Truncation of Security-relevant Information

Draft Base

Structure: Simple

Description

The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.

Common Consequences 1

Scope: Non-Repudiation

Impact: Hide Activities

The source of an attack will be difficult or impossible to determine. This can allow attacks to the system to continue without notice.

Observed Examples 3

CVE-2005-0585Web browser truncates long sub-domains or paths, facilitating phishing.

CVE-2004-2032Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters.

CVE-2003-0412application server does not log complete URI of a long request (truncation).

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Operation

Related Weaknesses

ChildOf:

Information Loss or Omission (CWE-221)

Taxonomy Mapping

PLOVER