ByteOS Network

CWE-239:Failure to Handle Incomplete Element

Weakness ID:239

Version:v4.17

Weakness Name:Failure to Handle Incomplete Element

Vulnerability Mapping:Allowed

Abstraction:Variant

Structure:Simple

Status:Draft

Details Content History Observed CVE Examples Reports

▼Description

The product does not properly handle when a particular element is not completely specified.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Allowed	B	237	Improper Handling of Structural Elements
PeerOf	Allowed-with-Review	C	404	Improper Resource Shutdown or Release

Nature: ChildOf

Mapping: Allowed

Type: Base

ID: 237

Name: Improper Handling of Structural Elements

Nature: PeerOf

Mapping: Allowed-with-Review

Type: Class

ID: 404

Name: Improper Resource Shutdown or Release

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	993	SFP Secondary Cluster: Incorrect Input Handling
MemberOf	Prohibited	C	1407	Comprehensive Categorization: Improper Neutralization

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 993

Name: SFP Secondary Cluster: Incorrect Input Handling

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1407

Name: Comprehensive Categorization: Improper Neutralization

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-294	Not Language-Specific Weaknesses
MemberOf	Prohibited	BS	BOSS-315	Unexpected State (impact)
MemberOf	Prohibited	BS	BOSS-326	Varies by Context (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-294

Name: Not Language-Specific Weaknesses

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-315

Name: Unexpected State (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-326

Name: Varies by Context (impact)

▼Relevant To View

Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	993	SFP Secondary Cluster: Incorrect Input Handling

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 993

Name: SFP Secondary Cluster: Incorrect Input Handling

▼Common Consequences

Scope	Likelihood	Impact	Note
IntegrityOther	N/A	Varies by ContextUnexpected State	N/A

Scope: Integrity, Other

Likelihood: N/A

Impact: Varies by Context, Unexpected State

Note:

N/A

▼Modes Of Introduction

Phase: Implementation

Note:

N/A

▼Applicable Platforms

Languages

Class: Not Language-Specific(Undetermined Prevalence)

▼Observed Examples

Reference	Description
CVE-2002-1532	HTTP GET without \r\n\r\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.
CVE-2003-0195	Partial request is not timed out.
CVE-2005-2526	MFV. CPU exhaustion in printer via partial printing request then early termination of connection.
CVE-2002-1906	CPU consumption by sending incomplete HTTP requests and leaving the connections open.

Reference: CVE-2002-1532

Description:

HTTP GET without \r\n\r\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.

Reference: CVE-2003-0195

Description:

Partial request is not timed out.

Reference: CVE-2005-2526

Description:

MFV. CPU exhaustion in printer via partial printing request then early termination of connection.

Reference: CVE-2002-1906

Description:

CPU consumption by sending incomplete HTTP requests and leaving the connections open.

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
PLOVER	N/A	N/A	Incomplete Element

Taxonomy Name: PLOVER

Entry ID: N/A

Fit: N/A

Entry Name: Incomplete Element