CWE-232 - Improper Handling of Undefined Values

Home/CWEs/CWE info/

CWE-232

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of Undefined Values

Description: The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-229Improper Handling of Values

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Truist Bank confirms breach after stolen data shows up on hacking forum

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

CISA proposes new security requirements to protect govt, personal data

LiteSpeed Cache WordPress plugin bug lets hackers get admin access

DDoS site Dstat.cc seized and two suspects arrested in Germany

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Common Alerts

MediumSession ID in URL Rewrite

InformationalUsername Hash Found

HighSQL Injection - PostgreSQL

InformationalInformation Disclosure - Sensitive Information in HTTP Referrer Header

HighServer Side Code Injection - PHP Code Injection

HighSource Code Disclosure - CVE-2012-1823

MediumMissing Anti-clickjacking Header

LowHash Disclosure - MD4 / MD5

LowStrict-Transport-Security Missing Max-Age (Non-compliant with Spec)

MediumX-ChromeLogger-Data (XCOLD) Header Information Leak

Latest CVE List

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

CVE-2024-9537 ScienceLogic SL1 Unspecified Vulnerability

CVE-2024-40711 Veeam Backup and Replication Deserialization Vulnerability

CVE-2024-30088 Microsoft Windows Kernel TOCTOU Race Condition Vulnerability

CVE-2024-9680 Mozilla Firefox Use-After-Free Vulnerability

Common CWEs

CWE-564 SQL Injection: Hibernate

CWE-588 Attempt to Access Child of a Non-structure Pointer

CWE-608 Struts: Non-private Field in ActionForm Class

CWE-756 Missing Custom Error Page

MediumCWE-434 Unrestricted Upload of File with Dangerous Type

CWE-691 Insufficient Control Flow Management

CWE-1127 Compilation with Insufficient Warnings or Errors

CWE-675 Multiple Operations on Resource in Single-Operation Context

CWE-925 Improper Verification of Intent by Broadcast Receiver

CWE-1254 Incorrect Comparison Logic Granularity

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-232 - Improper Handling of Undefined Values

The product does not handle or incorrectly handles when a value is not defined or supported for the associated parameter, field, or argument name.