[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Handling of Extra Parameters

ID: 235Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not handle or incorrectly handles when a particular parameter, field, or argument name is specified two or more times.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Architecture and Design
  • Implementation

Related Attack Patterns

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 		Unexpected state
 		 

Detection Methods
None

Potential Mitigations
None

Relationships
This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.

Related CWETypeViewChain
CWE-235 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2003-1014 : MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Extra Parameter Error
 		 

References:
None

© SecPod Technologies