CWE-393: Return of Wrong Status Code
查看自定义信息:
A function or operation returns an incorrect return value or status code that does not indicate an error, but causes the product to modify its behavior based on the incorrect result.
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
与观点“研究概念”相关(CWE-1000)
与“软件开发”视图相关(CWE-699)
The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.
This listing shows possible areas for which the given weakness could appear. These may be for specific named Languages, Operating Systems, Architectures, Paradigms, Technologies, or a class of such platforms. The platform is listed along with how frequently the given weakness appears for that instance.
Languages Class: Not Language-Specific(Undetermined Prevalence)
This table specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
示例1 In the following example, an HTTP 404 status code is returned in the event of an IOException encountered in a Java servlet. A 404 code is typically meant to indicate a non-existent resource and would be somewhat misleading in this case.
(bad code)
示例语言:Java
尝试 {
//可能会抛出ioexception的东西 。。。
响应。SENDERROR(SC_NOT_FOUND); }
This MemberOf Relationships table shows additional CWE Categories and Views that reference this weakness as a member. This information is often useful in understanding where a weakness fits within the context of external information sources.
Relationship
This can be primary or resultant, but it is probably most often primary to other issues.
提供更多信息 - 请选择其他过滤器。
|
使用共同弱点枚举(CWE)和本网站的相关参考Terms of Use。CWE由美国国土安全部(DHS)Cybersecurity and Infrastructure Security Agency(CISA) and managed by theHomeland Security Systems Engineering and Development Institute(HSSEDI)由manbetx客户端首页(MITER)。版权所有©2006–2023,Miter Comanbetx客户端首页rporation。CWE,CWSS,CWRAF和CWE徽标是Miter Corporation的商标。manbetx客户端首页 |