Failure to Report Error in Status Code |
Weakness ID: 392 (Weakness Base) | Status: Draft |
Description Summary
The software encounters an error but does not return a status code or return value to indicate that an error has occurred.
Example 1
In the following snippet from a doPost() servlet method, the server returns "200 OK" (default) even if an error occurs.
(Bad Code)
Example Language: Java
try {
// Something that may throw an exception.
...
} catch (Throwable t) {
logger.error("Caught: " + t.toString());
return;
}
Reference | Description |
---|---|
CVE-2004-0063 | Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number. |
CVE-2002-1446 | Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages. |
CVE-2002-0499 | Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory. |
CVE-2005-2459 | Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Resultant | (where the weakness is typically related to the presence of some other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 389 | Error Conditions, Return Values, Status Codes | Development Concepts (primary)699 |
ChildOf | Weakness Base | 684 | Failure to Provide Specified Functionality | Research Concepts (primary)1000 |
ChildOf | Weakness Class | 703 | Failure to Handle Exceptional Conditions | Research Concepts1000 |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
PLOVER | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships, Other Notes, Taxonomy Mappings | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Other Notes, Weakness Ordinalities | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Missing Error Status Code | |||