Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-222: Truncation of Security-relevant Information

Truncation of Security-relevant Information
Weakness ID: 222 (Weakness Base)Status: Draft
+ Description

Description Summary

The application truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
+ Time of Introduction
  • Architecture and Design
  • Implementation
  • Operation
+ Applicable Platforms



+ Common Consequences

Technical Impact: Hide activities

The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

+ Observed Examples
Web browser truncates long sub-domains or paths, facilitating phishing.
Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.
Does not log complete URI of a long request (truncation).
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class221Information Loss or Omission
Development Concepts (primary)699
Research Concepts (primary)1000
ChildOfCategoryCategory906SFP Cluster: UI
Software Fault Pattern (SFP) Clusters (primary)888
MemberOfViewView884CWE Cross-section
CWE Cross-section (primary)884
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERTruncation of Security-relevant Information
+ Content History
Submission DateSubmitterOrganizationSource
Externally Mined
Modification DateModifierOrganizationSource
updated Time_of_Introduction
updated Relationships, Taxonomy_Mappings
updated Common_Consequences
updated Common_Consequences, Relationships
Page Last Updated: June 23, 2014