CWE 432

Dangerous Handler not Disabled During Sensitive Operations

Weakness ID: 432 (Weakness Base)

Status: Draft

Description

Description Summary

The application does not properly clear or disable dangerous handlers during sensitive operations.

Extended Description

Not disabling a dangerous handler might allow an attacker to invoke the handler at unexpected times. This can cause the software to enter an invalid state.

Time of Introduction

Architecture and Design
Implementation

Applicable Platforms

Languages

All

Potential Mitigations

Turn off dangerous handlers when performing sensitive operations.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ChildOf	Category	429	Handler Errors	Development Concepts (primary)699
ChildOf	Weakness Class	691	Insufficient Control Flow Management	Research Concepts (primary)1000

Taxonomy Mappings

Mapped Taxonomy Name	Node ID	Fit	Mapped Node Name
PLOVER			Dangerous handler not cleared/disabled during sensitive operations

Content History

Submissions
Submission Date	Submitter	Organization	Source
	PLOVER		Externally Mined

Modifications
Modification Date	Modifier	Organization	Source
2008-07-01	Eric Dalci	Cigital	External
2008-07-01	updated Potential Mitigations, Time of Introduction
2008-09-08	CWE Content Team	MITRE	Internal
2008-09-08	updated Relationships, Taxonomy Mappings
2008-10-14	CWE Content Team	MITRE	Internal
2008-10-14	updated Description
Previous Entry Names
Change Date	Previous Entry Name
2008-04-11	Dangerous Handler not Cleared/Disabled During Sensitive Operations

Facebook rss twitter linkedin mail

CWE 432

COMPANY

STANDARDS

RECENT POSTS

MENU