Les cours du BTS SIO

Outils pour utilisateurs

Outils du site

Piste : presentation virtio reseauwsl commandinjection awscli
cyber:vulnerabilite:cross_site_request_forgery

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

Les deux révisions précédentesRévision précédente
cyber:vulnerabilite:cross_site_request_forgery [2025/07/03 12:22] – [Exemple 2] admincyber:vulnerabilite:cross_site_request_forgery [2025/07/03 12:23] (Version actuelle) – [CWEs] admin
Ligne 168: Ligne 168:
 The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
  
-CWE-306 : Missing Authentication for Critical Function+  * [[https://cwe.mitre.org/data/definitions/306.html|CWE-306 : Missing Authentication for Critical Function]]
 The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
  
-CWE-664 : Improper Control of a Resource Through its Lifetime+  * [[https://cwe.mitre.org/data/definitions/664.html|CWE-664 : Improper Control of a Resource Through its Lifetime]]
 The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
  
-CWE-732 : Incorrect Permission Assignment for Critical Resource+  * [[https://cwe.mitre.org/data/definitions/732.html|CWE-732 : Incorrect Permission Assignment for Critical Resource]]
 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
  
-CWE-1275 : Sensitive Cookie with Improper SameSite Attribute+  * [[https://cwe.mitre.org/data/definitions/1275.html|CWE-1275 : Sensitive Cookie with Improper SameSite Attribute]]
 The SameSite attribute for sensitive cookies is not set, or an insecure value is used. The SameSite attribute for sensitive cookies is not set, or an insecure value is used.
  
-References +====== References ====== 
-URL + 
-https://repository.root-me.org/Exploitation%20-%20Web/FR%20-%20les%20attaques%20CSRF.pdf +URL : 
-https://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20CSRF:%20Attack%20and%20defense.pdf +  https://repository.root-me.org/Exploitation%20-%20Web/FR%20-%20les%20attaques%20CSRF.pdf 
-https://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf+  https://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20CSRF:%20Attack%20and%20defense.pdf 
 +  https://repository.root-me.org/Exploitation%20-%20Web/EN%20-%20OWASP%20Cross-site%20Request%20Forgery%20CSRF.pdf
 ====== Retour fiches vulnérabilités ====== ====== Retour fiches vulnérabilités ======
   * [[cyber:vulnerabilite:accueil|Cyber fiches vulnérabilités]]   * [[cyber:vulnerabilite:accueil|Cyber fiches vulnérabilités]]
  
  
cyber/vulnerabilite/cross_site_request_forgery.1751538127.txt.gz · Dernière modification : 2025/07/03 12:22 de admin