Category: SFP Secondary Cluster: Protocol Error
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Protocol Error cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-353 | Missing Support for Integrity Check | This vulnerability occurs when a system uses a communication protocol that lacks built-in integrity verification, such as a checksum or cryptographic hash, to detect if data has been altered or corrupted during transmission. |
| CWE-435 | Improper Interaction Between Multiple Correctly-Behaving Entities | This weakness occurs when individually secure components interact in unexpected ways within a larger system, creating new security flaws that weren't present in isolation. |
| CWE-436 | Interpretation Conflict | An interpretation conflict occurs when two systems process the same data or sequence of events differently, leading one system to make incorrect decisions based on its flawed understanding of the other's state. |
| CWE-437 | Incomplete Model of Endpoint Features | This vulnerability occurs when a security product, proxy, or monitoring system sits between endpoints but lacks a full understanding of what those endpoints can do or their current state. Because it's working with incomplete information, it can make wrong decisions, allowing malicious traffic to pass or incorrectly blocking legitimate requests. |
| CWE-757 | Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') | This vulnerability occurs when a protocol or system allows negotiating a security algorithm (like encryption) but chooses a weaker option than the strongest one both parties support, creating an unnecessary security gap. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.