CWE-447 Detail

CWE-447

Unimplemented or Unsupported Feature in UI
Draft
2006-07-19
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Meldingen voor een CWE
Blijf op de hoogte van wijzigingen voor een specifieke CWE.
Meldingen beheren

Naam: Unimplemented or Unsupported Feature in UI

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.

Algemene informatie

Introductiemodi

Implementation

Toepasselijke platforms

Taal

Class: Not Language-Specific (Undetermined)

Technologieën

Class: Not Technology-Specific (Undetermined)

Veelvoorkomende gevolgen

Bereik Impact Waarschijnlijkheid
OtherVaries by Context, Unexpected State

Waargenomen voorbeelden

Referenties Beschrijving

CVE-2000-0127

GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file.

CVE-2001-0863

Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.

CVE-2001-0865

Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass.

CVE-2004-0979

Web browser does not properly modify security setting when the user sets it.

Mogelijke risicobeperkingen

Phases : Testing
Perform functionality testing before deploying the application.

Notities kwetsbaarheidsmapping

Rechtvaardiging : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Opmerking : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Notities

This issue needs more study, as there are not many examples. It is not clear whether it is primary or resultant.

Indiening

Naam Organisatie Datum Releasedatum Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Wijzigingen

Naam Organisatie Datum Opmerking
Eric Dalci Cigital 2008-07-01 +00:00 updated Potential_Mitigations, Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2009-12-28 +00:00 updated Other_Notes, Potential_Mitigations, Research_Gaps
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-06-27 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes
CWE Content Team MITRE 2025-12-11 +00:00 updated Applicable_Platforms, Common_Consequences, Relationships, Weakness_Ordinalities
De informatie die op CVE Find wordt gepresenteerd, is afkomstig van verschillende zorgvuldig geselecteerde referentiebronnen. CVE-gegevens worden geleverd door MITRE Corporation en de National Vulnerability Database (NVD). De Known Exploited Vulnerabilities (KEV)-catalogus is afkomstig van de Cybersecurity and Infrastructure Security Agency (CISA), terwijl EPSS-scores afkomstig zijn van FIRST.org. Daarnaast worden gegevens over softwarezwakheden (CWE) en veelvoorkomende aanvalspatronen (CAPEC) bijgehouden door MITRE Corporation, en informatie over hardware- en softwareconfiguraties (CPE) wordt geleverd door de NVD.