CWE-235 - Improper Handling of Extra Parameters

Home/CWEs/CWE info/

CWE-235

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Improper Handling of Extra Parameters

Description: The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.

Common Consequences: Scope: Integrity
Impact: Unexpected State

Related Weaknesses: CWE-233Improper Handling of Parameters

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Top Security News

Truist Bank confirms breach after stolen data shows up on hacking forum

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

Microsoft SharePoint RCE bug exploited to breach corporate network

Google patches actively exploited Android vulnerability (CVE-2024-43093)

VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware

Download: CIS Critical Security Controls v8.1

CISA proposes new security requirements to protect govt, personal data

Top Alert List

MediumDirectory Browsing

InformationalInformation Disclosure - Suspicious Comments

LowCookie without SameSite Attribute

MediumMissing Anti-clickjacking Header

LowCross-Domain JavaScript Source File Inclusion

LowInformation Disclosure - Debug Error Messages

Content Security Policy (CSP) Header Not Set

MediumCSP: Wildcard Directive

HighLog4Shell (CVE-2021-45046)

HighXML External Entity Attack

Latest CVE List

CVE-2024-5910 Palo Alto Expedition Missing Authentication Vulnerability

CVE-2024-43093 Android Framework Privilege Escalation Vulnerability

CVE-2024-51567 CyberPanel Incorrect Default Permissions Vulnerability

CVE-2019-16278 Nostromo nhttpd Directory Traversal Vulnerability

CVE-2024-8957 PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability

CVE-2024-8956 PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability

CVE-2024-20481 Cisco ASA and FTD Denial-of-Service Vulnerability

CVE-2024-37383 RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability

CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability

CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability

Common CWEs

CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-508 Non-Replicating Malicious Code

CWE-761 Free of Pointer not at Start of Buffer

CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context

CWE-562 Return of Stack Variable Address

CWE-589 Call to Non-ubiquitous API

CWE-792 Incomplete Filtering of One or More Instances of Special Elements

CWE-1240 Use of a Cryptographic Primitive with a Risky Implementation

CWE-270 Privilege Context Switching Error

Free security scan for your website

Don't show website scan report rating on the leaderboard

CWE-235 - Improper Handling of Extra Parameters

The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.