソスソスソス黷スソスソスソス[ソスソスソスフ鯉ソスソスソスソスノ依托ソスソスソスソストゑソスソスソス鼾ソスノ重ソスソスネ厄ソスソスヨと費ソスソスWソスソスソスワゑソスソスB

ソスソスソスヘの妥難ソスソスソスソス`ソスFソスbソスNソスノミソスXソスソスソスソスソスソス鼾ソスノゑソスソスiソス痰ヲソスソス 100 ソスフ難ソスソスヘフソスBソス[ソスソスソスhソスフゑソスソスソス 1 ソスツゑソスソスソスソス`ソスFソスbソスNソスソスYソスソストゑソスソスワゑソスソスソスソスjソスAソスKソスリなエソスソスソスRソス[ソスhソスソスソスCソスソスソスWソスFソスNソスVソスソスソスソスソスUソスソスソスソスソスソスフ保鯉ソスニなゑソスナゑソスソス蛯、ソスBソスソスソスヘの妥難ソスソスソスソスフチソスFソスbソスNソスヘ使ソスソスソス竄キソスソスソスソス@ソスナゑソスソスソスAソスUソスソスソスソスソスソスソスツ能ソスソスソスソス蛯ォソスソスソスソスソス轤オソスAソスUソスソスソスソスソスソスソスoソスソスソスAソスKソスリなエソスソスソスRソス[ソスfソスBソスソスソスOソスソスソスsソスソスソスネゑソスソス鼾ソスノゑソスソスソスソスハゑソスソスソスソス體呻ソスフ暦ソスソス_ソスソスソスソスソスソスワゑソスソスソスソスAソスソスソスソスPソスフで独暦ソスソスソスソスト使ソスソスソスソスソス@ソスナゑソスソスソスワゑソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソス略ソスF ソスマ奇ソスソスノゑソス驪ュソスソス
ソスtソス@ソスCソスソスソスソスソスソスURLソスフようソスネ擾ソスソスソスソスノ適ソスソスソスソスソスソスIソスuソスWソスFソスNソスgソスソスソスソスソスソスソスソスソスソストゑソスソスソス鼾ソスAソスソスソス驍「ソスヘ奇ソスソスmソスナゑソスソスソス鼾ソスAソスナ定しソスソスソスソスソスヘ値ソスiソスソスソスソスソスソスIDソスソスソスjソスソスソスソスソスソスロのフソス@ソスCソスソスソスソスソスソスURLソスフマソスbソスsソスソスソスOソスソスソス成ソスソスソスAソスソスソスソスネ外ソスフ難ソスソスヘゑソスソスソスソスロゑソスソストゑソスソスソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスRソスソスソスpソスCソスソスソスAソスrソスソスソスhソスフ具ソスソスソス
Perl ソスソス ソスu-Tソスv ソスXソスCソスbソス`ソスソスソスAソスソスソスソスソスソスソスoソス@ソス\ソスソスソスソスソスソスソスソスソスsソスソスソスAソスソスソスソスソスソスソス黷スソスマ撰ソスソスソスソスワむコソス}ソスソスソスhソスフ趣ソスソスsソスソスhソスソスソスツ具ソスソスナコソス[ソスhソスソスソスソスソスsソスソスソスト会ソスソスソスソスソスソスBソスソスソスソスト危険ソスソスソスソスソスソスソスソスソスソスヘに対ゑソスソスト、ソスソスソスソスソスソスソスソストゑソスソスネゑソスソスニゑソスソスソスソスがつゑソスソスネゑソスソス謔、ソスノ撰ソスソスmソスノ難ソスソスヘの妥難ソスソスソスソスソスソスmソスFソスソスソスソス謔、ソスノ抵ソスソスモゑソスソスネゑソスソスソスホなゑソスワゑソスソスが、ソスソスソスソスソスソスソス黷スソスマ撰ソスソスソスソスソス闖懶ソスソスソスソスソス゚の妥難ソスソスソスソスソスソスmソスFソスソスソスソスXソスeソスbソスvソスソスソスソスソスソスソスIソスノ趣ソスソスsソスソスソスト会ソスソスソスソスソスソスBソスiCWE-183ソスACWE-184ソスソスソスソスソスQソスニ会ソスソスソスソスソスソスj

