CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > Community > Research > Reports > TECHSPEC: Technology-Specific Nodes  
ID

TECHSPEC: Technology-Specific Nodes
TECHSPEC: Technology-Specific Nodes

Total Nodes in this Report: 83    Report Generated On: 2007-09-12

ID: 3 Name: Technology-specific Environment Issues
URL: http://cwe.mitre.org/data/definitions/3.html
ID: 4 Name: J2EE Environment Issues
URL: http://cwe.mitre.org/data/definitions/4.html
J2EE framework related environment issues with security implications.
ID: 5 Name: J2EE Misconfiguration: Insecure Transport
URL: http://cwe.mitre.org/data/definitions/5.html
Information sent over a network can be compromised while in transit. An attacker may be able to read/modify the contents if the data are sent in plaintext or are weakly encrypted.
ID: 6 Name: J2EE Misconfiguration: Insufficient Session-ID Length
URL: http://cwe.mitre.org/data/definitions/6.html
Session ID's can be used to identify communicating parties in a web environment. If an attacker can guess or steal a session ID, then he/she may be able to take over the user's session (called session hijacking).
ID: 7 Name: J2EE Misconfiguration: Missing Error Handling
URL: http://cwe.mitre.org/data/definitions/7.html
A Web application must define a default error page for 4xx errors (e.g. 404), 5xx (e.g. 500) errors and to catch java.lang.Throwable exceptions to prevent attackers from mining information from the application container's built-in error response. The default error page should not display sensitive information about the software system.
ID: 8 Name: J2EE Misconfiguration: Unsafe Bean Declaration
URL: http://cwe.mitre.org/data/definitions/8.html
Entity beans should not be declared remote.
ID: 9 Name: J2EE Misconfiguration: Weak Access Permissions
URL: http://cwe.mitre.org/data/definitions/9.html
If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the software system.
ID: 10 Name: ASP.NET Environment Issues
URL: http://cwe.mitre.org/data/definitions/10.html
ASP.NET framework/language related environment issues with security implications.
ID: 11 Name: ASP.NET Misconfiguration: Creating Debug Binary
URL: http://cwe.mitre.org/data/definitions/11.html
Debugging messages help attackers learn about the system and plan a form of attack.
ID: 12 Name: ASP.NET Misconfiguration: Missing Custom Error Handling
URL: http://cwe.mitre.org/data/definitions/12.html
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
ID: 13 Name: ASP.NET Misconfiguration: Password in Configuration File
URL: http://cwe.mitre.org/data/definitions/13.html
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers.
ID: 58 Name: Path Issue - Windows 8.3 Filename
URL: http://cwe.mitre.org/data/definitions/58.html
On later Windows operating systems, a file can have a "long name" and a short name that is compatible with older Windows file systems, with up to 8 characters in the filename and 3 characters for the extension. These "8.3" filenames, therefore, have the "alternate name" property for files with long names, so are useful pathname equivalence manipulations.
ID: 60 Name: UNIX Path Link problems
URL: http://cwe.mitre.org/data/definitions/60.html
ID: 61 Name: UNIX symbolic link (symlink) following
URL: http://cwe.mitre.org/data/definitions/61.html
A software system that allows UNIX symbolic links (symlink) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The symbolic link can permit an attacker to read/write/corrupt a file that they originally did not have permissions to access.
ID: 62 Name: UNIX hard link
URL: http://cwe.mitre.org/data/definitions/62.html
Failure for a system to check for hardlinks can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if an he/she can replace a file used by a privileged program with a hardlink to a sensitive file (e.g. etc/passwd). When the process opens the file, the attacker can assume the privileges of that process.
ID: 63 Name: Windows Path Link problems
URL: http://cwe.mitre.org/data/definitions/63.html
ID: 64 Name: Windows Shortcut Following (.LNK)
URL: http://cwe.mitre.org/data/definitions/64.html
A software system that allows Windows shortcuts (.LNK) as part of paths whether in internal code or through user input can allow an attacker to spoof the symbolic link and traverse the file system to unintended locations or access arbitrary files. The shortcut (file with the .lnk extension) can permit an attacker to read/write a file that they originally did not have permissions to access.
ID: 65 Name: Windows hard link
URL: http://cwe.mitre.org/data/definitions/65.html
Failure for a system to check for hardlinks can result in vulnerability to different types of attacks. For example, an attacker can escalate their privileges if an he/she can replace a file used by a privileged program with a hardlink to a sensitive file (e.g. etc/passwd). When the process opens the file, the attacker can assume the privileges of that process or possibly prevent a program from accurately processing data in a software system.
ID: 67 Name: Windows MS-DOS device names
URL: http://cwe.mitre.org/data/definitions/67.html
Failing to properly handle virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial-of-service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.
