ByteOS Network

CWE-372:Incomplete Internal State Distinction

Weakness ID:372

Version:v4.17

Weakness Name:Incomplete Internal State Distinction

Vulnerability Mapping:Discouraged

Abstraction:Base

Structure:Simple

Status:Draft

Details Content History Observed CVE Examples Reports

▼Description

The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Discouraged	P	664	Improper Control of a Resource Through its Lifetime

Nature: ChildOf

Mapping: Discouraged

Type: Pillar

ID: 664

Name: Improper Control of a Resource Through its Lifetime

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	371	State Issues
MemberOf	Prohibited	C	962	SFP Secondary Cluster: Unchecked Status Condition
MemberOf	Prohibited	C	1416	Comprehensive Categorization: Resource Lifecycle Management

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 371

Name: State Issues

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 962

Name: SFP Secondary Cluster: Unchecked Status Condition

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1416

Name: Comprehensive Categorization: Resource Lifecycle Management

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-294	Not Language-Specific Weaknesses
MemberOf	Prohibited	BS	BOSS-315	Unexpected State (impact)
MemberOf	Prohibited	BS	BOSS-326	Varies by Context (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-294

Name: Not Language-Specific Weaknesses

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-315

Name: Unexpected State (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-326

Name: Varies by Context (impact)

▼Relevant To View

Relevant to the view"Software Development - (699)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	371	State Issues

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 371

Name: State Issues

Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	962	SFP Secondary Cluster: Unchecked Status Condition

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 962

Name: SFP Secondary Cluster: Unchecked Status Condition

▼Common Consequences

Scope	Likelihood	Impact	Note
IntegrityOther	N/A	Varies by ContextUnexpected State	N/A

Scope: Integrity, Other

Likelihood: N/A

Impact: Varies by Context, Unexpected State

Note:

N/A

▼Modes Of Introduction

Phase: Implementation

Note:

N/A

▼Applicable Platforms

Languages

Class: Not Language-Specific(Undetermined Prevalence)

▼Vulnerability Mapping Notes

Usage:Discouraged

Reason:Potential Deprecation, CWE Overlap

Rationale:

This CWE entry could be deprecated in a future version of CWE.

Comments:

See maintenance notes.

▼Notes

Relationship

This conceptually overlaps other categories such as insufficient verification, but this entry refers to the product's incorrect perception of its own state.

Relationship

This is probably resultant from other weaknesses such as unhandled error conditions, inability to handle out-of-order steps, multiple interpretation errors, etc.

Maintenance

This entry is being considered for deprecation. It was poorly-defined in PLOVER and is not easily described using the behavior/resource/property model of vulnerability theory.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
PLOVER	N/A	N/A	Incomplete Internal State Distinction

Taxonomy Name: PLOVER

Entry ID: N/A

Fit: N/A

Entry Name: Incomplete Internal State Distinction

▼Related Attack Patterns

ID	Name
CAPEC-140	Bypassing of Intermediate Forms in Multiple-Form Sets
CAPEC-74	Manipulating State

ID: CAPEC-140

Name: Bypassing of Intermediate Forms in Multiple-Form Sets

ID: CAPEC-74

Name: Manipulating State