Failure to Handle Incomplete Element| ID: 239 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The software does not properly handle when a particular element
is not completely specified.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| IntegrityOther | Varies by contextUnexpected state | |
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-239 ChildOf CWE-896 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2002-1532 : HTTP GET without \r\n\r\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.
- CVE-2003-0195 : Partial request is not timed out.
- CVE-2005-2526 : MFV. CPU exhaustion in printer via partial printing request then early termination of connection.
- CVE-2002-1906 : CPU consumption by sending incomplete HTTP requests and leaving the connections open.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Incomplete Element | |
References:None