ID: 68 Name: Windows Virtual File problems
URL: http://cwe.mitre.org/data/definitions/68.html
ID: 69 Name: Windows ::DATA alternate data stream
URL: http://cwe.mitre.org/data/definitions/69.html
Alternate data streams (ADS) were first implemented in the Windows NT operating system to provide compatibility between NTFS and the Macintosh Hierarchical File System (HFS). In HFS, data and resource forks are used to store information about a file. The data fork provides information about the contents of the file while the resource fork stores metadata such as file type. An attacker can use an ADS to hide information about a file (e.g. size, the name of the process) from a system or file browser tools such as Windows Explorer and ‘dir' at the command line utility.
ID: 70 Name: Mac Virtual File problems
URL: http://cwe.mitre.org/data/definitions/70.html
ID: 71 Name: Apple '.DS_Store'
URL: http://cwe.mitre.org/data/definitions/71.html
Software operating in a MAC OS environment where .DS_Store is in effect must carefully manage hard links otherwise an attacker may be able to leverage a hard link from .DS_Store to overwrite arbitrary files and gain privileges.
ID: 72 Name: Apple HFS+ alternate data stream
URL: http://cwe.mitre.org/data/definitions/72.html
The Apple HFS+ file system permits files to have multiple data input streams. If an attacker can create/access a data input stream directly or indirectly (e.g. through Apache), then he/she may be able to access the file data or resource fork.
ID: 89 Name: SQL injection
URL: http://cwe.mitre.org/data/definitions/89.html
SQL injection attacks are another instantiation of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.
ID: 91 Name: XML injection (aka Blind Xpath injection)
URL: http://cwe.mitre.org/data/definitions/91.html
The software does not properly filter or quote special characters or reserved words that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.
ID: 100 Name: Technology-Specific Input Validation Problems
URL: http://cwe.mitre.org/data/definitions/100.html
ID: 101 Name: STRUTS Validation Problems
URL: http://cwe.mitre.org/data/definitions/101.html
ID: 102 Name: Struts: Duplicate Validation Forms
URL: http://cwe.mitre.org/data/definitions/102.html
Multiple validation forms with the same name indicate that validation logic is not up-to-date.
ID: 103 Name: Struts: Erroneous validate() Method
URL: http://cwe.mitre.org/data/definitions/103.html
The validator form either fails to define a validate() method, or defines a validate() method but fails to call super.validate().
ID: 104 Name: Struts: Form Bean Does Not Extend Validation Class
URL: http://cwe.mitre.org/data/definitions/104.html
All Struts forms should extend a Validator class.
ID: 105 Name: Struts: Form Field Without Validator
URL: http://cwe.mitre.org/data/definitions/105.html
Every field in a form should be validated in the corresponding validation form.
ID: 106 Name: Struts: Plug-in Framework Not In Use
URL: http://cwe.mitre.org/data/definitions/106.html
Use the Struts Validator to prevent vulnerabilities that result from unchecked input.
ID: 107 Name: Struts: Unused Validation Form
URL: http://cwe.mitre.org/data/definitions/107.html
An unused validation form indicates that validation logic is not up-to-date.
ID: 108 Name: Struts: Unvalidated Action Form
URL: http://cwe.mitre.org/data/definitions/108.html
Every Action Form must have a corresponding validation form.
ID: 109 Name: Struts: Validator Turned Off
URL: http://cwe.mitre.org/data/definitions/109.html
Automatic filtering via a Struts bean has been turned off.
ID: 110 Name: Struts: Validator Without Form Field
URL: http://cwe.mitre.org/data/definitions/110.html
Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.
ID: 112 Name: Missing XML Validation
URL: http://cwe.mitre.org/data/definitions/112.html
Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input.
ID: 113 Name: HTTP Response Splitting
URL: http://cwe.mitre.org/data/definitions/113.html
Writing unvalidated data into an HTTP header allows an attacker to specify the entirety of the HTTP response rendered by the browser. HTTP response splitting occurs when an HTTP request contains unexpected CR and LF characters. The server may respond with an output stream that is interpreted as two different HTTP responses (instead of one). An attacker can control the second response and mount attacks such as cross-site scripting and cache poisoning attacks.
ID: 219 Name: Sensitive Data Under Web Root
URL: http://cwe.mitre.org/data/definitions/219.html
ID: 220 Name: Sensitive Data Under FTP Root
URL: http://cwe.mitre.org/data/definitions/220.html
ID: 245 Name: J2EE Bad Practices: getConnection()
URL: http://cwe.mitre.org/data/definitions/245.html
The J2EE standard forbids the direct management of connections.
