SEI CERT Oracle Secure Coding Standard for Java - Guidelines 16. Runtime Environment (ENV)

A category in the Common Weakness Enumeration published by The MITRE Corporation.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-1150

  • Status

    Stable

Contents

Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to the rules and recommendations in the Runtime Environment (ENV) section of the SEI CERT Oracle Secure Coding Standard for Java.

Weaknesses

Acceptance of Extraneous Untrusted Data With Trusted Data

The product, when processing trusted data, accepts any untrusted data that is also included with the trusted data, treating the untrusted data as if it were trusted.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

Concepts

Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...

See Also

  1. SEI CERT Oracle Coding Standard for Java : Rule 16. Runtime Environment (ENV)

    The Software Engineering Institute

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.