CWE-295: Improper Certificate Validation
low-riskThe product does not validate, or incorrectly validates, a certificate.
Common Consequences
Detection Methods
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Bytecode Weakness Analysis - including disassembler + source code weakness analysis Binary Weakness Analysis - including disassembler + source code weakness analysis
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Binary / Bytecode disassembler - then use manual analysis for vulnerabilities & anomalies
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Web Application Scanner
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Man-in-the-middle attack tool
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Focused Manual Spotcheck - Focused manual analysis of source Manual Source Code Review (not inspections)
According to SOAR [REF-1479], the following detection techniques may be useful: Cost effective for partial coverage: Source code Weakness Analyzer Context-configured Source Code Weakness Analyzer
According to SOAR [REF-1479], the following detection techniques may be useful: Highly cost effective: Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2020-0601 | 8.1 | 94.1% | Y |
| CVE-2020-0601 | 8.1 | 94.1% | Y |
| CVE-2022-26923 | 8.8 | 91.4% | Y |
| CVE-2022-26923 | 8.8 | 91.4% | Y |
| CVE-2015-3152 | 5.9 | 51.7% | — |
| CVE-2024-29050 | 8.4 | 37.9% | — |
| CVE-2024-49369 | 9.8 | 22.5% | — |
| CVE-2020-8289 | 7.8 | 20.5% | — |
| CVE-2020-8289 | 7.8 | 20.5% | — |
| CVE-2014-1266 | 7.4 | 17.9% | — |