HoT-TAI-0012: Insecure direct object references

Summary:

• CWE-932 Insecure Direct Object References (OWASP Top Ten 2013 Category A4)
• CWE-21 Pathname Traversal and Equivalence Errors
• CWE-22 Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
• CWE-23 Relative Path Traversal
• CWE-36 Absolute Path Traversal

Estimated Overall Risk Assessment:HIGH/MID/LOW

• Technical Impacts:

• Business Impacts:

• Detectability:

• Prevalence:

• Exploitability:

Attack Surfaces Grouped By Layer of Cyberspace

• Physical Network Layer
  • Administrative Interface
  • Device Web Interface
• Logical Network Layer
  • Cloud Web Interface

Known Intrusion / Exploit / Attack Cases and Threats

TBD

Identify, Detect, Protect, Respond, and Recover (NIST FICIC)

TBD

Analysis Tools and Training

TBD

Associated CVEs / Manufacturers / Devices

TBD

References

TBD