Truncation of Security-relevant Information Archives

Read Time:35 Second

Description

The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-221

Consequences

Non-Repudiation: Hide Activities

The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

Potential Mitigations

CVE References

CVE-2005-0585
- Web browser truncates long sub-domains or paths, facilitating phishing.

CVE-2004-2032
- Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.

CVE-2003-0412
- Does not log complete URI of a long request (truncation).

Cyber Security News

Tag Archives: Truncation of Security-relevant Information

CWE-222 – Truncation of Security-relevant Information

Description

Related Weaknesses

Consequences

Potential Mitigations

CVE References

News, Advisories and much more