VYPR

CWE-203

Observable Discrepancy

BaseIncomplete

Description

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-189

CVEs mapped to this weakness (224)

page 12 of 12
  • CVE-2002-0208May 16, 2002
    risk 0.00cvss epss 0.02

    PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack and modifies packets in ICMP error messages in a way that allows remote attackers to determine that the system is running PGPfire.

  • CVE-2001-1483Dec 31, 2001
    risk 0.00cvss epss 0.04

    One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.

  • CVE-2001-1387Nov 5, 2001
    risk 0.00cvss epss 0.00

    iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.

  • CVE-2000-1117Jan 9, 2001
    risk 0.00cvss epss 0.03

    The Extended Control List (ECL) feature of the Java Virtual Machine (JVM) in Lotus Notes Client R5 allows malicious web site operators to determine the existence of files on the client by measuring delays in the execution of the getSystemResource method.