CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-697: Insufficient Comparison

Weakness ID: 697
Abstraction: Class
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software compares two entities in a security-relevant context, but the comparison is insufficient, which may lead to resultant weaknesses.

Extended Description

This weakness class covers several possibilities:

  1. the comparison checks one factor incorrectly;

  2. the comparison should consider multiple factors, but it does not check some of those factors at all.

+ Time of Introduction
  • Implementation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Other

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory171Cleansing, Canonicalization, and Comparison Errors
Development Concepts (primary)699
ChildOfCategoryCategory747CERT C Secure Coding Section 49 - Miscellaneous (MSC)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory883CERT C++ Secure Coding Section 49 - Miscellaneous (MSC)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory977SFP Secondary Cluster: Design
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness BaseWeakness Base183Permissive Whitelist
Research Concepts1000
ParentOfWeakness BaseWeakness Base184Incomplete Blacklist
Research Concepts1000
ParentOfWeakness ClassWeakness Class185Incorrect Regular Expression
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base187Partial Comparison
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base372Incomplete Internal State Distinction
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant478Missing Default Case in Switch Statement
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant486Comparison of Classes by Name
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base595Comparison of Object References Instead of Object Contents
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base596Incorrect Semantic Object Comparison
Research Concepts (primary)1000
MemberOfViewView1000Research Concepts
Research Concepts (primary)1000
CanFollowWeakness VariantWeakness Variant481Assigning instead of Comparing
Research Concepts1000
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C Secure CodingMSC31-CEnsure that return values are compared against the proper type
CERT C++ Secure CodingMSC31-CPPEnsure that return values are compared against the proper type
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-11-24CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2009-03-10CWE Content TeamMITREInternal
updated Related_Attack_Patterns
2009-05-27CWE Content TeamMITREInternal
updated Description
2011-03-29CWE Content TeamMITREInternal
updated Description
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-09-13CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Related_Attack_Patterns, Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships

More information is available — Please select a different filter.
Page Last Updated: January 11, 2017