CWE-205
Observable Behavioral Discrepancy
Incomplete
2006-07-19
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Observable Behavioral Discrepancy
The product's behaviors indicate important differences that may be observed by unauthorized actors in a way that reveals (1) its internal state or decision process, or (2) differences from other products with equivalent functionality.
CWE-Beschreibung
Ideally, a product should provide as little information about its internal operations as possible. Otherwise, attackers could use knowledge of these internal operations to simplify or optimize their attack. In some cases, behavioral discrepancies can be used by attackers to form a side channel.
Allgemeine Informationen
Einführungsmodi
Architecture and DesignImplementation
Anwendbare Plattformen
Sprache
Class: Not Language-Specific (Undetermined)Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Confidentiality Access Control | Read Application Data, Bypass Protection Mechanism |
Beobachtete Beispiele
| Referenzen | Beschreibung |
|---|---|
CVE-2002-0208 | Product modifies TCP/IP stack and ICMP error messages in unusual ways that show the product is in use. |
CVE-2004-2252 | Behavioral infoleak by responding to SYN-FIN packets. |
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Verwandte Angriffsmuster
| CAPEC-ID | Name des Angriffsmusters |
|---|---|
| CAPEC-541 | Application Fingerprinting
An adversary engages in fingerprinting activities to determine the type or version of an application installed on a remote target. |
| CAPEC-580 | System Footprinting
An adversary engages in active probing and exploration activities to determine security information about a remote target system. Often times adversaries will rely on remote applications that can be probed for system configurations. |
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| PLOVER | Draft 3 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Description, Name | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Description, Name, Observed_Examples, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Related_Attack_Patterns | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
