CWE-61 – UNIX Symbolic Link (Symlink) Following
Description The software, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a...
CWE-609 – Double-Checked Locking
Description The program uses double-checked locking to access a resource without the overhead of explicit synchronization, but the locking is insufficient. Double-checked locking refers to...
CWE-608 – Struts: Non-private Field in ActionForm Class
Description An ActionForm class contains a field that has not been declared private, which can be accessed without using a setter or getter. Modes of...
CWE-607 – Public Static Final Field References Mutable Object
Description A public or protected static final field references a mutable object, which allows the object to be changed by malicious code, or accidentally from...
CWE-606 – Unchecked Input for Loop Condition
Description The product does not properly check inputs that are used for loop conditions, potentially leading to a denial of service or other consequences because...
CWE-605 – Multiple Binds to the Same Port
Description When multiple sockets are allowed to bind to the same port, other services on that port may be stolen or spoofed. On most systems,...
CWE-603 – Use of Client-Side Authentication
Description A client/server product performs authentication within client code but not in server code, allowing server-side authentication to be bypassed via a modified client that...
CWE-602 – Client-Side Enforcement of Server-Side Security
Description The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. When...
CWE-601 – URL Redirection to Untrusted Site (‘Open Redirect’)
Description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies...
CWE-600 – Uncaught Exception in Servlet
Description The Servlet does not catch all exceptions, which may reveal sensitive debugging information. When a Servlet throws an exception, the default error response the...