CWE-372 - Incomplete Internal State Distinction

CWE-372

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Incomplete Internal State Distinction

Description: The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner.

Common Consequences: Scope: Integrity, Other
Impact: Varies by Context, Unexpected State

Related Weaknesses: CWE-664Improper Control of a Resource Through its Lifetime

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard