CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.7)  

Presentation Filter:

CWE-361: Time and State

 
Time and State
Category ID: 361 (Category)Status: Incomplete
+ Description

Description Summary

Weaknesses in this category are related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads.

Extended Description

Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base364Signal Handler Race Condition
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base367Time-of-check Time-of-use (TOCTOU) Race Condition
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory371State Issues
Development Concepts (primary)699
ParentOfCategoryCategory376Temporary File Issues
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base377Insecure Temporary File
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory380Technology-Specific Time and State Issues
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant382J2EE Bad Practices: Use of System.exit()
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant383J2EE Bad Practices: Direct Use of Threads
Seven Pernicious Kingdoms (primary)700
ParentOfCompound Element: CompositeCompound Element: Composite384Session Fixation
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness BaseWeakness Base385Covert Timing Channel
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base386Symbolic Name not Mapping to Correct Object
Development Concepts (primary)699
ParentOfCategoryCategory387Signal Errors
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base412Unrestricted Externally Accessible Lock
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
ParentOfCategoryCategory557Concurrency Issues
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base609Double-Checked Locking
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base613Insufficient Session Expiration
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base662Improper Synchronization
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base663Use of a Non-reentrant Function in a Concurrent Context
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class668Exposure of Resource to Wrong Sphere
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class669Incorrect Resource Transfer Between Spheres
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base672Operation on a Resource after Expiration or Release
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class673External Influence of Sphere Definition
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base674Uncontrolled Recursion
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class691Insufficient Control Flow Management
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base698Execution After Redirect (EAR)
Development Concepts (primary)699
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsTime and State
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
Externally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08MITREInternal
updated Relationships, Taxonomy_Mappings
2008-10-14MITREInternal
updated Description
2011-03-29MITREInternal
updated Relationships
2012-05-11MITREInternal
updated Related_Attack_Patterns
Page Last Updated: June 23, 2014