CWE-50 – Path Equivalence: ‘//multiple/leading/slash’
Description A software system that accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation can lead to ambiguous path resolution...
CWE-5 – J2EE Misconfiguration: Data Transmission Without Encryption
Description Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the...
CWE-499 – Serializable Class Containing Sensitive Data
Description The code contains a class with sensitive data, but the class does not explicitly deny serialization. The data can be accessed by serializing the...
CWE-498 – Cloneable Class Containing Sensitive Information
Description The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class. Cloneable...
CWE-497 – Exposure of Sensitive System Information to an Unauthorized Control Sphere
Description The application does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access...
CWE-496 – Public Data Assigned to Private Array-Typed Field
Description Assigning public data to a private array is equivalent to giving public access to the array. Modes of Introduction: - Implementation Related...
CWE-495 – Private Data Structure Returned From A Public Method
Description The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in...
CWE-494 – Download of Code Without Integrity Check
Description The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of...
CWE-493 – Critical Public Variable Without Final Modifier
Description The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values. If a...
CWE-492 – Use of Inner Class Containing Sensitive Data
Description Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to...