Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

The product detects a specific error, but takes no actions to handle the error.

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the pro...

The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product.

The product does not handle or incorrectly handles an exceptional condition.

The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur.

A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primiti...

The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced.

The hardware logic does not effectively handle when single-event upsets (SEUs) occur.

The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive informatio...

The default error page of a web application should not display sensitive information about the product.

The product does not return custom error pages to the user, possibly exposing sensitive information.

The product does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses.

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to in...

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...