CWE-449

Name

The UI Performs the Wrong Action

Status

Incomplete

Published

2006-07-19 00:00 +00:00

Last Modified

2023-06-29 00:00 +00:00

Official links

CWE Mitre.org

Alerte pour un CWE

Stay informed of any changes for a specific CWE.

Alert management

List of Alerts

Alerte pour un CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

The UI Performs the Wrong Action

The UI performs the wrong action with respect to the user's request.

Informations

Modes Of Introduction

Implementation

Applicable Platforms

Language

Class: Not Language-Specific (Undetermined)

Common Consequences

Scope	Impact	Likelihood
Other	Quality Degradation, Varies by Context

Observed Examples

Reference	Description
CVE-2001-1387	Network firewall accidentally implements one command line option as if it were another, possibly leading to behavioral infoleak.
CVE-2001-0081	Command line option correctly suppresses a user prompt but does not properly disable a feature, although when the product prompts the user, the feature is properly disabled.
CVE-2002-1977	Product does not "time out" according to user specification, leaving sensitive data available after it has expired.

Potential Mitigations

Phases : Testing
Perform extensive functionality testing of the UI. The UI should behave as specified.

Vulnerability Mapping Notes

Rationale : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comments : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Submission

Name	Organization	Date	Date Release	Version
PLOVER		2006-07-19 +00:00	2006-07-19 +00:00	Draft 3

Modifications

Name	Organization	Date	Comment
Eric Dalci	Cigital	2008-07-01 +00:00	updated Potential_Mitigations, Time_of_Introduction
CWE Content Team	MITRE	2008-09-08 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2011-06-27 +00:00	updated Common_Consequences
CWE Content Team	MITRE	2012-05-11 +00:00	updated Relationships
CWE Content Team	MITRE	2012-10-30 +00:00	updated Potential_Mitigations
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships
CWE Content Team	MITRE	2017-11-08 +00:00	updated Applicable_Platforms
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

CWE-449

Alerte pour un CWE

Functionality requiring a connection

The UI Performs the Wrong Action

Informations

Modes Of Introduction

Applicable Platforms

Language

Common Consequences

Observed Examples

Potential Mitigations

Vulnerability Mapping Notes

Submission

Modifications

Lists Vulnerabilities

Sorted by Year

CVE Statistics

Specific Views

CVE

OWASP

CISA KEV

Vendors List

Products List

Lists CWE

Specific Views

Lasts 7 CWE

Lists CAPEC

Specifics Views

7 Lasts CAPEC

No result found

Alert System

CWE-449 Detail

CWE-449

Alerte pour un CWE

The UI Performs the Wrong Action

Informations

Modes Of Introduction

Applicable Platforms

Language

Common Consequences

Observed Examples

Potential Mitigations

Vulnerability Mapping Notes

Submission

Modifications