logo

Improper Handling of Undefined Values

Draft Variant
Structure: Simple
Description

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Common Consequences 1
Scope: Integrity

Impact: Unexpected State
Demonstrative Examples 1
In this example, an address parameter is read and trimmed of whitespace.

Code Example:

Bad
Java
java
If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted.
Observed Examples 1
CVE-2000-1003Client crash when server returns unknown driver type.
Applicable Platforms
Languages:
Not Language-Specific : Undetermined
Modes of Introduction
Implementation
Related Weaknesses
ChildOf: Improper Handling of Values (CWE-229)
Taxonomy Mapping
  • PLOVER
  • The CERT Oracle Secure Coding Standard for Java (2011)