SFP Secondary Cluster: Use of an Improper API

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Use of an Improper API cluster (SFP3).


Behavioral Change in New Version or Environment

A's behavior or functionality changes with a new version of A, or a new environment, which is not known (or manageable) by B.

Call to Non-ubiquitous API

The product uses an API function that does not exist on all versions of the target platform. This could cause portability problems or inconsistencies that allow denial...

Call to Thread run() instead of start()

The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.

Dangerous Signal Handler not Disabled During Sensitive Operations

The product uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while...

Direct Use of Unsafe JNI

When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that ...

EJB Bad Practices: Use of AWT Swing

The product violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.

EJB Bad Practices: Use of Class Loader

The product violates the Enterprise JavaBeans (EJB) specification by using the class loader.

EJB Bad Practices: Use of Java I/O

The product violates the Enterprise JavaBeans (EJB) specification by using the java.io package.

EJB Bad Practices: Use of Sockets

The product violates the Enterprise JavaBeans (EJB) specification by using sockets.

EJB Bad Practices: Use of Synchronization Primitives

The product violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.

Expected Behavior Violation

A feature, API, or function does not perform according to its specification.

Explicit Call to Finalize()

The product makes an explicit call to the finalize() method from outside the finalizer.

Improper Following of Specification by Caller

The product does not follow or incorrectly follows the specifications as required by the implementation language, environment, framework, protocol, or platform.

Incorrect Provision of Specified Functionality

The code does not function according to its published specifications, potentially leading to incorrect usage.

J2EE Bad Practices: Direct Management of Connections

The J2EE application directly manages connections, instead of using the container's connection management facilities.

J2EE Bad Practices: Direct Use of Sockets

The J2EE application directly uses sockets instead of using framework method calls.

J2EE Bad Practices: Direct Use of Threads

Thread management in a Web application is forbidden in some circumstances and is always highly error prone.

J2EE Bad Practices: Use of System.exit()

A J2EE application uses System.exit(), which also shuts down its container.

Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe th...

Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Signal Handler Use of a Non-reentrant Function

The product defines a signal handler that calls a non-reentrant function.

Use of Function with Inconsistent Implementations

The code uses a function that has inconsistent implementations across operating systems and versions.

Use of getlogin() in Multithreaded Application

The product uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.

Use of Inherently Dangerous Function

The product calls a function that can never be guaranteed to work safely.

Use of Low-Level Functionality

The product uses low-level functionality that is explicitly prohibited by the framework or specification under which the product is supposed to operate.

Use of Obsolete Function

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

Use of Potentially Dangerous Function

The product invokes a potentially dangerous function that could introduce a vulnerability if it is used incorrectly, but the function can also be used safely.


7PK - API Abuse

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that involve the software using an API ...


Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.