{"@ID": "698", "@Name": "Execution After Redirect (EAR)", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The web application sends a redirect to another location, but instead of exiting, it executes additional code.", "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "705", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "670", "@View_ID": "1000"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}, "Technology": [{"@Class": "Web Based", "@Prevalence": "Undetermined"}, {"@Name": "Web Server", "@Prevalence": "Sometimes"}]}, "Alternate_Terms": {"Alternate_Term": {"Term": "Redirect Without Exit"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": ["Other", "Confidentiality", "Integrity", "Availability"], "Impact": ["Alter Execution Logic", "Execute Unauthorized Code or Commands"], "Note": "This weakness could affect the control flow of the application and allow execution of untrusted code."}}, "Detection_Methods": {"Detection_Method": {"Method": "Black Box", "Description": "This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss."}}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-180", "Intro_Text": "This code queries a server and displays its status when a request comes from an authorized IP address.", "Example_Code": {"@Nature": "Bad", "@Language": "PHP", "xhtml:div": {"xhtml:br": [null, null, null, null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:br": null, "#text": "echo \"You are not authorized to view this page\";http_redirect($errorPageURL);"}, "xhtml:i": "...", "#text": "$requestingIP = $_SERVER['REMOTE_ADDR'];if(!in_array($requestingIP,$ipAllowList)){}$status = getServerStatus();echo $status;"}}, "Body_Text": "This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212)."}}, "Observed_Examples": {"Observed_Example": [{"Reference": "CVE-2013-1402", "Description": "Execution-after-redirect allows access to application configuration details.", "Link": "https://www.cve.org/CVERecord?id=CVE-2013-1402"}, {"Reference": "CVE-2009-1936", "Description": "chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal.", "Link": "https://www.cve.org/CVERecord?id=CVE-2009-1936"}, {"Reference": "CVE-2007-2713", "Description": "Remote attackers can obtain access to administrator functionality through EAR.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-2713"}, {"Reference": "CVE-2007-4932", "Description": "Remote attackers can obtain access to administrator functionality through EAR.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-4932"}, {"Reference": "CVE-2007-5578", "Description": "Bypass of authentication step through EAR.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-5578"}, {"Reference": "CVE-2007-2713", "Description": "Chain: Execution after redirect triggers eval injection.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-2713"}, {"Reference": "CVE-2007-6652", "Description": "chain: execution after redirect allows non-administrator to perform static code injection.", "Link": "https://www.cve.org/CVERecord?id=CVE-2007-6652"}]}, "References": {"Reference": {"@External_Reference_ID": "REF-565"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2008-09-09", "Submission_Version": "1.0", "Submission_ReleaseDate": "2008-09-09"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Common_Consequences, Demonstrative_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2013-02-21", "Modification_Version": "2.4", "Modification_ReleaseDate": "2013-02-21", "Modification_Comment": "updated Alternate_Terms, Name, Observed_Examples, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-06-25", "Modification_Version": "4.1", "Modification_ReleaseDate": "2020-06-25", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2022-10-13", "Modification_Version": "4.9", "Modification_ReleaseDate": "2022-10-13", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms"}], "Previous_Entry_Name": {"@Date": "2013-02-21", "#text": "Redirect Without Exit"}}}
