CWE-840 Detail

CWE-840

Name

Business Logic Errors

Status

Incomplete

Published

2011-03-30 +00:00

Modified

2023-06-29 +00:00

Official links

CWE Mitre.org

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Notifications manage

List of Notifications

Notifications for a CWE

Stay informed of any changes for a specific CWE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

Specify the CWE ID you wish to monitor.

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

Name: Business Logic Errors

Weaknesses in this category identify some of the underlying problems that commonly allow attackers to manipulate the business logic of an application. Errors in business logic can be devastating to an entire application. They can be difficult to find automatically, since they typically involve legitimate use of the application's functionality. However, many business logic errors can exhibit patterns that are similar to well-understood implementation and design weaknesses.

CWE Members List

CWE-283: Unverified Ownership Base

CWE-639: Authorization Bypass Through User-Controlled Key Base

CWE-640: Weak Password Recovery Mechanism for Forgotten Password Base

CWE-708: Incorrect Ownership Assignment Base

CWE-770: Allocation of Resources Without Limits or Throttling Base

CWE-826: Premature Release of Resource During Expected Lifetime Base

CWE-837: Improper Enforcement of a Single, Unique Action Base

CWE-841: Improper Enforcement of Behavioral Workflow Base

CWE Informations

Vulnerability Mapping Notes

Justification : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment : See member weaknesses of this category.

Submission

Name	Organization	Date	Date release	Version
CWE Content Team	MITRE	2011-03-24 +00:00	2011-03-30 +00:00	1.12

Modifications

Name	Organization	Date	Comment
CWE Content Team	MITRE	2017-01-19 +00:00	updated Relationships
CWE Content Team	MITRE	2017-11-08 +00:00	updated Description, Observed_Examples, References, Taxonomy_Mappings
CWE Content Team	MITRE	2018-03-27 +00:00	updated Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated Relationships
CWE Content Team	MITRE	2020-06-25 +00:00	updated References
CWE Content Team	MITRE	2021-10-28 +00:00	updated Relationships
CWE Content Team	MITRE	2022-10-13 +00:00	updated Terminology_Notes
CWE Content Team	MITRE	2023-04-27 +00:00	updated Mapping_Notes, References, Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes

References

REF-799

Defying Logic: Theory, Design, and Implementation of Complex Systems for Testing Application Logic
Rafal Los, Prajakta Jagdale.
https://www.slideshare.net/RafalLos/defying-logic-business-logic-testing-with-automation

REF-667

Real-Life Example of a 'Business Logic Defect' (Screen Shots!)
Rafal Los.
http://h30501.www3.hp.com/t5/Following-the-White-Rabbit-A/Real-Life-Example-of-a-Business-Logic-Defect-Screen-Shots/ba-p/22581

REF-801

Toward Automated Detection of Logic Vulnerabilities in Web Applications
Viktoria Felmetsger, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna.
https://www.usenix.org/legacy/events/sec10/tech/full_papers/Felmetsger.pdf

REF-802

Designing a Framework Method for Secure Business Application Logic Integrity in e-Commerce Systems
Faisal Nabi.
http://ijns.femto.com.tw/contents/ijns-v12-n1/ijns-2011-v12-n1-p29-41.pdf

REF-1102

Case Files from 20 Years of Business Logic Flaws
Chetan Conikee.
https://published-prd.lanyonevents.com/published/rsaus20/sessionsFiles/18217/2020_USA20_DSO-R02_01_Case%20Files%20from%2020%20Years%20of%20Business%20Logic%20Flaws.pdf

CWE-840 Categorie Detail