Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE VIEW: Weaknesses in Software Written in Java

View ID: 660
Type: Implicit
Status: Draft
Downloads: Booklet | CSV | XML
+ Objective
This view (slice) covers issues that are found in Java programs that are not common to all languages.
+ Filter
+ Membership
HasMemberVariantVariant5J2EE Misconfiguration: Data Transmission Without Encryption
HasMemberVariantVariant6J2EE Misconfiguration: Insufficient Session-ID Length
HasMemberVariantVariant7J2EE Misconfiguration: Missing Custom Error Page
HasMemberBaseBase95Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
HasMemberVariantVariant102Struts: Duplicate Validation Forms
HasMemberVariantVariant103Struts: Incomplete validate() Method Definition
HasMemberVariantVariant104Struts: Form Bean Does Not Extend Validation Class
HasMemberVariantVariant105Struts: Form Field Without Validator
HasMemberVariantVariant106Struts: Plug-in Framework not in Use
HasMemberVariantVariant107Struts: Unused Validation Form
HasMemberVariantVariant108Struts: Unvalidated Action Form
HasMemberVariantVariant109Struts: Validator Turned Off
HasMemberVariantVariant110Struts: Validator Without Form Field
HasMemberBaseBase111Direct Use of Unsafe JNI
HasMemberBaseBase191Integer Underflow (Wrap or Wraparound)
HasMemberClassClass192Integer Coercion Error
HasMemberBaseBase197Numeric Truncation Error
HasMemberVariantVariant245J2EE Bad Practices: Direct Management of Connections
HasMemberVariantVariant246J2EE Bad Practices: Direct Use of Sockets
HasMemberBaseBase248Uncaught Exception
HasMemberClassClass362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
HasMemberBaseBase365Race Condition in Switch
HasMemberBaseBase366Race Condition within a Thread
HasMemberBaseBase374Passing Mutable Objects to an Untrusted Method
HasMemberBaseBase375Returning a Mutable Object to an Untrusted Caller
HasMemberVariantVariant382J2EE Bad Practices: Use of System.exit()
HasMemberVariantVariant383J2EE Bad Practices: Direct Use of Threads
HasMemberBaseBase395Use of NullPointerException Catch to Detect NULL Pointer Dereference
HasMemberBaseBase396Declaration of Catch for Generic Exception
HasMemberBaseBase397Declaration of Throws for Generic Exception
HasMemberVariantVariant460Improper Cleanup on Thrown Exception
HasMemberBaseBase462Duplicate Key in Associative List (Alist)
HasMemberBaseBase470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberBaseBase476NULL Pointer Dereference
HasMemberVariantVariant478Missing Default Case in Switch Statement
HasMemberVariantVariant481Assigning instead of Comparing
HasMemberBaseBase484Omitted Break Statement in Switch
HasMemberVariantVariant486Comparison of Classes by Name
HasMemberVariantVariant487Reliance on Package-level Scope
HasMemberVariantVariant491Public cloneable() Method Without Final ('Object Hijack')
HasMemberVariantVariant492Use of Inner Class Containing Sensitive Data
HasMemberVariantVariant493Critical Public Variable Without Final Modifier
HasMemberVariantVariant495Private Array-Typed Field Returned From A Public Method
HasMemberVariantVariant496Public Data Assigned to Private Array-Typed Field
HasMemberVariantVariant498Cloneable Class Containing Sensitive Information
HasMemberVariantVariant499Serializable Class Containing Sensitive Data
HasMemberVariantVariant500Public Static Field Not Marked Final
HasMemberVariantVariant502Deserialization of Untrusted Data
HasMemberVariantVariant537Information Exposure Through Java Runtime Error Message
HasMemberVariantVariant543Use of Singleton Pattern Without Synchronization in a Multithreaded Context
HasMemberBaseBase567Unsynchronized Access to Shared Data in a Multithreaded Context
HasMemberVariantVariant568finalize() Method Without super.finalize()
HasMemberVariantVariant572Call to Thread run() instead of start()
HasMemberVariantVariant574EJB Bad Practices: Use of Synchronization Primitives
HasMemberVariantVariant575EJB Bad Practices: Use of AWT Swing
HasMemberVariantVariant576EJB Bad Practices: Use of Java I/O
HasMemberVariantVariant577EJB Bad Practices: Use of Sockets
HasMemberVariantVariant578EJB Bad Practices: Use of Class Loader
HasMemberVariantVariant579J2EE Bad Practices: Non-serializable Object Stored in Session
HasMemberVariantVariant580clone() Method Without super.clone()
HasMemberBaseBase581Object Model Violation: Just One of Equals and Hashcode Defined
HasMemberVariantVariant582Array Declared Public, Final, and Static
HasMemberVariantVariant583finalize() Method Declared Public
HasMemberVariantVariant585Empty Synchronized Block
HasMemberVariantVariant586Explicit Call to Finalize()
HasMemberVariantVariant594J2EE Framework: Saving Unserializable Objects to Disk
HasMemberBaseBase595Comparison of Object References Instead of Object Contents
HasMemberVariantVariant607Public Static Final Field References Mutable Object
HasMemberVariantVariant608Struts: Non-private Field in ActionForm Class
HasMemberBaseBase609Double-Checked Locking
HasMemberVariantVariant766Critical Variable Declared Public
HasMemberVariantVariant767Access to Critical Private Variable via Public Method
HasMemberBaseBase917Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
+ View Metrics
CWEs in this viewTotal CWEs
Weaknesses73out of 714
Categories0out of 237
Views0out of 31
Total73out of982
+ Content History
Modification DateModifierOrganization
2008-09-08CWE Content TeamMITRE
updated Description, Name, View_Filter, View_Structure
Previous Entry Names
Change DatePrevious Entry Name
2008-09-09Weaknesses found in the Java Language

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018