...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS07-J | high | probable | medium | P12 | L1 |
Related
...
Vulnerabilities
Examples of related vulnerabilities include:
ENV04-C. Do not call system() if you do not need a command processor | ||||
ENV04-CPP. Do not call system() if you do not need a command processor | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f2bfca7fd4724c08-edca1421-492e4feb-bce0a682-6d0d9b7288bcab52b20b3e00"><ac:plain-text-body><![CDATA[ | [CVE-2010-0886] | [Sun Java Web Start Plugin Command Line Argument Injection | http://www.securitytube.net/video/1465] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3733cd7ac082fe94-b721b399-4fa74076-8ee78e47-ee770ad60b3802d5d25f168f"><ac:plain-text-body><![CDATA[ | [CVE-2010-1826] | [Command injection in updateSharingD's handling of Mach RPC messages | http://securitytracker.com/id/1024617] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ffb08ea1671d08ba-e554d329-4a2847b7-9326a5bf-1e8e3735deb225f15b27638e"><ac:plain-text-body><![CDATA[ | [T-472] | [Mac OS X Java Command Injection Flaw in updateSharingD Lets Local Users Gain Elevated Privileges | http://www.doecirc.energy.gov/bulletins/t-472.shtml] | ]]></ac:plain-text-body></ac:structured-macro> |
Related Guidelines
ENV04-C. Do not call system() if you do not need a command processor | |||||
ENV04-CPP. Do not call system() if you do not need a command processor | |||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a9d0e64fb26aea9e-4691d618-464345ac-b549bac1-a1192683528a8d65065a2779"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE ID 78 | http://cwe.mitre.org/data/definitions/78.html] "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" | ]]></ac:plain-text-body></ac:structured-macro> |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f07a3ba9c3eb6d98-aff57f7a-4f1e49a6-905da1f5-c7c7fe4ecb2127fd6087428e"><ac:plain-text-body><![CDATA[ | [[Chess 2007 | AA. Bibliography#Chess 07]] | Chapter 5: Handling Input, "Command Injection"]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a0957b80101148f9-af129d88-475b40f7-9d08b76e-e12c5a3784dcfbf471b7a69b"><ac:plain-text-body><![CDATA[ | [[OWASP 2005 | AA. Bibliography#OWASP 05]] | [Reviewing Code for OS Injection | http://www.owasp.org/index.php/Reviewing_Code_for_OS_Injection] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3d043c326936505a-8a7023a5-4b734552-8b2aa2f6-18022c0d4eea4b093276c6a1"><ac:plain-text-body><![CDATA[ | [[Permissions 2008 | AA. Bibliography#Permissions 08]] | [Permissions in the Java™ SE 6 Development Kit (JDK) | http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008) | ]]></ac:plain-text-body></ac:structured-macro> |
...