Truncation of Security-relevant InformationID: 222 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: weakness | Status: DRAFT |
Abstraction Type: Base |
Description
The application truncates the display, recording, or processing
of security-relevant information in a way that can obscure the source or nature
of an attack.
Applicable PlatformsLanguage Class: All
Time Of Introduction
- Architecture and Design
- Implementation
- Operation
Common Consequences
Scope | Technical Impact | Notes |
---|
Non-Repudiation | Hide activities | The source of an attack will be difficult or impossible to determine.
This can allow attacks to the system to continue without notice. |
Detection MethodsNone
Potential MitigationsNone
Relationships
Related CWE | Type | View | Chain |
---|
CWE-222 ChildOf CWE-906 | Category | CWE-888 | |
Demonstrative ExamplesNone
Observed Examples
- CVE-2005-0585 : Web browser truncates long sub-domains or paths, facilitating phishing.
- CVE-2004-2032 : Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.
- CVE-2003-0412 : Does not log complete URI of a long request (truncation).
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
PLOVER | | Truncation of Security-relevant Information | |
References:None