Tag Archives: CWE- 222

CWE-222 – Truncation of Security-relevant Information

Read Time:35 Second

Description

The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-221

 

Consequences

Non-Repudiation: Hide Activities

The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

 

Potential Mitigations

CVE References

  • CVE-2005-0585
    • Web browser truncates long sub-domains or paths, facilitating phishing.
  • CVE-2004-2032
    • Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.
  • CVE-2003-0412
    • Does not log complete URI of a long request (truncation).