CWE-232: Improper Handling of Undefined Values

Description

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

In this example, an address parameter is read and trimmed of whitespace.


String address = request.getParameter("address");address = address.trim();String updateString = "UPDATE shippingInfo SET address='?' WHERE email='[email protected]'";emailAddress = con.prepareStatement(updateString);emailAddress.setString(1, address);

If the value of the address parameter is null (undefined), the servlet will throw a NullPointerException when the trim() is attempted.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 24, 2024 4:14