CWE-140 - Improper Neutralization of Delimiters

Home/CWEs/CWE info/

CWE-140

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Improper Neutralization of Delimiters

Description: The product does not neutralize or incorrectly neutralizes delimiters.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-138Improper Neutralization of Special Elements

Release Date:
2006-07-19

Latest Modification Date:
2023-10-26

Latest Security News

Windows 11 24H2 update blocked on PCs with Assassin's Creed, Star Wars Outlaws

Microsoft testing Windows 11 support for third-party passkeys

Hackers abuse Avast anti-rootkit driver to disable defenses

Google Exposes GLASSBRIDGE: A Pro-China Influence Network of Fake News Sites

North Korean Hackers Steal $10M with AI-Driven Scams and Malware on LinkedIn

Windows 10 KB5046714 update fixes bug preventing app uninstalls

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

APT-K-47 Uses Hajj-Themed Lures to Deliver Advanced Asyncshell Malware

Top Alert List

MediumAbsence of Anti-CSRF Tokens

MediumDirectory Browsing

InformationalInformation Disclosure - Suspicious Comments

Content Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowServer Leaks Information via "X-Powered-By" HTTP Response Header Field(s)

LowCookie without SameSite Attribute

Cross-Domain Misconfiguration

MediumMissing Anti-clickjacking Header

CSP

Top CVE List

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2019-15949 Nagios XI Remote Code Execution Vulnerability

CVE-2021-41277 Metabase GeoJSON API Local File Inclusion Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2021-26858 Microsoft Exchange Server Remote Code Execution Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

Common CWEs

CWE-125 Out-of-bounds Read

CWE-1312 Missing Protection for Mirrored Regions in On-Chip Fabric Firewall

LowCWE-479 Signal Handler Use of a Non-reentrant Function

CWE-491 Public cloneable() Method Without Final ('Object Hijack')

HighCWE-243 Creation of chroot Jail Without Changing Working Directory

MediumCWE-492 Use of Inner Class Containing Sensitive Data

CWE-175 Improper Handling of Mixed Encoding

CWE-38 Path Traversal: '\absolute\pathname\here'

HighCWE-330 Use of Insufficiently Random Values

MediumCWE-1022 Use of Web Link to Untrusted Target with window.opener Access

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-140 - Improper Neutralization of Delimiters

The product does not neutralize or incorrectly neutralizes delimiters.