CWE-115: Misinterpretation of Input

Description

The product misinterprets an input, whether from an attacker or another product, in a security-relevant fashion.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2005-2225

Product sees dangerous file extension in free text of a group discussion, disconnects all users.
CVE: CVE-2001-0003

Product does not correctly import and process security settings from another product.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Architecture and Design	N/A
Implementation	N/A

Common Consequences

Impact: Unexpected State — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

Research Gap: This concept needs further study. It is likely a factor in several weaknesses, possibly resultant as well. Overlaps Multiple Interpretation Errors (MIE).

← Back to CWE list