1. Home
  2. CWE Database
  3. CWE-790
Class · High

CWE-790: Improper Filtering of Special Elements

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

CWE-790 · Class Level

Description

The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

Potential Impact

Integrity

Unexpected State

Demonstrative Examples

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
Bad
my $Username = GetUntrustedInput();$Username =~ s/\.\.\///;my $filename = "/home/user/" . $Username;ReadAndSendFile($filename);
Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:
Attack
../../../etc/passwd
will have the first "../" stripped, resulting in:
Result
../../etc/passwd
This value is then concatenated with the /home/user/ directory:
Result
/home/user/../../etc/passwd
which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).

CWE-138: Improper Neutralization of Special Elements

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special ele...

Frequently Asked Questions

What is CWE-790?

CWE-790 (Improper Filtering of Special Elements) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Class-level weakness. The product receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.

How can CWE-790 be exploited?

Attackers can exploit CWE-790 (Improper Filtering of Special Elements) to unexpected state. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-790?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-790?

CWE-790 is classified as a Class-level weakness (High abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.