CWE-447 在UI中的未实现或未支持特性

Unimplemented or Unsupported Feature in UI

结构: Simple

Abstraction: Base

状态: Draft

被利用可能性: unkown

基本描述

A UI function for a security feature appears to be supported and gives feedback to the user that suggests that it is supported, but the underlying functionality is not implemented.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 446 cwe_View_ID: 1000

  • cwe_Nature: ChildOf cwe_CWE_ID: 446 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 671 cwe_View_ID: 1000 cwe_Ordinal: Primary

适用平台

Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}

常见的影响

范围 影响 注释
Other Varies by Context

可能的缓解方案

Testing

策略:

Perform functionality testing before deploying the application.

分析过的案例

标识 说明 链接
CVE-2000-0127 GUI configuration tool does not enable a security option when a checkbox is selected, although that option is honored when manually set in the configuration file. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0127
CVE-2001-0863 Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0863
CVE-2001-0865 Router does not implement a specific keyword when it is used in an ACL, allowing filter bypass. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0865
CVE-2004-0979 Web browser does not properly modify security setting when the user sets it. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0979

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
PLOVER Unimplemented or unsupported feature in UI