CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.10)  
ID

CWE-485: Insufficient Encapsulation

Weakness ID: 485
Abstraction: Class
Status: Draft
Presentation Filter:
+ Description

Description Summary

The product does not sufficiently encapsulate critical data or functionality.

Extended Description

Encapsulation is about drawing strong boundaries. In a web browser that might mean ensuring that your mobile code cannot be abused by other mobile code. On the server it might mean differentiation between validated data and unvalidated data, between one user's data and another's, or between data users are allowed to see and data that they are not.

+ Terminology Notes

The "encapsulation" term is used in multiple ways. Within some security sources, the term is used to describe the establishment of boundaries between different control spheres. Within general computing circles, it is more about hiding implementation details and maintainability than security. Even within the security usage, there is also a question of whether "encapsulation" encompasses the entire range of security problems.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect
Other

Technical Impact: Varies by context

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory18Source Code
Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003
ChildOfWeakness ClassWeakness Class664Improper Control of a Resource Through its Lifetime
Research Concepts (primary)1000
ChildOfCategoryCategory881CERT C++ Secure Coding Section 13 - Object Oriented Programming (OOP)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory966SFP Secondary Cluster: Other Exposures
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness ClassWeakness Class216Containment Errors (Container Errors)
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant486Comparison of Classes by Name
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts1000
ParentOfWeakness VariantWeakness Variant487Reliance on Package-level Scope
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant488Exposure of Data Element to Wrong Session
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base489Leftover Debug Code
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfCategoryCategory490Mobile Code Issues
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant491Public cloneable() Method Without Final ('Object Hijack')
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant492Use of Inner Class Containing Sensitive Data
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant493Critical Public Variable Without Final Modifier
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant495Private Array-Typed Field Returned From A Public Method
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant496Public Data Assigned to Private Array-Typed Field
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant497Exposure of System Data to an Unauthorized Control Sphere
Seven Pernicious Kingdoms (primary)700
ParentOfWeakness VariantWeakness Variant498Cloneable Class Containing Sensitive Information
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant499Serializable Class Containing Sensitive Data
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base501Trust Boundary Violation
Development Concepts (primary)699
Seven Pernicious Kingdoms (primary)700
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant545Use of Dynamic Class Loading
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant580clone() Method Without super.clone()
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant594J2EE Framework: Saving Unserializable Objects to Disk
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant607Public Static Final Field References Mutable Object
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base749Exposed Dangerous Method or Function
Development Concepts (primary)699
Research Concepts (primary)1000
Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003
ParentOfWeakness VariantWeakness Variant766Critical Variable Declared Public
Development Concepts (primary)699
Research Concepts1000
ParentOfWeakness VariantWeakness Variant767Access to Critical Private Variable via Public Method
Development Concepts (primary)699
Research Concepts1000
MemberOfViewView699Development Concepts
Development Concepts (primary)699
MemberOfViewView700Seven Pernicious Kingdoms
Seven Pernicious Kingdoms (primary)700
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
7 Pernicious KingdomsEncapsulation
CERT C++ Secure CodingOOP00-CPPDeclare data members private
+ Maintenance Notes

This node has to be considered in relation to CWE-732 and CWE-269.

See terminology notes on the multiple uses of the "encapsulation" term.

+ Content History
Submissions
Submission DateSubmitterOrganizationSource
7 Pernicious KingdomsExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential_Mitigations, Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Maintenance_Notes, Relationships, Taxonomy_Mappings, Terminology_Notes
2008-11-24CWE Content TeamMITREInternal
updated Relationships
2009-05-27CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-06-27CWE Content TeamMITREInternal
updated Common_Consequences
2011-09-13CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations, Terminology_Notes
2013-02-21CWE Content TeamMITREInternal
updated Relationships
2014-07-30CWE Content TeamMITREInternal
updated Relationships
2015-12-07CWE Content TeamMITREInternal
updated Relationships
2017-01-19CWE Content TeamMITREInternal
updated Relationships
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Encapsulation

More information is available — Please select a different filter.
Page Last Updated: January 18, 2017