English
Français
Light
Dark
System

Alert System

Stay informed at all times
Create an account Open a free account Login Manage your alerts

CWE-389 Categorie Detail

CWE-389

Error Conditions, Return Values, Status Codes
Incomplete
2006-07-19 +00:00
2023-06-29 +00:00
CWE Mitre.org

Alerte pour un CWE

Stay informed of any changes for a specific CWE.
Alert management

Error Conditions, Return Values, Status Codes

This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/status codes that could be generated by a function. This type of problem is most often found in conditions that are rarely encountered during the normal operation of the product. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger the rare conditions.

Members

CWE-209: Generation of Error Message Containing Sensitive Information Base

CWE-248: Uncaught Exception Base

CWE-252: Unchecked Return Value Base

CWE-253: Incorrect Check of Function Return Value Base

CWE-390: Detection of Error Condition Without Action Base

CWE-391: Unchecked Error Condition Base

CWE-392: Missing Report of Error Condition Base

CWE-393: Return of Wrong Status Code Base

CWE-394: Unexpected Status Code or Return Value Base

CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference Base

CWE-396: Declaration of Catch for Generic Exception Base

CWE-397: Declaration of Throws for Generic Exception Base

CWE-544: Missing Standardized Error Handling Mechanism Base

CWE-584: Return Inside Finally Block Base

CWE-617: Reachable Assertion Base

CWE-756: Missing Custom Error Page Base

Informations

Vulnerability Mapping Notes

Rationale : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comments : See member weaknesses of this category.

Submission

Name Organization Date Date Release Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2008-10-14 +00:00 updated Description
CWE Content Team MITRE 2009-12-28 +00:00 updated Other_Notes, Weakness_Ordinalities
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Description, Other_Notes, References, Relationships, Research_Gaps, Taxonomy_Mappings, Weakness_Ordinalities
CWE Content Team MITRE 2019-06-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2023-04-27 +00:00 updated Mapping_Notes, Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

References

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.


More information
Click on the button to the left (OFF), to authorize the inscription of cookie improving the functionalities of the site. Click on the button to the left (Accept all), to unauthorize the inscription of cookie improving the functionalities of the site.