Call to Non-ubiquitous API
Weakness ID: 589 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The software uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial of service or other consequences.

Extended Description

Some functions that offer security features supported by the OS are not available on all versions of the OS in common use. Likewise, functions are often deprecated or made obsolete for security reasons and should not be used.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Potential Mitigations

Phase: Implementation

Always test your code on any platform on which it is targeted to run on.

Pre-design through build: Test your code on the newest and oldest platform on which it is targeted to run on.

Phase: Testing

Develop a system to test for API functions that are not portable.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class227Failure to Fulfill API Contract ('API Abuse')
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base474Use of Function with Inconsistent Implementations
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
96Block Access to Libraries
+ Content History
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other Notes
2008-10-14CWE Content TeamMITREInternal
updated Description
2009-07-27CWE Content TeamMITREInternal
updated Other Notes, Potential Mitigations
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Call to Limited API