Description
The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
Potential Impact
Non-Repudiation
Hide Activities
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2005-0585 | Web browser truncates long sub-domains or paths, facilitating phishing. |
| CVE-2004-2032 | Bypass URL filter via a long URL with a large number of trailing hex-encoded space characters. |
| CVE-2003-0412 | application server does not log complete URI of a long request (truncation). |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Truncation of Security-relevant Information
Frequently Asked Questions
What is CWE-222?
CWE-222 (Truncation of Security-relevant Information) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack.
How can CWE-222 be exploited?
Attackers can exploit CWE-222 (Truncation of Security-relevant Information) to hide activities. This weakness is typically introduced during the Implementation, Operation phase of software development.
How do I prevent CWE-222?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-222?
CWE-222 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.