[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248364

 
 

909

 
 

195388

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Improper Handling of Missing Values

ID: 230Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

Applicable Platforms
Language Class: All

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 		Unexpected state
 		 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-230 ChildOf CWE-896 Category CWE-888  

Demonstrative Examples
None

Observed Examples

  1. CVE-2002-0422 : Blank Host header triggers resultant infoleak.
  2. CVE-2000-1006 : Blank "charset" attribute in MIME header triggers crash.
  3. CVE-2004-1504 : Blank parameter causes external error infoleak.
  4. CVE-2005-2053 : Blank parameter causes external error infoleak.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Missing Value Error
 		 
CERT Java Secure Coding ERR08-J
 		Do not catch NullPointerException or any of its ancestors
 		 

References:
None

© SecPod Technologies