CWE-236: Improper Handling of Undefined Parameters
The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.
View on MITRETechnical Details
- Structure
- Simple
Applicable To
Security Consequences
Scope
Impact
Mitigation Strategies
No mitigation information available for this CWE.
Detection Methods
No detection method information available for this CWE.
Code Examples & CVEs
Observed CVE Examples (2)
Router crash or bad route modification using BGP updates with invalid transitive attribute.
View DetailsCWE Relationships
Frequently Asked Questions
What is CWE-236: Improper Handling of Undefined Parameters?+
CWE-236: Improper Handling of Undefined Parameters is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product does not handle or incorrectly handles when a particular parameter, field, or argument name is not defined or supported by the product.
What are the security consequences of Improper Handling of Undefined Parameters?+
If exploited, CWE-236 (Improper Handling of Undefined Parameters) it can compromise Integrity, leading to outcomes such as Unexpected State.
Which programming languages are affected by Improper Handling of Undefined Parameters?+
CWE-236 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
What are real-world examples of Improper Handling of Undefined Parameters?+
MITRE documents real CVEs mapped to CWE-236, including CVE-2002-1488 and CVE-2001-0650. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
What is the difference between a CWE and a CVE?+
A CWE (Common Weakness Enumeration) like CWE-236 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.