CWE-352 (Cross-Site Request Forgery)
GPTKB entity
Statements (25)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
software vulnerability class
|
| gptkbp:abbreviation |
gptkb:CSRF
|
| gptkbp:affects |
web applications
|
| gptkbp:category |
Improper Authentication
|
| gptkbp:cause |
data manipulation
privilege escalation unauthorized actions |
| gptkbp:describedBy |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:documentedIn |
gptkb:OWASP_Top_Ten
MITRE CWE database |
| gptkbp:example |
attacker tricks user into submitting a request to a web application where the user is authenticated
|
| gptkbp:hasCWE |
gptkb:CWE-352
|
| gptkbp:hasWeaknessType |
Design
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-352 (Cross-Site Request Forgery)
|
| gptkbp:mitigatedBy |
implement user interaction confirmation
use custom request headers validate origin header |
| gptkbp:name |
gptkb:Cross-Site_Request_Forgery
|
| gptkbp:prevention |
user authentication
anti-CSRF tokens same-site cookies |
| gptkbp:relatedTo |
gptkb:CWE-287_(Improper_Authentication)
CWE-601 (Open Redirect) |
| gptkbp:bfsParent |
gptkb:Common_Weakness_Enumeration_(CWE)
|
| gptkbp:bfsLayer |
7
|