SFP Secondary Cluster: Unchecked Status Condition

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Unchecked Status Condition cluster (SFP4).

Weaknesses

Detection of Error Condition Without Action

The software detects a specific error, but takes no actions to handle the error.

Improper Check for Dropped Privileges

The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the so...

Improper Handling of Exceptional Conditions

The software does not handle or incorrectly handles an exceptional condition.

Improper Handling of Insufficient Permissions or Privileges

The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This...

Improper Initialization

The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Incomplete Internal State Distinction

The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect ope...

Incorrect Check of Function Return Value

The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.

Missing Default Case in Switch Statement

The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.

Missing Handler

A handler is not available or implemented.

Omitted Break Statement in Switch

The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...

Uncaught Exception

An exception is thrown from a function, but it is not caught.

Uncaught Exception in Servlet

The Servlet does not catch all exceptions, which may reveal sensitive debugging information.

Unchecked Error Condition

[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.

Unchecked Return Value

The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Unexpected Status Code or Return Value

The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.

Use of NullPointerException Catch to Detect NULL Pointer Dereference

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.