CWE - CWE-845: CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS) (2.4)

Home > CWE List > CWE- Individual Dictionary Definition (2.4)

CWE List
Full Dictionary View
Development View
Research View
Reports

About
Sources
Process
Documents
FAQs

Community
SwA On-Ramp
T-Shirt
Discussion List
Discussion Archives
Contact Us

Scoring
CWSS
CWRAF
CWE/SANS Top 25

Compatibility
Requirements
Coverage Claims Representation
Compatible Products
Make a Declaration

News
Calendar
Free Newsletter

Search the Site

CWE-845: CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)

CERT Java Secure Coding Section 00 - Input Validation and Data Sanitization (IDS)

Category ID: 845 (Category)

Status: Incomplete

Description

Description Summary

Weaknesses in this category are related to rules in the Input Validation and Data Sanitization section of the CERT Java Secure Coding Standard. Since not all rules map to specific weaknesses, this category may be incomplete.

Relationships

Nature	Type	ID	Name	View(s) this relationship pertains to
ParentOf	Weakness Base	78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Class	116	Improper Encoding or Escaping of Output	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	134	Uncontrolled Format String	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Variant	144	Improper Neutralization of Line Delimiters	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Variant	150	Improper Neutralization of Escape, Meta, or Control Sequences	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Category	171	Cleansing, Canonicalization, and Comparison Errors	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	180	Incorrect Behavior Order: Validate Before Canonicalize	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	182	Collapse of Data into Unsafe Value	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Variant	289	Authentication Bypass by Alternate Name	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	409	Improper Handling of Highly Compressed Data (Data Amplification)	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	625	Permissive Regular Expression	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Variant	647	Use of Non-Canonical URL Paths for Authorization Decisions	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
ParentOf	Weakness Base	838	Inappropriate Encoding for Output Context	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844
MemberOf	View	844	Weaknesses Addressed by the CERT Java Secure Coding Standard	Weaknesses Addressed by the CERT Java Secure Coding Standard (primary)844

References

CERT. "00. Input Validation and Data Sanitization (IDS)". <https://www.securecoding.cert.org/confluence/display/java/00.+Input+Validation+and+Data+Sanitization+%28IDS%29>.

Content History

Submissions
Submission Date	Submitter	Organization	Source
2011-05-24			Internal CWE Team
2011-05-24

Page Last Updated: February 20, 2013


	CWE is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2006-2013, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us