CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  
ID

CWE CATEGORY: 7PK - Time and State

Category ID: 361
Status: Incomplete
+ Summary
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses related to the improper management of time and state in an environment that supports simultaneous or near-simultaneous computation by multiple systems, processes, or threads. According to the authors of the Seven Pernicious Kingdoms, "Distributed computation is about time and state. That is, in order for more than one component to communicate, state must be shared, and all that takes time. Most programmers anthropomorphize their work. They think about one thread of control carrying out the entire program in the same way they would if they had to do the job themselves. Modern computers, however, switch between tasks very quickly, and in multi-core, multi-CPU, or distributed systems, two events may take place at exactly the same time. Defects rush to fill the gap between the programmer's model of how a program executes and what happens in reality. These defects are related to unexpected interactions between threads, processes, time, and information. These interactions happen through shared state: semaphores, variables, the file system, and, basically, anything that can store information."
+ Membership
NatureTypeIDName
MemberOfCategoryCategory18Source Code
MemberOfViewView699Development Concepts
MemberOfViewView700Seven Pernicious Kingdoms
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase364Signal Handler Race Condition
HasMemberBaseBase367Time-of-check Time-of-use (TOCTOU) Race Condition
HasMemberCategoryCategory371State Issues
HasMemberCategoryCategory371State Issues
HasMemberCategoryCategory376Temporary File Issues
HasMemberCategoryCategory376Temporary File Issues
HasMemberBaseBase377Insecure Temporary File
HasMemberCategoryCategory380Technology-Specific Time and State Issues
HasMemberVariantVariant382J2EE Bad Practices: Use of System.exit()
HasMemberVariantVariant383J2EE Bad Practices: Direct Use of Threads
HasMemberCompositeComposite384Session Fixation
HasMemberCompositeComposite384Session Fixation
HasMemberBaseBase385Covert Timing Channel
HasMemberBaseBase386Symbolic Name not Mapping to Correct Object
HasMemberCategoryCategory387Signal Errors
HasMemberBaseBase412Unrestricted Externally Accessible Lock
HasMemberBaseBase412Unrestricted Externally Accessible Lock
HasMemberCategoryCategory557Concurrency Issues
HasMemberBaseBase609Double-Checked Locking
HasMemberBaseBase613Insufficient Session Expiration
HasMemberBaseBase662Improper Synchronization
HasMemberBaseBase663Use of a Non-reentrant Function in a Concurrent Context
HasMemberClassClass664Improper Control of a Resource Through its Lifetime
HasMemberClassClass664Improper Control of a Resource Through its Lifetime
HasMemberClassClass668Exposure of Resource to Wrong Sphere
HasMemberClassClass668Exposure of Resource to Wrong Sphere
HasMemberClassClass669Incorrect Resource Transfer Between Spheres
HasMemberClassClass669Incorrect Resource Transfer Between Spheres
HasMemberBaseBase672Operation on a Resource after Expiration or Release
HasMemberClassClass673External Influence of Sphere Definition
HasMemberBaseBase674Uncontrolled Recursion
HasMemberBaseBase698Execution After Redirect (EAR)
+ References
[REF-6] Katrina Tsipenyuk, Brian Chess and Gary McGraw. "Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors". IEEE Security and Privacy (Volume: 3, Issue: 6). IEEE. 2005-12-12. <http://ieeexplore.ieee.org/document/1556543>.
+ Content History
Submissions
Submission DateSubmitterOrganization
7 Pernicious Kingdoms
Modifications
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Relationships, Taxonomy_Mappings
2008-10-14CWE Content TeamMITRE
updated Description
2011-03-29CWE Content TeamMITRE
updated Relationships
2012-05-11CWE Content TeamMITRE
updated Related_Attack_Patterns
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-01-19CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Description, Name, References, Related_Attack_Patterns, Taxonomy_Mappings
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08Time and State

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018