Improper Handling of Missing Values
Weakness ID: 230 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.
+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

All

+ Observed Examples
ReferenceDescription
CVE-2002-0422Blank Host header triggers resultant infoleak.
CVE-2000-1006Blank "charset" attribute in MIME header triggers crash.
CVE-2004-1504Blank parameter causes external error infoleak.
CVE-2005-2053Blank parameter causes external error infoleak.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class229Improper Handling of Values
Development Concepts (primary)699
Research Concepts (primary)1000
+ Research Gaps

Some "crash by port scan" bugs are probably due to this, but lack of diagnosis makes it difficult to be certain.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERMissing Value Error
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes, Taxonomy Mappings
2009-03-10CWE Content TeamMITREInternal
updated Description, Name
2009-10-29CWE Content TeamMITREInternal
updated Other Notes, Research Gaps
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Missing Value Error
2009-03-10Failure to Handle Missing Value
Back to top