312-50V10 · Question #286
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
The correct answer is C. 0-day vulnerability. A zero-day (0-day) vulnerability is a security flaw that has just been discovered and for which no vendor patch or official mitigation yet exists.
Question
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
Options
- AInput validation flaw
- BHTTP header injection vulnerability
- C0-day vulnerability
- DTime-to-check to time-to-use flaw
How the community answered
(28 responses)- A4% (1)
- B7% (2)
- C89% (25)
Why each option
A zero-day (0-day) vulnerability is a security flaw that has just been discovered and for which no vendor patch or official mitigation yet exists.
An input validation flaw is a specific category of vulnerability caused by failing to sanitize user-supplied data, which is a root-cause classification rather than a timeliness classification.
An HTTP header injection vulnerability is a specific web attack technique involving malicious data inserted into HTTP response headers, not a general term for newly discovered flaws.
The term '0-day' refers to the fact that developers have had zero days to address and patch the newly discovered flaw. Because no fix is available, systems remain exposed until the vendor releases a patch, making 0-day vulnerabilities especially dangerous and valuable to attackers.
A time-to-check to time-to-use (TOCTOU) flaw is a specific race condition where the state of a resource changes between a security check and its actual use.
Concept tested: Zero-day vulnerability definition and characteristics
Source: https://csrc.nist.gov/glossary/term/zero_day_vulnerability
Topics
Community Discussion
No community discussion yet for this question.