312-50V11 · Question #286
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
The correct answer is C. 0-day vulnerability. A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.
Question
A newly discovered flaw in a software application would be considered which kind of security vulnerability?
Options
- AInput validation flaw
- BHTTP header injection vulnerability
- C0-day vulnerability
- DTime-to-check to time-to-use flaw
How the community answered
(19 responses)- B5% (1)
- C95% (18)
Why each option
A zero-day vulnerability is a flaw that has been discovered but has no available patch or vendor fix, leaving systems exposed with no remediation path.
An input validation flaw is categorized by the technical root cause - improper handling of user-supplied input - not by how recently it was discovered.
An HTTP header injection vulnerability is a specific technical class involving malicious content injected into HTTP response headers, unrelated to discovery timeline.
A 0-day vulnerability is defined by the fact that the vendor has had zero days to respond - the flaw is either unknown to them or known but unpatched. This distinguishes it from other vulnerability classes, which are defined by their technical nature rather than their disclosure status. The absence of a patch is the defining characteristic.
A time-to-check to time-to-use (TOCTOU) flaw is a race condition vulnerability where state changes between a check and its use, which is a root-cause classification, not a discovery-status classification.
Concept tested: Zero-day vulnerability definition and classification
Source: https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates
Topics
Community Discussion
No community discussion yet for this question.