Description
The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.
Potential Impact
Integrity
Unexpected State
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2003-1014 | MIE. multiple gateway/security products allow restriction bypass using multiple MIME fields with the same name, which are interpreted differently by clients. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Extra Parameter Error
Frequently Asked Questions
What is CWE-235?
CWE-235 (Improper Handling of Extra Parameters) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not handle or incorrectly handles when the number of parameters, fields, or arguments with the same name exceeds the expected amount.
How can CWE-235 be exploited?
Attackers can exploit CWE-235 (Improper Handling of Extra Parameters) to unexpected state. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-235?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-235?
CWE-235 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 1 real-world CVEs.