Weaknesses in Software Written in Java
A view in the Common Weakness Enumeration published by The MITRE Corporation.
Views in the Common Weakness Enumeration (CWE) represent one perspective with which to consider a set of weaknesses.
This view (slice) covers issues that are found in Java programs that are not common to all languages.
The software defines a public method that reads or modifies a private variable.
The program declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified.
The code uses an operator for assignment when the intention was to perform a comparison.
The program calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.
The software contains a clone() method that does not call super.clone() to obtain the new object.
The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.
The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a ...
The software declares a critical variable, field, or member to be public when intended security policy requires it to be private.
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
Catching overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.
Throwing overly broad exceptions promotes complex error handling code that is more likely to contain security vulnerabilities.
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
When a Java application uses the Java Native Interface (JNI) to call code written in another programming language, it can expose the application to weaknesses in that ...
The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient.
Duplicate keys in associative lists can lead to non-unique keys being mistaken for an error.
The program violates the Enterprise JavaBeans (EJB) specification by using AWT/Swing.
The program violates the Enterprise JavaBeans (EJB) specification by using the class loader.
The program violates the Enterprise JavaBeans (EJB) specification by using the java.io package.
The program violates the Enterprise JavaBeans (EJB) specification by using sockets.
The program violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.
The software contains an empty synchronized block.
The software makes an explicit call to the finalize() method from outside the finalizer.
The program violates secure coding principles for mobile code by declaring a finalize() method public.
The software contains a finalize() method that does not call super.finalize().
The software generates an error message that includes sensitive information about its environment, users, or associated data.
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
The software receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluatio...
The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, ...
The code uses boxed primitives, which may introduce inefficiencies into performance-critical operations.
Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the co...
The J2EE application directly manages connections, instead of using the container's connection management facilities.
The J2EE application directly uses sockets instead of using framework method calls.
Thread management in a Web application is forbidden in some circumstances and is always highly error prone.
The application stores a non-serializable object as an HttpSession attribute, which can hurt reliability.
A J2EE application uses System.exit(), which also shuts down its container.
When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are we...
The J2EE application is configured to use an insufficient session ID length.
The default error page of a web application should not display sensitive information about the software system.
In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.
The code does not have a default case in a switch statement, which might lead to complex logical errors and resultant weaknesses.
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
The software does not maintain equal hashcodes for equal objects.
The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the...
The program sends non-cloned mutable data as an argument to a method or function.
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways.
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in a...
Assigning public data to a private array is equivalent to giving public access to the array.
An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from another package.
The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function.
The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the class through another ...
The application uses multiple validation forms with the same name, which might cause the Struts Validator to validate a form that the programmer does not expect.
If a form bean does not extend an ActionForm subclass of the Validator framework, it can expose the application to other weaknesses related to insufficient input valid...
The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
The application has a validator form that either does not define a validate() method, or defines a validate() method but does not call super.validate().
An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter.
When an application does not use an input validation framework such as the Struts Validator, there is a greater risk of introducing weaknesses related to insufficient ...
An unused validation form indicates that validation logic is not up-to-date.
Every Action Form must have a corresponding validation form.
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weakn...
Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.
An exception is thrown from a function, but it is not caught.
The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.
The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper clas...
Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.
Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.
The software uses the singleton pattern when creating a resource within a multithreaded environment.