CWE-795: Only Filtering Special Elements at a Specified Location

BaseIncomplete

The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.

View on MITRE
Back to CWE Lookup

Extended Description

A filter might only account for instances of special elements when they occur: relative to a marker (e.g. "at the beginning/end of string; the second argument"), or at an absolute position (e.g. "byte number 10"). This may leave special elements in the data that did not match the filter position, but still may be dangerous.

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-795: Only Filtering Special Elements at a Specified Location?+

CWE-795: Only Filtering Special Elements at a Specified Location is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component. A filter might only account for instances of special elements when they occur: relative to a marker (e.g. "at the beginning/end of string; the second argument"), or at an absolute position (e.g. "byte number 10"). This may leave special elements in the data that did not match the filter position, but still may be dangerous.

What are the security consequences of Only Filtering Special Elements at a Specified Location?+

If exploited, CWE-795 (Only Filtering Special Elements at a Specified Location) it can compromise Integrity, leading to outcomes such as Unexpected State.

Which programming languages are affected by Only Filtering Special Elements at a Specified Location?+

CWE-795 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-795 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More