CWE-235: Improper Handling of Extra Parameters Improper Handling of Extra Parameters
Weakness ID: 235 (Weakness Base) Status: Draft
Description
Description Summary
The software does not handle or incorrectly handles when a particular parameter, field, or argument name is specified two or more times.
Time of Introduction
Architecture and Design
Implementation
Modes of Introduction
This typically occurs in situations when only one element is expected to
be specified.
Common Consequences
Scope Effect Integrity
Technical Impact: Unexpected state
Observed Examples
Reference Description CVE-2003-1014 MIE. multiple gateway/security products allow
restriction bypass using multiple MIME fields with the same name, which are
interpreted differently by clients.
Relationships
Nature Type ID Name View(s) this relationship pertains to ChildOf Weakness Class 233 Parameter Problems Development Concepts (primary) 699
Research Concepts (primary) 1000
Relationship Notes
This type of problem has a big role in multiple interpretation
vulnerabilities and various HTTP attacks.
Taxonomy Mappings
Mapped Taxonomy Name Node ID Fit Mapped Node Name PLOVER Extra Parameter Error
Content History
Submissions Submission Date Submitter Organization Source PLOVER Externally Mined Modifications Modification Date Modifier Organization Source 2008-07-01 Eric Dalci Cigital External updated Time_of_Introduction 2008-09-08 CWE Content Team MITRE Internal updated Modes_of_Introduction, Relationships,
Relationship_Notes, Taxonomy_Mappings 2009-03-10 CWE Content Team MITRE Internal updated Description, Name 2011-06-01 CWE Content Team MITRE Internal updated Common_Consequences 2011-06-27 CWE Content Team MITRE Internal updated Common_Consequences Previous Entry Names Change Date Previous Entry
Name 2008-04-11 Extra Parameter
Error 2009-03-10 Failure to Handle Extra
Parameter
Description
