Improper Neutralization
This vulnerability occurs when an application fails to properly validate or sanitize structured data before it's received from an external source or sent to another component. This allows malformed messages to be processed, which can lead to misinterpretation and security breaches.
At its core, this weakness is about failing to enforce data integrity. It happens when an application doesn't ensure that incoming or outgoing messages are correctly formatted and safe before processing. This is especially dangerous when data from an untrusted source can sneak into control instructions—like part of a database query or system command—instead of being treated as plain information. To prevent this, you need to implement 'neutralization' techniques. This means actively checking that data is already safe (validation), transforming it to make it safe (through encoding, escaping, or filtering), or using indirect selection methods to map external inputs to internal, controlled values. The goal is to stop malicious or malformed data from being processed in a way that compromises your system's security.
Impact: Other
- 3DEPRECATED: Technology-specific Environment Issues
- 7J2EE Misconfiguration: Missing Custom Error Page
- 43Path Equivalence: 'filename....' (Multiple Trailing Dot)
- 52Path Equivalence: '/multiple/trailing/slash//'
- 53Path Equivalence: '\multiple\\internal\backslash'
- 64Windows Shortcut Following (.LNK)
- 78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
- 79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- 83Improper Neutralization of Script in Attributes in a Web Page
- 84Improper Neutralization of Encoded URI Schemes in a Web Page
- 250Execution with Unnecessary Privileges
- 276Incorrect Default Permissions
- 277Insecure Inherited Permissions
- 278Insecure Preserved Inherited Permissions
- 279Incorrect Execution-Assigned Permissions
- 468Incorrect Pointer Scaling