Page History

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="18e289e61fe09f70-7cdb2f6c-42a1477f-86c69461-37f731afa6690440ba3e0f90"><ac:plain-text-body><![CDATA[

[CVE-2010-0886]

[Sun Java Web Start Plugin Command Line Argument Injection

http://www.securitytube.net/video/1465]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="28498816014ac887-be4e48b5-448d4aaf-880999cc-299492572da6cfde45a881ab"><ac:plain-text-body><![CDATA[

[CVE-2010-1826]

[Command injection in updateSharingD's handling of Mach RPC messages

http://securitytracker.com/id/1024617]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9dc22d3795d8ff56-63a7f643-4d0f4061-9f75a792-a354364181568906b10caded"><ac:plain-text-body><![CDATA[

[T-472]

[Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges

http://www.doecirc.energy.gov/bulletins/t-472.shtml]

]]></ac:plain-text-body></ac:structured-macro>

The CERT C Secure Coding Standard

ENV04-C. Do not call system() if you do not need a command processor

The CERT C++ Secure Coding Standard

ENV04-CPP. Do not call system() if you do not need a command processor

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="635364f2-244e-476d-aae7-1392cf708c4f"><ac:plain-text-body><![CDATA[

[ISO/IEC TR 24772:2010

http://www.aitcnet.org/isai/]

"Injection [RST]"

]]></ac:plain-text-body></ac:structured-macro>

MITRE CWE

CWE ID 78, "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3e00bc87519cc41d-3b8f0640-475341ac-928693dd-bbcab54e0b6c87127c9b1f7b"><ac:plain-text-body><![CDATA[

[[Chess 2007

AA. Bibliography#Chess 07]]

Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="631a5520459c9204-73077d02-43934619-a89f98b5-b0e77f4b2e7916cba979d4a0"><ac:plain-text-body><![CDATA[

[[OWASP 2005

AA. Bibliography#OWASP 05]]

[Reviewing Code for OS Injection

http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="261729be809b800e-66e14e28-4118473f-8ba4a9d1-450cea8ace8ee586800aebb4"><ac:plain-text-body><![CDATA[

[[Permissions 2008

AA. Bibliography#Permissions 08]]

[Permissions in the Java™ SE 6 Development Kit (JDK)

http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

]]></ac:plain-text-body></ac:structured-macro>