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスGソスソスソス[ソスソスソスbソスZソス[ソスWソスソスソスホ象となゑソスヌ者にとゑソスソストのみ有ソスvソスネ、ソスナ擾ソスソスソスソスフ詳細擾ソスしゑソスソスワまなゑソスソスソスソスニゑソスソスmソスFソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスbソスZソス[ソスWソスヘ適ソスxソスノ曖ソスソスソスノなゑソス謔、ソスoソスソスソスソスソスXソスソスソスソスソスKソスvソスソスソスソスソスソスワゑソスソスBソスGソスソスソス[ソスソスソスeソス判別ゑソスソスソスソスソス@ソスソスソスソスソスJソスソスソスソスKソスvソスヘ必ソスソスソスソスソスソスソスソスソスソスワゑソスソスソスBソスソスソスフようソスネ詳細擾ソスソスヘ攻ソスソスソスソスソスソスソスソスソスソスソスソス@ソスソス増やすソスソスソス゚の攻ソスソスソスソス@ソスフ会ソスソスヌに暦ソスソスpソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスソスソスソスソスAソスGソスソスソス[ソスソスソスレ細ゑソスヌ跡ゑソスソスソスKソスvソスソスソスソスソスソス鼾ソスAソスソスソスOソスソスソスbソスZソス[ソスWソスノ記ソス^ソスソスソスソス謔、ソスノゑソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスソスソスソスAソスUソスソスソスメゑソスソスソスソスOソスソスソスbソスZソス[ソスWソスソスソス{ソスソスソスツ能ソスナゑソスソスソス鼾ソスノ会ソスソスソスソスNソスソスソス驍ゥソスソスソスlソスソスソスソスソストゑソスソスソスソスソスソスソスソスBソスヌゑソスネ形ソスソスソスナゑソスソスソスソストゑソスソスpソスXソスソスソス[ソスhソスフようソスネ極費ソスソスが記ソス^ソスソスソスソス驍アソスニは費ソスソスソスソスソスラゑソスソスナゑソスソスBソスワゑソスソスAソスソスソス[ソスUソスソスソスソスソスLソスソスソスソスソスロゑソスソスニゑソスソスソスソスソスソスAソスUソスソスソスメに難ソスソスソスソスフ構ソスソスソスソスソスルのめゑソスソスソスソストゑソスソスワゑソスソス謔、ソスネ、ソスソスム撰ソスソスフなゑソスソスソスソスbソスZソス[ソスWソスノなゑソスネゑソスソス謔、ソスソスソスソスソストゑソスソスソスソスソスソスソスソスB

OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフ背ソスiソスノゑソスソスソスソスト、ソスソスソス[ソスUソスノ戻ゑソスソスソスソスGソスソスソス[ソスソスソスノゑソスソスソスト、OS ソスRソス}ソスソスソスhソスソスソスソスソスsソスソスソスソストゑソスソス驍ゥソスロゑソスソスAソス鼾ソスノゑソスソスソストはどのコソス}ソスソスソスhソスソスソスgソスpソスソスソスソストゑソスソス驍ゥソスソスソスソスソスJソスソスソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスTソスソスソスhソス{ソスbソスNソスXソスAJail
ソスソスソスツゑソスソスソスRソス}ソスソスソスhソスフホソスソスソスCソスgソスソスソスXソスgソスソスソスソス驍スソス゚にソスソスソスソス^ソスCソスソスソス|ソスソスソスVソス[ソスソスソスgソスpソスソスソスAソスzソスソスソスCソスgソスソスソスXソスgソスノ掲ソスレゑソスソスソストゑソスソスネゑソスソスRソス}ソスソスソスhソスフ使ソスpソスソスhソスソスソスナ会ソスソスソスソスソスソスBAppArmor ソスソスソスフ技ソスpソスソスソスLソスソスソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスtソス@ソスCソスAソスEソスHソス[ソスソス
ソス{ソスニ弱性ソスノ対ゑソスソスソスUソスソスソスソスソスソスソスmソスソスソスソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスソスソスgソスpソスソスソストゑソスソスソスソスソスソスソスソスBソスソスOソスメゑソスソスソスソスしソスソスソス\ソスtソスgソスEソスFソスAソスナゑソスソス驍スソス゚コソス[ソスhソスソスソスCソスソスソスナゑソスソスネゑソスソス鼾ソスネどに、ソスソス闡搾ソスソスソスIソスネソソスtソスgソスEソスFソスAソスフ保証趣ソスiソスニなるたソス゚、ソスル急ソスソスソスソスソスニゑソスソスト、ソスワゑソスソスヘ托ソスソスwソスhソスソスフ目的ソスニゑソスソスト鯉ソスソスハ的ソスナゑソスソスB

ソスLソスソスソスソスソスFソスソス
ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスヘ全ソストの難ソスソスヘベソスNソス^ソス[ソスソスヤ暦ソスソスソスソス驍アソスニゑソスソスナゑソスソスネゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスソスソスソスソスト、ソスソスソスヘゑソスソスソスソスリゑソスソス髀茨ソスソスソスノ対ゑソスソスト不ソスソスソスネ形ソスソスソスフ難ソスソスヘにゑソスソスAソスhソス艫ソスJソスjソスYソスソスソスソスソスIソスすゑソス謔、ソスネ行ソスラゑソスソスツ能ソスナゑソスソスBソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスtソス@ソスCソスAソスEソスHソス[ソスソスソスフ機ソス\ソスノゑソスソスソストは、ソスsソスpソスモに撰ソスソスソスソスネソスソスNソスGソスXソスgソスソスソスソスソスロ、ソスワゑソスソスヘ修ソスソスソスソスソストゑソスソスワゑソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソスナ終ソスIソスノ、ソス闢ョソスノゑソスソスJソスXソス^ソス}ソスCソスYソスソスソスKソスvソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
ソスKソスvソスネタソスXソスNソスソスソスソスソスsソスソスソス驍スソス゚に具ソスソス゚ゑソスソスソスナ擾ソスソスソスソスフ鯉ソスソスソスソスソスソスgソスpソスソスソストコソス[ソスhソスソスソスソスソスsソスソスソストゑソスソスソスソスソスソスソスソスBソスツ能ソスナゑソスソスソスホ、ソスソスツのタソスXソスNソスフみに使ソスpソスソスソスソスソスAソスソスソスソスソスソスソスソスソス閧オソスソスソスPソスニのアソスJソスEソスソスソスgソスソスソス成ソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスUソスソスソスソスソスソスソスソスソスソスソスソスソス鼾ソスナゑソスソスAソスソスソスソスソスノ托ソスソスフソソスtソスgソスEソスFソスAソス竄サソスフ環具ソスソスヨアソスNソスZソスXソスソスソスソス驍アソスニは防ソスソスソスソスソスニゑソスソスナゑソスソスワゑソスソスBソス痰ヲソスホ、ソスソスソスノ難ソスソスソスIソスネオソスyソスソスソス[ソスVソスソスソスソスソスノゑソスソスソスソスト、ソス゚ゑソスソスソスソスノデソス[ソス^ソスxソス[ソスXソスフ管暦ソスソスメ鯉ソスソスソスソスソスKソスvソスニゑソスソスネゑソスソスfソス[ソス^ソスxソス[ソスXソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスソスソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスIソスyソスソスソス[ソスVソスソスソスソスソスソスソスソスム趣ソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
PHP ソスソスソスgソスpソスソスソストゑソスソスソス鼾ソスヘ、register_globals ソスソスソスgソスpソスソスソスネゑソスソス謔、ソスノアソスvソスソスソスPソス[ソスVソスソスソスソスソスソスン定しソストゑソスソスソスソスソスソスソスソスBソスソスソスソスソスノゑソスソスソスソストは、ソスソスソスフ機ソス\ソスノ暦ソスソスソスネゑソスソス謔、ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスJソスソスソスソスソストゑソスソスソスソスソスソスソスソスBregister_globals ソスフ類趣ソスソス@ソス\ソスフ趣ソスソスソスソスノゑソスソスソスソストゑソス CWE-95ソスACWE-261 ソスyソスム類趣ソスソスソスソスソスニ弱性ソスフ対象となゑソスネゑソスソス謔、ソスxソスソスソスソスソストゑソスソスソスソスソスソスソスソスB

