Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failure to specify function prototypes can result in undefined, and perhaps unintended program behavior.

  • CVE-2002-1236, CAN-2003-0422 - CGI crashes when called without any arguments
  • CVE-2002-1531, CAN-2002-1077 - crash in HTTP request without a Content-Length field
  • CAN-2002-1358 - empty elements/strings in protocol test suite affect many SSH2 servers/clients
  • CVE-2002-0107 - resultant infoleak in web server via GET requests without HTTP/1.0 version string
  • CAN-2002-0596 - GET reqeust with empty parameter leads to error message infoleak (path disclosure)

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DRAFT

1 (low)

1 (unlikely)

3 (low)

P3

L3

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.

References