Improper Handling of Extra Parameters

Draft Variant

Structure: Simple

Description

The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

Common Consequences 1

Scope: Integrity

Impact: Unexpected State

Observed Examples 1

CVE-2003-1014MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients.

Applicable Platforms

Languages:

Not Language-Specific : Undetermined

Modes of Introduction

Implementation

Related Attack Patterns

460
Improper Cleanup on Thrown Exception

Related Weaknesses

ChildOf:

Improper Handling of Parameters (CWE-233)

Taxonomy Mapping

PLOVER

Notes

RelationshipThis type of problem has a big role in multiple interpretation vulnerabilities and various HTTP attacks.