CWE-230 - Improper Handling of Missing Values

Read Time:27 Second

Description

The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

Modes of Introduction:

– Implementation

Related Weaknesses

CWE-229

Consequences

Integrity: Unexpected State

Potential Mitigations

CVE References

CVE-2002-0422
- Blank Host header triggers resultant infoleak.

CVE-2000-1006
- Blank “charset” attribute in MIME header triggers crash.

CVE-2004-1504
- Blank parameter causes external error infoleak.

CVE-2005-2053
- Blank parameter causes external error infoleak.

Cyber Security News

CWE-230 – Improper Handling of Missing Values

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more