Improper Handling of Extra Parameters
Weakness ID: 235 (Weakness Base)Status: Draft
+ Description

Description Summary

The software does not handle or incorrectly handles when a particular parameter, field, or argument name is specified two or more times.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms



+ Modes of Introduction

This typically occurs in situations when only one element is expected to be specified.

+ Observed Examples
CVE-2003-1014MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class233Parameter Problems
Development Concepts (primary)699
Research Concepts (primary)1000
+ Relationship Notes

This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERExtra Parameter Error
+ Content History
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Modes of Introduction, Relationships, Relationship Notes, Taxonomy Mappings
2009-03-10CWE Content TeamMITREInternal
updated Description, Name
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Extra Parameter Error
2009-03-10Failure to Handle Extra Parameter