CWE - VIEW LIST: CWE-660: Weaknesses found in the Java Language (Draft 9)

Home > CWE List > VIEW LIST: CWE-660: Weaknesses found in the Java Language (Draft 9)

CWE List
Full Dictionary View
Classification Tree
Reports

About
Sources
Process
Documents

Community
Related Activities
Discussion List
Research

News
Calendar
Free Newsletter

Compatibility
Program
Requirements
Declarations
Make a Declaration

Contact Us
Search the Site

Section Contents
CWE List
Full Dictionary View
Classification Tree
Reports
Other Items of Interest
Sources

(CWE-660)

Key
- Weakness
- Base
- Variant
- Class
- Chain
- Composite
- Category
- View
- Deprecated

VIEW LIST: CWE-660: Weaknesses found in the Java Language (Draft 9)

View ID

Status: Draft

660 (View)

Objective

This view (slice) covers issues that are found in Java that are not common to all languages.

View Data

Filter Used: .//Applicable_Platforms/Platform='Java'

	CWEs in this view		Total CWEs
Total	70	out of	695
Views	0	out of	14
Categories	1	out of	64
Weaknesses	69	out of	605
Compound_Elements	0	out of	12

Array Declared Public, Final, and Static - (582)

Assigning instead of Comparing - (481)

Call to Thread run() instead of start() - (572)

clone() Method Without super.clone() - (580)

Comparison of Classes by Name - (486)

Critical Public Variable Without Final Modifier - (493)

Declaration of Catch for Generic Exception - (396)

Declaration of Throws for Generic Exception - (397)

Direct Use of Unsafe JNI - (111)

Double-Checked Locking - (609)

Download of Untrusted Mobile Code Without Integrity Check - (494)

Duplicate Key in Associative List (Alist) - (462)

EJB Bad Practices: Use of AWT Swing - (575)

EJB Bad Practices: Use of Class Loader - (578)

EJB Bad Practices: Use of Java I/O - (576)

EJB Bad Practices: Use of Sockets - (577)

EJB Bad Practices: Use of Synchronization Primitives - (574)

Empty Synchronized Block - (585)

Explicit Call to Finalize - (586)

Failure to Use Default Case in Switch - (478)

finalize() Method Declared Public - (583)

finalize() Method Without super.finalize() - (568)

Improper Cleanup on Thrown Exception - (460)

Incorrect Sign Extension - (194)

Information Leak through Class Cloning - (498)

Information Leak Through Java Runtime Error Message - (537)

Insufficient Control of Directives in Dynamically Evaluated Code (aka 'Eval Injection') - (95)

Integer Coercion Error - (192)

Integer Underflow (Wrap or Wraparound) - (191)

J2EE Bad Practices: Direct Management of Connections - (245)

J2EE Bad Practices: Direct Use of Sockets - (246)

J2EE Bad Practices: Direct Use of Threads - (383)

J2EE Bad Practices: Non-serializable Object Stored in Session - (579)

J2EE Bad Practices: Use of System.exit() - (382)

J2EE Framework: Saving Unserializable Objects to Disk - (594)

J2EE Misconfiguration: Data Transmission Without Encryption - (5)

J2EE Misconfiguration: Insufficient Session-ID Length - (6)

J2EE Misconfiguration: Missing Error Handling - (7)

Mutable Objects Passed by Reference - (374)

NULL Pointer Dereference - (476)

Numeric Truncation Error - (197)

Object Model Violation: Just One of Equals and Hashcode Defined - (581)

Omitted Break Statement - (484)

Passing Mutable Objects to an Untrusted Method - (375)

Private Array-Typed Field Returned From A Public Method - (495)

Public cloneable() Method Without Final (aka 'Object Hijack') - (491)

Public Data Assigned to Private Array-Typed Field - (496)

Public Static Final Field References Mutable Object - (607)

Race Condition in Switch - (365)

Race Condition within a Thread - (366)

Reliance on Package-level Scope - (487)

Serializable Class Containing Sensitive Data - (499)

Static Field Not Marked Final - (500)

Struts: Duplicate Validation Forms - (102)

Struts: Form Bean Does Not Extend Validation Class - (104)

Struts: Form Field Without Validator - (105)

Struts: Incomplete validate() Method Definition - (103)

Struts: Non-private Field in ActionForm Class - (608)

Struts: Plug-in Framework not in Use - (106)

Struts: Unused Validation Form - (107)

Struts: Unvalidated Action Form - (108)

Struts: Validator Turned Off - (109)

Struts: Validator Without Form Field - (110)

Struts Validation Problems - (101)

Uncaught Exception - (248)

Use of Dynamic Class Loading - (545)

Use of Externally-Controlled Input to Select Classes or Code (aka 'Unsafe Reflection') - (470)

Use of Inner Class Containing Sensitive Data - (492)

Use of NullPointerException Catch to Detect NULL Pointer Dereference - (395)

Use of Singleton Pattern in a Non-thread-safe Manner - (543)

Page Last Updated: April 11, 2008


	CWE is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. This Web site is hosted by The MITRE Corporation. Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation. Contact cwe@mitre.org for more information.	Privacy policy Terms of use Contact us