|
|
Status: Draft Weakness ID: 494 (Weakness Variant)Description Summary The product downloads external source or binaries and executes it without sufficiently verifying the origin and integrity of the downloaded code. Likelihood of Exploit Medium Potential Mitigations Implementation Avoid doing this without proper cryptographic safeguards. Demonstrative Examples Java Example: URL[] classURLs= new URL[]{ new URL("file:subdir/") }; URLClassLoader loader = new URLClassLoader(classURLs); Class loadedClass = Class.forName("loadMe", true, loader);
Other Notes This is an unsafe practice and should not be performed unless one can use some type of cryptographic protection to assure that the mobile code has not been altered. Relationships
Taxonomy Mappings
Applicable Platforms Languages Java Time of Introduction  Architecture and Design ImplementationContent History Submissions CLASP. (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Relationships, Other_Notes, Taxonomy_Mappings Previous Entry Names Mobile Code: Invoking Untrusted Mobile Code (changed 2008-04-11) |
|
|
|||
