CWE-222: Truncation of Security-relevant Information Truncation of Security-relevant Information
Weakness ID: 222 (Weakness Base) Status: Draft
Description
Description Summary
The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
Time of Introduction
Architecture and Design
Implementation
Operation
Common Consequences
Scope Effect Non-Repudiation
Technical Impact: Hide activities
Observed Examples
Reference Description CVE-2005-0585 Web browser truncates long sub-domains or paths,
facilitating phishing. CVE-2004-2032 Bypass URL filter via a long URL with a large
number of trailing hex-encoded space
characters. CVE-2003-0412 Does not log complete URI of a long request
(truncation).
Relationships
Nature Type ID Name View(s) this relationship pertains to ChildOf Weakness Class 221 Information Loss or Omission Development Concepts (primary) 699
Research Concepts (primary) 1000
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name PLOVER Truncation of Security-relevant Information
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Relationships,
Taxonomy_Mappings 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences
Description
