Description
The product does not properly handle when a particular element is not completely specified.
Potential Impact
Integrity, Other
Varies by Context, Unexpected State
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2002-1532 | HTTP GET without \r\n\r\n CRLF sequences causes product to wait indefinitely and prevents other users from accessing it. |
| CVE-2003-0195 | Partial request is not timed out. |
| CVE-2005-2526 | MFV. CPU exhaustion in printer via partial printing request then early termination of connection. |
| CVE-2002-1906 | CPU consumption by sending incomplete HTTP requests and leaving the connections open. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Incomplete Element
Frequently Asked Questions
What is CWE-239?
CWE-239 (Failure to Handle Incomplete Element) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not properly handle when a particular element is not completely specified.
How can CWE-239 be exploited?
Attackers can exploit CWE-239 (Failure to Handle Incomplete Element) to varies by context, unexpected state. This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-239?
Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.
What is the severity of CWE-239?
CWE-239 is classified as a Variant-level weakness (Low-Medium abstraction). It has been observed in 4 real-world CVEs.