CWE-385 – Covert Timing Channel
Description Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system...
CWE-384 – Session Fixation
Description Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated...
CWE-383 – J2EE Bad Practices: Direct Use of Threads
Description Thread management in a Web application is forbidden in some circumstances and is always highly error prone. Thread management in a web application is...
CWE-382 – J2EE Bad Practices: Use of System.exit()
Description A J2EE application uses System.exit(), which also shuts down its container. It is never a good idea for a web application to attempt to...
CWE-38 – Path Traversal: ‘absolutepathnamehere’
Description A software system that accepts input in the form of a backslash absolute path ('absolutepathnamehere') without appropriate validation can allow an attacker to traverse...
CWE-379 – Creation of Temporary File in Directory with Insecure Permissions
Description The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file....
CWE-378 – Creation of Temporary File With Insecure Permissions
Description Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack. Modes...
CWE-377 – Insecure Temporary File
Description Creating and using insecure temporary files can leave application and system data vulnerable to attack. Modes of Introduction: - Architecture and Design ...
CWE-375 – Returning a Mutable Object to an Untrusted Caller
Description Sending non-cloned mutable data as a return value may result in that data being altered or deleted by the calling function. In situations where...
CWE-374 – Passing Mutable Objects to an Untrusted Method
Description The program sends non-cloned mutable data as an argument to a method or function. The function or method that has been called can alter...