CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE VIEW: Weaknesses in Software Written in Java

View ID: 660
Structure: Implicit Slice
Status: Draft
Presentation Filter:
+ View Data

View Objective

This view (slice) covers issues that are found in Java programs that are not common to all languages.

View Filter: .//Applicable_Platforms//@Language_Name='Java'

+ Relationships
Weakness VariantWeakness Variant Access to Critical Private Variable via Public Method - (767)
Weakness VariantWeakness Variant Array Declared Public, Final, and Static - (582)
Weakness VariantWeakness Variant Assigning instead of Comparing - (481)
Weakness VariantWeakness Variant Call to Thread run() instead of start() - (572)
Weakness VariantWeakness Variant clone() Method Without super.clone() - (580)
Weakness VariantWeakness Variant Cloneable Class Containing Sensitive Information - (498)
Weakness VariantWeakness Variant Comparison of Classes by Name - (486)
Weakness BaseWeakness Base Comparison of Object References Instead of Object Contents - (595)
Weakness ClassWeakness Class Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') - (362)
Weakness VariantWeakness Variant Critical Public Variable Without Final Modifier - (493)
Weakness VariantWeakness Variant Critical Variable Declared Public - (766)
Weakness BaseWeakness Base Declaration of Catch for Generic Exception - (396)
Weakness BaseWeakness Base Declaration of Throws for Generic Exception - (397)
Weakness VariantWeakness Variant Deserialization of Untrusted Data - (502)
Weakness BaseWeakness Base Direct Use of Unsafe JNI - (111)
Weakness BaseWeakness Base Double-Checked Locking - (609)
Weakness BaseWeakness Base Duplicate Key in Associative List (Alist) - (462)
Weakness VariantWeakness Variant EJB Bad Practices: Use of AWT Swing - (575)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Class Loader - (578)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Java I/O - (576)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Sockets - (577)
Weakness VariantWeakness Variant EJB Bad Practices: Use of Synchronization Primitives - (574)
Weakness VariantWeakness Variant Empty Synchronized Block - (585)
Weakness VariantWeakness Variant Explicit Call to Finalize() - (586)
Weakness VariantWeakness Variant finalize() Method Declared Public - (583)
Weakness VariantWeakness Variant finalize() Method Without super.finalize() - (568)
Weakness VariantWeakness Variant Improper Cleanup on Thrown Exception - (460)
Weakness BaseWeakness Base Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') - (95)
Weakness BaseWeakness Base Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') - (917)
Weakness VariantWeakness Variant Information Exposure Through Java Runtime Error Message - (537)
CategoryCategory Integer Coercion Error - (192)
Weakness BaseWeakness Base Integer Underflow (Wrap or Wraparound) - (191)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Management of Connections - (245)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Sockets - (246)
Weakness VariantWeakness Variant J2EE Bad Practices: Direct Use of Threads - (383)
Weakness VariantWeakness Variant J2EE Bad Practices: Non-serializable Object Stored in Session - (579)
Weakness VariantWeakness Variant J2EE Bad Practices: Use of System.exit() - (382)
Weakness VariantWeakness Variant J2EE Framework: Saving Unserializable Objects to Disk - (594)
Weakness VariantWeakness Variant J2EE Misconfiguration: Data Transmission Without Encryption - (5)
Weakness VariantWeakness Variant J2EE Misconfiguration: Insufficient Session-ID Length - (6)
Weakness VariantWeakness Variant J2EE Misconfiguration: Missing Custom Error Page - (7)
Weakness VariantWeakness Variant Missing Default Case in Switch Statement - (478)
Weakness BaseWeakness Base NULL Pointer Dereference - (476)
Weakness BaseWeakness Base Numeric Truncation Error - (197)
Weakness BaseWeakness Base Object Model Violation: Just One of Equals and Hashcode Defined - (581)
Weakness BaseWeakness Base Omitted Break Statement in Switch - (484)
Weakness BaseWeakness Base Passing Mutable Objects to an Untrusted Method - (374)
Weakness VariantWeakness Variant Private Array-Typed Field Returned From A Public Method - (495)
Weakness VariantWeakness Variant Public cloneable() Method Without Final ('Object Hijack') - (491)
Weakness VariantWeakness Variant Public Data Assigned to Private Array-Typed Field - (496)
Weakness VariantWeakness Variant Public Static Field Not Marked Final - (500)
Weakness VariantWeakness Variant Public Static Final Field References Mutable Object - (607)
Weakness BaseWeakness Base Race Condition in Switch - (365)
Weakness BaseWeakness Base Race Condition within a Thread - (366)
Weakness VariantWeakness Variant Reliance on Package-level Scope - (487)
Weakness BaseWeakness Base Returning a Mutable Object to an Untrusted Caller - (375)
Weakness VariantWeakness Variant Serializable Class Containing Sensitive Data - (499)
CategoryCategory Struts Validation Problems - (101)
Weakness VariantWeakness Variant Struts: Duplicate Validation Forms - (102)
Weakness VariantWeakness Variant Struts: Form Bean Does Not Extend Validation Class - (104)
Weakness VariantWeakness Variant Struts: Form Field Without Validator - (105)
Weakness VariantWeakness Variant Struts: Incomplete validate() Method Definition - (103)
Weakness VariantWeakness Variant Struts: Non-private Field in ActionForm Class - (608)
Weakness VariantWeakness Variant Struts: Plug-in Framework not in Use - (106)
Weakness VariantWeakness Variant Struts: Unused Validation Form - (107)
Weakness VariantWeakness Variant Struts: Unvalidated Action Form - (108)
Weakness VariantWeakness Variant Struts: Validator Turned Off - (109)
Weakness VariantWeakness Variant Struts: Validator Without Form Field - (110)
Weakness BaseWeakness Base Uncaught Exception - (248)
Weakness BaseWeakness Base Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') - (470)
Weakness VariantWeakness Variant Use of Inner Class Containing Sensitive Data - (492)
Weakness BaseWeakness Base Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)
Weakness VariantWeakness Variant Use of Singleton Pattern Without Synchronization in a Multithreaded Context - (543)
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Description, Name, View_Filter, View_Structure
Previous Entry Names
Change DatePrevious Entry Name
2008-09-09Weaknesses found in the Java Language
+ View Metrics
CWEs in this viewTotal CWEs
Total73out of1006
Views0out of33
Categories2out of245
Weaknesses71out of720
Compound_Elements0out of8

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017