ソスヨ係ソスソス

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Weakness Class 77 Improper Neutralization of Special Elements used in a Command ('Command Injection') Development Concepts (primary)699
Research Concepts (primary)1000
ChildOf Category 634 Weaknesses that Affect System Processes Resource-specific Weaknesses (primary)631
ChildOf Category 714 OWASP Top Ten 2007 Category A3 - Malicious File Execution Weaknesses in OWASP Top Ten (2007) (primary)629
ChildOf Category 727 OWASP Top Ten 2004 Category A6 - Injection Flaws Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf Category 741 CERT C Secure Coding Section 07 - Characters and Strings (STR) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf Category 744 CERT C Secure Coding Section 10 - Environment (ENV) Weaknesses Addressed by the CERT C Secure Coding Standard734
ChildOf Category 751 2009 Top 25 - Insecure Interaction Between Components Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
ChildOf Category 801 2010 Top 25 - Insecure Interaction Between Components Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800
ChildOf Category 810 OWASP Top Ten 2010 Category A1 - Injection Weaknesses in OWASP Top Ten (2010)(primary)809
CanAlsoBe Weakness Base 88 Argument Injection or Modification Research Concepts1000
MemberOf View 630 Weaknesses Examined by SAMATE Weaknesses Examined by SAMATE (primary)630
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Weakness Base 184 Incomplete Blacklist Research Concepts1000

 

ソスvソスソスソスソスソスソスソスソス ソスiCWE ソスフ鯉ソスソスソスソスj

argument injection (CWE-88) ソスフ機ソス\ソスソスソスワめ、OS ソスRソス}ソスソスソスhソスCソスソスソスWソスFソスNソスVソスソスソスソスソスフ変趣ソスソスソスソスハゑソスソス驍スソス゚に、ソスソスwソスフ抵ソスソスソスソスソスソスKソスvソスナゑソスソスBソスソスソスlソスフ具ソスハは、SQL ソスCソスソスソスWソスFソスNソスVソスソスソスソスソスソスソスAソスソスソスフ托ソスソスフイソスソスソスWソスFソスNソスVソスソスソスソスソスヨ連ソスフ厄ソスソスノゑソスソスソスソスンゑソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスeソスソスソスソスソスけゑソスVソスXソスeソスソスソスソスソス\ソス[ソスX

ソスVソスXソスeソスソスソスvソスソスソスZソスX

ソス@ソス\ソスソスソスソス

ソスvソスソスソスOソスソスソスソスソスフ呼び出ソスソス

ソスソスソスgソスDソスナの包ソスソスソス

 

