SFP Secondary Cluster: Unchecked Status Condition
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Unchecked Status Condition cluster (SFP4).
The software detects a specific error, but takes no actions to handle the error.
The software attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the so...
The software does not handle or incorrectly handles an exceptional condition.
The application does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This...
The software does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
The software does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect ope...
The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions.
The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.
A handler is not available or implemented.
The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
An exception is thrown from a function, but it is not caught.
The Servlet does not catch all exceptions, which may reveal sensitive debugging information.
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed.
The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
The software does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the software.
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).