CWE-235: Improper Handling of Extra Parameters

Description

The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

Extended Description

N/A

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

CVE: CVE-2003-1014

MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.

Related Attack Patterns (CAPEC)

CAPEC-460

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	This typically occurs in situations when only one element is expected to be specified.

Common Consequences

Impact: Unexpected State — Notes:

Potential Mitigations

None listed.

Applicable Platforms

None (Not Language-Specific, Undetermined)

Demonstrative Examples

N/A

Notes

Relationship: This type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.

← Back to CWE list