CWE-222: Truncation of Security-relevant Information

Description

The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

Extended Description

N/A

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

Observed Examples (CVEs)

CVE: CVE-2005-0585

Web browser truncates long sub-domains or paths, facilitating phishing.
CVE: CVE-2004-2032

Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.
CVE: CVE-2003-0412

application server does not log complete URI of a long request (truncation).

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	N/A
Operation	N/A

Common Consequences

Impact: Hide Activities — Notes: The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list