Truncation of Security-relevant Information
Weakness ID: 222 (Weakness Base)Status: Draft
+ Description

Description Summary

The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2005-0585Web browser truncates long sub-domains or paths, facilitating phishing.
CVE-2004-2032Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.
CVE-2003-0412Does not log complete URI of a long request (truncation).
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class221Information Loss or Omission
Development Concepts (primary)699
Research Concepts (primary)1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERTruncation of Security-relevant Information
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Taxonomy Mappings