ソスgソスDソスソスソスワゑソスソスヘ組ソスDソスナの包ソスソスソス ソスmソス[ソスh ID CWEソスフ包ソスソズとの適ソスソスソスx ソスソスソズ厄ソス
PLOVER OS Command Injection
OWASP Top Ten 2007 A3 CWEソスソスソスレ搾ソス Malicious File Execution
OWASP Top Ten 2004 A6 CWEソスソスソスレ搾ソス Injection Flaws
CERT C Secure Coding ENV03-C Sanitize the environment when invoking external programs
CERT C Secure Coding ENV04-C Do not call system() if you do not need a command processor
CERT C Secure Coding STR02-C Sanitize data passed to complex subsystems
WASC 31 OS Commanding

 

ソスヨ連ソスソスソスソスUソスソスソスpソス^ソス[ソスソス

 

CAPEC-ID ソスUソスソスソスpソス^ソス[ソスソスソスソス (CAPEC Version 1.5)
15 Command Delimiters
43 Exploiting Multiple Input Interpretation Layers
88 OS Command Injection
6 Argument Injection
108 Command Line Execution through SQL Injection

 

ソスzソスソスソスCソスgソス{ソスbソスNソスXソスフ抵ソス`

ソスRソス[ソスhソスpソスXソスソスソスネ会ソスソスフ擾ソスソスソスソス満ゑソスソスソスソスニ弱性
  1. ソスJソスnソスXソスeソス[ソスgソスソスソスソスソスgソスナ難ソスソスヘゑソスソスけ付ソスソスソスソス鼾
  2. ソスネ会ソスソスフ擾ソスソスソスソス満ゑソスソスソスソスIソスソスソスXソスeソス[ソスgソスソスソスソスソスgソスソス OS ソスRソス}ソスソスソスhソスソスソスソスソスsソスソスソスソス鼾
        ソスEソスソスソスヘゑソス OS ソスRソス}ソスソスソスhソスフ一部ソスナゑソスソスソスAソス]ソスワゑソスソスソスソスネゑソスOSソスRソス}ソスソスソスhソスナゑソスソスソス鼾
ソスソスソスソスLソスフ「ソス]ソスワゑソスソスソスソスネゑソスソスvソスニは、ソスネ会ソスソスフ擾ソスヤゑソスソスwソスソスソスワゑソスソスB
  1. ソスソスソスリゑソスソスソストゑソスソスネゑソス
  2. ソスソスソスソスソスソスソスソス@ソスナ鯉ソスソスリゑソスソスソストゑソスソスソス

ソスQソスソス

G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. 2004-02. 
Pascal Meunier. "Meta-Character Vulnerabilities". 2008-02-20. <http://www.cs.purdue.edu/homes/cs390s/slides/week09.pdf>.
Robert Auger. "OS Commanding". 2009-06. <http://projects.webappsec.org/OS-Commanding>.
Lincoln Stein and John Stewart. "The World Wide Web Security FAQ". chapter: "CGI Scripts". 2002-02-04. <http://www.w3.org/Security/Faq/wwwsf4.html>.
Jordan Dimov, Cigital. "Security Issues in Perl Scripts". <http://www.cgisecurity.com/lib/sips.html>.
[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 10: Command Injection." Page 171. McGraw-Hill. 2010. 
Frank Kim. "Top 25 Series - Rank 9 - OS Command Injection". SANS Software Security Institute. 2010-02-24. <http://blogs.sans.org/appsecstreetfighter/2010/02/24/top-25-series-rank-9-os-command-injection/>.

ソスXソスVソスソスソスソス

[2011ソスN04ソスソス21ソスソス]
  2010ソスN10ソスソス12ソスソスソスソスソス_ソスフデソス[ソス^ソスソスソスソスソスノ更ソスV
[2009ソスN06ソスソス29ソスソス]
  2009ソスN02ソスソス02ソスソスソスソスソス_ソスフ会ソスソスL URL ソスソスソスソスソスノ作成
    http://cwe.mitre.org/data/definitions/78.html

ソスoソス^ソスソス 2011/04/21

ソスナ終ソスXソスVソスソス 2024/11/01

OSZAR »