CWE-440 - Expected Behavior Violation

Home/CWEs/CWE info/

CWE-440

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Expected Behavior Violation

Description: A feature, API, or function does not perform according to its specification.

Common Consequences: Scope: Other
Impact: Quality Degradation, Varies by Context

Related Weaknesses: CWE-684Incorrect Provision of Specified Functionality

Release Date:
2006-07-19

Latest Modification Date:
2024-02-29

Top Security News

Hackers now use AppDomain Injection to drop CobaltStrike beacons

New Ymir Ransomware Exploits Memory for Stealthy Attacks; Targets Corporate Networks

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

Urgent: Critical WordPress Plugin Vulnerability Exposes Over 4 Million Sites

Privileged Accounts, Hidden Threats: Why Privileged Access Security Must Be a Top Priority

CWE top 25 most dangerous software weaknesses

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs Released

China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks

Top Alert List

InformationalModern Web Application

MediumDirectory Browsing

MediumAbsence of Anti-CSRF Tokens

Content Security Policy (CSP) Header Not Set

CSP

LowCross-Domain JavaScript Source File Inclusion

LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)

Latest CVE List

CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability

CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability

CVE-2024-21287 Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability

CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability

CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability

CVE-2024-1212 Progress Kemp LoadMaster OS Command Injection Vulnerability

CVE-2024-0012 Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability

CVE-2024-9474 Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability

CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability

CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability

Common CWEs

CWE-598 Use of GET Request Method With Sensitive Query Strings

CWE-405 Asymmetric Resource Consumption (Amplification)

CWE-1058 Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element

CWE-130 Improper Handling of Length Parameter Inconsistency

HighCWE-294 Authentication Bypass by Capture-replay

CWE-1187 DEPRECATED: Use of Uninitialized Resource

CWE-1068 Inconsistency Between Implementation and Documented Design

CWE-670 Always-Incorrect Control Flow Implementation

CWE-1301 Insufficient or Incomplete Data Removal within Hardware Component

CWE-692 Incomplete Denylist to Cross-Site Scripting

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-440 - Expected Behavior Violation

A feature, API, or function does not perform according to its specification.