CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.4)  
ID

CWE CATEGORY: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)

Category ID: 1147
Status: Stable
+ Summary
Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT Oracle Secure Coding Standard for Java.
+ Membership
NatureTypeIDName
MemberOfViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries).1133Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.67Improper Handling of Windows Device Names
HasMemberCategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic.171Cleansing, Canonicalization, and Comparison Errors
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.198Use of Incorrect Byte Ordering
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.276Incorrect Default Permissions
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.279Incorrect Execution-Assigned Permissions
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.359Exposure of Private Information ('Privacy Violation')
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.377Insecure Temporary File
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.404Improper Resource Shutdown or Release
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.405Asymmetric Resource Consumption (Amplification)
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.459Incomplete Cleanup
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.532Inclusion of Sensitive Information in Log Files
HasMemberVariantVariant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.647Use of Non-Canonical URL Paths for Authorization Decisions
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.705Incorrect Control Flow Scoping
HasMemberClassClass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.732Incorrect Permission Assignment for Critical Resource
HasMemberBaseBase - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.770Allocation of Resources Without Limits or Throttling
+ References
[REF-826] The Software Engineering Institute. "SEI CERT Oracle Coding Standard for Java : Rule 13. Input Output (FIO)". <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487725>.
[REF-1004] The Software Engineering Institute. "SEI CERT Oracle Coding Standard for Java : Rec 13. Input Output (FIO)". <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88487330>.
+ Content History
Submissions
Submission DateSubmitterOrganization
2018-12-11CWE Content TeamMITRE
More information is available — Please select a different filter.
Page Last Updated: June 20, 2019