Category: Comprehensive Categorization: Improper Check or Handling of Exceptional Conditions
Incomplete
Summary
Weaknesses in this category are related to improper check or handling of exceptional conditions.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-12 | ASP.NET Misconfiguration: Missing Custom Error Page | An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses. |
| CWE-1247 | Improper Protection Against Voltage and Clock Glitches | The device does not contain or contains incorrectly implemented circuitry or sensors to detect and mitigate voltage and clock glitches and protect sensitive information or software contained on the device. |
| CWE-1261 | Improper Handling of Single Event Upsets | The hardware logic does not effectively handle when single-event upsets (SEUs) occur. |
| CWE-1332 | Improper Handling of Faults that Lead to Instruction Skips | The device is missing or incorrectly implements circuitry or sensors that detect and mitigate the skipping of security-critical CPU instructions when they occur. |
| CWE-1351 | Improper Handling of Hardware Behavior in Exceptionally Cold Environments | A hardware device, or the firmware running on it, is missing or has incorrect protection features to maintain goals of security primitives when the device is cooled below standard operating temperatures. |
| CWE-1384 | Improper Handling of Physical or Environmental Conditions | The product does not properly handle unexpected physical or environmental conditions that occur naturally or are artificially induced. |
| CWE-252 | Unchecked Return Value | The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. |
| CWE-390 | Detection of Error Condition Without Action | The product detects a specific error, but takes no actions to handle the error. |
| CWE-391 | Unchecked Error Condition | [PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES AND CONSIDER CWE-252, CWE-248, OR CWE-1069.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. |
| CWE-394 | Unexpected Status Code or Return Value | The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product. |
| CWE-544 | Missing Standardized Error Handling Mechanism | The product does not use a standardized method for handling errors throughout the code, which might introduce inconsistent error handling and resultant weaknesses. |
| CWE-7 | J2EE Misconfiguration: Missing Custom Error Page | The default error page of a web application should not display sensitive information about the product. |
| CWE-703 | Improper Check or Handling of Exceptional Conditions | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
| CWE-755 | Improper Handling of Exceptional Conditions | The product does not handle or incorrectly handles an exceptional condition. |
| CWE-756 | Missing Custom Error Page | The product does not return custom error pages to the user, possibly exposing sensitive information. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.