CWE-392 错误条件报告缺失

admin 2022年1月5日20:58:54评论26 views字数 1764阅读5分52秒阅读模式

CWE-392 错误条件报告缺失

Missing Report of Error Condition

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown


The software encounters an error but does not provide a status code or return value to indicate that an error has occurred.


  • cwe_Nature: ChildOf cwe_CWE_ID: 684 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 703 cwe_View_ID: 1000


Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}


范围 影响 注释
['Integrity', 'Other'] ['Varies by Context', 'Unexpected State'] Errors that are not properly reported could place the system in an unexpected state that could lead to unintended behaviors.


In the following snippet from a doPost() servlet method, the server returns "200 OK" (default) even if an error occurs.

bad Java

try {

// Something that may throw an exception.


} catch (Throwable t) {

logger.error("Caught: " + t.toString());



标识 说明 链接
CVE-2004-0063 Function returns "OK" even if another function returns a different status code than expected, leading to accepting an invalid PIN number.
CVE-2002-1446 Error checking routine in PKCS#11 library returns "OK" status even when invalid signature is detected, allowing spoofed messages.
CVE-2002-0499 Kernel function truncates long pathnames without generating an error, leading to operation on wrong directory.
CVE-2005-2459 Function returns non-error value when a particular erroneous condition is encountered, leading to resultant NULL dereference.


映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Missing Error Status Code
The CERT Oracle Secure Coding Standard for Java (2011) TPS03-J Ensure that tasks executing in a thread pool do not fail silently
Software Fault Patterns SFP6 Incorrect Exception Behavior


特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
  • 本文由 发表于 2022年1月5日20:58:54
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-392 错误条件报告缺失


匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: