Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-437:Incomplete Model of Endpoint Features
Weakness ID:437
Version:v4.17
Weakness Name:Incomplete Model of Endpoint Features
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

A product acts as an intermediary or monitor between two or more endpoints, but it does not have a complete model of an endpoint's features, behaviors, or state, potentially causing the product to perform incorrect actions based on this incomplete model.

▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC436Interpretation Conflict
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 436
Name: Interpretation Conflict
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
MemberOfProhibitedC957SFP Secondary Cluster: Protocol Error
MemberOfProhibitedC1398Comprehensive Categorization: Component Interaction
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 438
Name: Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 957
Name: SFP Secondary Cluster: Protocol Error
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1398
Name: Comprehensive Categorization: Component Interaction
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-315Unexpected State (impact)
MemberOfProhibitedBSBOSS-326Varies by Context (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-315
Name: Unexpected State (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-326
Name: Varies by Context (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 438
Name: Behavioral Problems
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC957SFP Secondary Cluster: Protocol Error
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 957
Name: SFP Secondary Cluster: Protocol Error
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
IntegrityOtherN/AUnexpected StateVaries by Context
N/A
Scope: Integrity, Other
Likelihood: N/A
Impact: Unexpected State, Varies by Context
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

HTTP request smuggling is an attack against an intermediary such as a proxy. This attack works because the proxy expects the client to parse HTTP headers one way, but the client parses them differently.

Language: ( code)
N/A

Example 2

Anti-virus products that reside on mail servers can suffer from this issue if they do not know how a mail client will handle a particular attachment. The product might treat an attachment type as safe, not knowing that the client's configuration treats it as executable.

Language: ( code)
N/A

▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      Relationship

      This can be related to interaction errors, although in some cases, one of the endpoints is not performing correctly according to specification.

      N/A

      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/AExtra Unhandled Features
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: Extra Unhandled Features
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found