Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-439:Behavioral Change in New Version or Environment
Weakness ID:439
Version:v4.17
Weakness Name:Behavioral Change in New Version or Environment
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.

▼Extended Description

▼Alternate Terms
Functional change

▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfDiscouragedP435Improper Interaction Between Multiple Correctly-Behaving Entities
Nature: ChildOf
Mapping: Discouraged
Type: Pillar
ID: 435
Name: Improper Interaction Between Multiple Correctly-Behaving Entities
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
MemberOfProhibitedC1001SFP Secondary Cluster: Use of an Improper API
MemberOfProhibitedC1398Comprehensive Categorization: Component Interaction
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 438
Name: Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1001
Name: SFP Secondary Cluster: Use of an Improper API
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1398
Name: Comprehensive Categorization: Component Interaction
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-325Quality Degradation (impact)
MemberOfProhibitedBSBOSS-326Varies by Context (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-325
Name: Quality Degradation (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-326
Name: Varies by Context (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC438Behavioral Problems
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 438
Name: Behavioral Problems
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC1001SFP Secondary Cluster: Use of an Improper API
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1001
Name: SFP Secondary Cluster: Use of an Improper API
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
OtherN/AQuality DegradationVaries by Context
N/A
Scope: Other
Likelihood: N/A
Impact: Quality Degradation, Varies by Context
Note:
N/A
▼Potential Mitigations
▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
CVE-2002-1976
Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).
CVE-2005-1711
Product uses defunct method from another product that does not return an error code and allows detection avoidance.
CVE-2003-0411
chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype "text".
Reference: CVE-2002-1976
Description:
Linux kernel 2.2 and above allow promiscuous mode using a different method than previous versions, and ifconfig is not aware of the new method (alternate path property).
Reference: CVE-2005-1711
Description:
Product uses defunct method from another product that does not return an error code and allows detection avoidance.
Reference: CVE-2003-0411
Description:
chain: Code was ported from a case-sensitive Unix platform to a case-insensitive Windows platform where filetype handlers treat .jsp and .JSP as different extensions. JSP source code may be read because .JSP defaults to the filetype "text".
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/ACHANGE Behavioral Change
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: CHANGE Behavioral Change
      ▼Related Attack Patterns
      IDName
      ▼References
      Details not found