ID: 246 Name: J2EE Bad Practices: Sockets
URL: http://cwe.mitre.org/data/definitions/246.html
Socket-based communication in web applications is prone to error.
ID: 304 Name: Missing Critical Step in Authentication
URL: http://cwe.mitre.org/data/definitions/304.html
Authentication techniques should follow the algorithms that define them exactly otherwise authentication can be jeopardized. A missing critical step in the implementation of an algorithm may weaken the authorization technique.
ID: 350 Name: Improperly Trusted Reverse DNS
URL: http://cwe.mitre.org/data/definitions/350.html
The software trusts the hostname that is provided when performing a reverse DNS resolution on an IP address, without also performing forward resolution.
ID: 380 Name: Technology-Specific Time and State Issues
URL: http://cwe.mitre.org/data/definitions/380.html
ID: 381 Name: J2EE Time and State Issues
URL: http://cwe.mitre.org/data/definitions/381.html
ID: 382 Name: J2EE Bad Practices: System.exit()
URL: http://cwe.mitre.org/data/definitions/382.html
System.exit(). A Web application should not attempt to shut down its container.
ID: 383 Name: J2EE Bad Practices: Threads
URL: http://cwe.mitre.org/data/definitions/383.html
Thread management in a Web application is forbidden in some circumstances and is always highly error prone.
ID: 422 Name: Unprotected Windows Messaging Channel ('Shatter')
URL: http://cwe.mitre.org/data/definitions/422.html
The software does not properly verify the source of a message in the Windows Messaging System while running at elevated privileges, creating an alternate channel through which an attacker can directly send a message to the product.
ID: 444 Name: HTTP Request Smuggling
URL: http://cwe.mitre.org/data/definitions/444.html
When HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, it is possible to take advantage of discrepancies in the way each entity parses malformed or abnormal HTTP requests, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.
ID: 486 Name: Comparing Classes by Name
URL: http://cwe.mitre.org/data/definitions/486.html
Comparing classes by name can lead a program to treat two classes as the same when they actually differ.
ID: 519 Name: .NET Environment Issues
URL: http://cwe.mitre.org/data/definitions/519.html
.NET framework related environment issues with security implications.
ID: 520 Name: .NET Misconfiguration: Impersonation
URL: http://cwe.mitre.org/data/definitions/520.html
Allowing a .NET application to run at potentially escalated levels of access to the underlying operating and file systems can be dangerous and result in various forms of attacks.
ID: 536 Name: Information Leak Through Servlet Runtime Error Message
URL: http://cwe.mitre.org/data/definitions/536.html
A servlet error message indicates that there exists an unhandled exception in your web application code. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system.The error message may contain the location of the file in which the offending function is located. This may disclose the webroot's absolute path as well as give the attacker the location of application include files or configuration information. It may even disclose the portion of code that failed.
ID: 537 Name: Information Leak Through Java Runtime Error Message
URL: http://cwe.mitre.org/data/definitions/537.html
In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.
ID: 543 Name: Use of Singleton Pattern in a Non-thread-safe Manner
URL: http://cwe.mitre.org/data/definitions/543.html
The use of a singleton pattern may not be thread-safe.
ID: 554 Name: ASP.NET Misconfiguration: Input Validation
URL: http://cwe.mitre.org/data/definitions/554.html
Unchecked input is the leading cause of vulnerabilities in ASP.NET applications. Unchecked input leads to cross-site scripting, process control, and SQL injection vulnerabilities, among others.
ID: 555 Name: J2EE Misconfiguration: Password in Configuration File
URL: http://cwe.mitre.org/data/definitions/555.html
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attackers
ID: 556 Name: ASP.NET Misconfiguration: Identity Impersonation
URL: http://cwe.mitre.org/data/definitions/556.html
Configuring an ASP.NET application to run with impersonated credentials may give the application unnecessary privileges. The use of impersonated credentials allows an ASP.NET application to run with either the privileges of the client on whose behalf it is executing or with arbitrary privileges granted in its configuration.
ID: 564 Name: SQL Injection: Hibernate
URL: http://cwe.mitre.org/data/definitions/564.html
Using Hibernate to execute a dynamic SQL statement built with user input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.
ID: 568 Name: Erroneous Finalize Method
URL: http://cwe.mitre.org/data/definitions/568.html
The software contains a finalize() method that does not call super.finalize().
ID: 573 Name: Failure to Follow Specification
URL: http://cwe.mitre.org/data/definitions/573.html
The software fails to follow the specifications for the implementation language, environment, framework or platform.
ID: 574 Name: EJB Bad Practices: Use of Synchronization Primitives
URL: http://cwe.mitre.org/data/definitions/574.html
The program violates the Enterprise JavaBeans specification by using thread synchronization primitives.
