Incomplete Internal State Distinction |
Weakness ID: 372 (Weakness Base) | Status: Draft |
Description Summary
The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 371 | State Issues | Development Concepts (primary)699 |
ChildOf | Weakness Class | 697 | Insufficient Comparison | Research Concepts (primary)1000 |
This conceptually overlaps other categories such as insufficient verification, but this entry refers to the product's incorrect perception of its own state. |
This is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc. |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
PLOVER | Incomplete Internal State Distinction |
The classification under CWE-697 is imprecise. Since this entry does not cover specific causes for the failure to identify proper state, it needs deepere investigation. It is probably more like a category. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Maintenance Notes, Relationships, Relationship Notes, Taxonomy Mappings |