Category: Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions
Incomplete
Summary
Weaknesses in this category are related to improper check or handling of exceptional conditions.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | This vulnerability occurs when an ASP.NET application fails to configure custom error pages, allowing attackers to extract sensitive information from the framework's default error messages. |
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | This vulnerability occurs when a hardware device lacks proper physical safeguards against deliberate electrical manipulation. Without dedicated protection circuits or sensors, attackers can use voltage spikes or irregular clock signals to bypass security features, potentially exposing sensitive data or taking control of the system. |
| CWE-1261 | Improper Handling of Single Event Upsets | This vulnerability occurs when hardware logic fails to properly manage single-event upsets (SEUs), which are temporary bit flips caused by environmental factors. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | This vulnerability occurs when a hardware device lacks or incorrectly implements the necessary circuitry or sensors to detect and respond to the skipping of critical security instructions during CPU execution. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | This weakness occurs when a hardware device or its firmware lacks proper safeguards to maintain security functions when operated in extremely cold temperatures. Designers may fail to anticipate how critical components, like memory or security primitives, behave outside their standard operating range, creating exploitable gaps. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | This weakness occurs when a hardware device fails to manage unexpected physical or environmental situations, whether they happen naturally or are deliberately caused by an attacker. These conditions can force the hardware into an insecure state. |
| CWE-252 | Unchecked Return Value | This vulnerability occurs when a program fails to verify the result of a function or method call, allowing it to continue execution without detecting errors or unexpected conditions. |
| CWE-390 | Detection of Error Condition Without Action | This weakness occurs when software successfully identifies an error condition but then fails to take any meaningful action to address it. The error is detected but ignored, leaving the system in an inconsistent or vulnerable state. |
| CWE-391 | Unchecked Error Condition | This vulnerability occurs when a program fails to properly check or handle error conditions, such as exceptions or return codes. By ignoring these failures, the software can enter an unexpected state that attackers might exploit, often without any logging or user notification. |
| CWE-394 | Unexpected Status Code or Return Value | This vulnerability occurs when software fails to properly validate the full range of possible return values from a function or system call. While a returned value might be technically valid for that operation, the application doesn't anticipate or handle it correctly, leading to unexpected behavior. |
| CWE-544 | Missing Standardized Error Handling Mechanism | This weakness occurs when software lacks a unified, consistent approach to managing errors across its codebase, leading to unpredictable security gaps and unreliable behavior. |
| CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | This vulnerability occurs when a J2EE application uses the server's default error pages instead of custom ones, potentially leaking sensitive system details. |
| CWE-703 | Improper Check or Handling of Exceptional Conditions | This vulnerability occurs when software fails to properly plan for or manage rare but possible error scenarios, leaving it unprepared for unexpected events that can disrupt normal operation. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | This weakness occurs when software fails to properly anticipate and handle rare or unexpected runtime situations that fall outside normal operation. |
| CWE-755 | Improper Handling of Exceptional Conditions | This vulnerability occurs when software fails to properly manage unexpected situations or errors, leaving it in an unstable or insecure state. |
| CWE-756 | Missing Custom Error Page | This vulnerability occurs when an application fails to display its own user-friendly error pages, instead falling back to default system messages that can leak sensitive technical details. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.