ID: 575 Name: EJB Bad Practices: Use of AWT Swing
URL: http://cwe.mitre.org/data/definitions/575.html
The program violates the Enterprise JavaBeans specification by using AWT/Swing.
ID: 576 Name: EJB Bad Practices: Use of JAVA I/O
URL: http://cwe.mitre.org/data/definitions/576.html
The program violates the Enterprise JavaBeans specification by using the java.io package.
ID: 577 Name: EJB Bad Practices: Use of Sockets
URL: http://cwe.mitre.org/data/definitions/577.html
The program violates the Enterprise JavaBeans specification by using sockets.
ID: 578 Name: EJB Bad Practices: Use of Class Loader
URL: http://cwe.mitre.org/data/definitions/578.html
The program violates the Enterprise JavaBeans specification by using the class loader.
ID: 579 Name: J2EE Bad Practices: Non-serializable Object Stored in Session
URL: http://cwe.mitre.org/data/definitions/579.html
Storing a non-serializable object as an HttpSession attribute can damage application reliability.
ID: 580 Name: Erroneous Clone Method
URL: http://cwe.mitre.org/data/definitions/580.html
The software contains a clone() method that fails to call super.clone() to obtain the new object.
ID: 581 Name: Object Model Violation: Just One of Equals and Haschode Defined
URL: http://cwe.mitre.org/data/definitions/581.html
Software fails to maintain equal hashcodes for equal objects.
ID: 582 Name: Mobile Code: Unsafe Array Declaration
URL: http://cwe.mitre.org/data/definitions/582.html
The program violates secure coding principles for mobile code by declaring an array public, final and static.
ID: 583 Name: Mobile Code: Public Finalize Method
URL: http://cwe.mitre.org/data/definitions/583.html
The program violates secure coding principles for mobile code by declaring a finalize() method public.
ID: 593 Name: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
URL: http://cwe.mitre.org/data/definitions/593.html
The software modifies the SSL context after connection creation has begun.
ID: 594 Name: Persistence in J2EE Frameworks
URL: http://cwe.mitre.org/data/definitions/594.html
When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.
ID: 598 Name: Information Leak Through GET Request
URL: http://cwe.mitre.org/data/definitions/598.html
An area of the web application that possibly contains sensitive information or access to privileged functionality such as remote site administration functionality utilizes query strings to pass information between pages. Information in query strings is directly visible to the end user via the browser interface, which can cause security issues.
ID: 599 Name: No OpenSSL Certificate Check Performed before this Use
URL: http://cwe.mitre.org/data/definitions/599.html
The failure to validate certificate data may mean that an attacker may be claiming to be a host which it is not.
ID: 600 Name: Missing Catch Block
URL: http://cwe.mitre.org/data/definitions/600.html
If a Servlet fails to catch all exceptions, it may reveal debugging information that will help an adversary form a plan of attack.
ID: 608 Name: Struts: Non-private Field in ActionForm Class
URL: http://cwe.mitre.org/data/definitions/608.html
ActionForm class should contain only private fields which are accessed by setter and getter.
ID: 611 Name: Information Leak Through XML External Entity File Disclosure
URL: http://cwe.mitre.org/data/definitions/611.html
XML documents optionally contain a Document Type Definition (DTD), which, among other features, enables the definition of "XML entities". It is possible to define an entity locally by providing a substitution string in the form of a URL whose content is substituted for the XML entity when the DTD is processed. The attack can be launched by defining an XML entity whose content is a file URL (which, when processed by the receiving end, is mapped into a file on the server), that is embedded in the XML document, and thus, is fed to the processing application. This application may echo back the data (e.g. in an error message), thereby exposing the file contents.
ID: 614 Name: Unset Secure Attribute for Sensitive Cookies in HTTPS Session
URL: http://cwe.mitre.org/data/definitions/614.html
If the Secure attribute for sensitive cookies in HTTPS sessions is not set, it could cause the user agent to send those cookies in plaintext over an HTTP session.
ID: 618 Name: Exposed Unsafe ActiveX Method
URL: http://cwe.mitre.org/data/definitions/618.html
An ActiveX control is intended for use in a web browser, but it exposes dangerous methods that perform actions that are outside of the browser's security model (e.g. the zone or domain). If there is no integrity checking or origin validation, this method could be invoked by attackers.
ID: 623 Name: Unsafe ActiveX Control Marked Safe For Scripting
URL: http://cwe.mitre.org/data/definitions/623.html
An ActiveX control is intended for restricted use, but it has been marked as safe-for-scripting. This might allow attackers to use dangerous functionality via a web page that accesses the control, which can lead to different resultant vulnerabilies, depending on the control's behavior.

More information is available — Please select a different filter.
Page Last Updated: January 17, 2017