5 vulnerabilities classified as CWE-393 (返回错误的状态编码). AI Chinese analysis included.
CWE-393 represents a logic error where a software component returns an inaccurate status code, misleading the calling entity about the true outcome of an operation. This weakness typically arises when developers fail to map specific error conditions to their corresponding standard codes, resulting in ambiguous or incorrect feedback. Attackers exploit this by manipulating inputs to trigger unexpected code paths, potentially bypassing security checks or causing denial of service if the system misinterprets a failure as success. To mitigate this risk, developers must rigorously validate return values and ensure strict adherence to established error-handling protocols. Implementing comprehensive unit tests that verify every possible exit path and status code combination is essential. Additionally, using static analysis tools can help identify discrepancies between expected and actual return values, ensuring that security-critical decisions rely on accurate execution results.
try { // something that might throw IOException ... } catch (IOException ioe) { response.sendError(SC_NOT_FOUND); }| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-24531 | PAM-PKCS#11 安全漏洞 — pam_pkcs11 | 6.7 | Medium | 2026-01-16 |
| CVE-2025-5987 | Libssh: invalid return code for chacha20 poly1305 with openssl backend | 8.1 | High | 2025-07-07 |
| CVE-2025-32414 | libxml2 安全漏洞 — libxml2 | 5.6 | Medium | 2025-04-08 |
| CVE-2024-49117 | Windows Hyper-V Remote Code Execution Vulnerability — Windows Server 2022 | 8.8 | High | 2024-12-10 |
| CVE-2020-5401 | Cloud Foundry GoRouter is vulnerable to cache poisoning — Routing | - | - | 2020-02-27 |
Vulnerabilities classified as CWE-393 (返回错误的状态编码) represent 5 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.