CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.3)  
ID

CWE CATEGORY: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)

Category ID: 858
Status: Obsolete
+ Summary
Weaknesses in this category are related to rules in the Serialization (SER) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
+ Membership
NatureTypeIDName
MemberOfViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).844Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.250Execution with Unnecessary Privileges
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.319Cleartext Transmission of Sensitive Information
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.400Uncontrolled Resource Consumption
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.499Serializable Class Containing Sensitive Data
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.502Deserialization of Untrusted Data
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.589Call to Non-ubiquitous API
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.770Allocation of Resources Without Limits or Throttling
+ References
[REF-813] Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland and David Svoboda. "The CERT Oracle Coding Standard for Java". 1st Edition. Addison-Wesley Professional. 2011-09-18.
+ Content History
Submissions
Submission DateSubmitterOrganization
2011-05-24CWE Content TeamMITRE
Modifications
Modification DateModifierOrganization
2019-01-03CWE Content TeamMITRE
updated Description, Name, References
Previous Entry Names
Change DatePrevious Entry Name
2019-01-03CERT Java Secure Coding Section 13 - Serialization (SER)
More information is available — Please select a different filter.
Page Last Updated: June 20, 2019
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). Copyright © 2006-2019, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
Privacy Policy
Terms of Use
Site Map
Contact Us