CWE-245 – J2EE Bad Practices: Direct Management of Connections
Description The J2EE application directly manages connections, instead of using the container's connection management facilities. The J2EE standard forbids the direct management of connections. It...
CWE-244 – Improper Clearing of Heap Memory Before Release (‘Heap Inspection’)
Description Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory....
CWE-243 – Creation of chroot Jail Without Changing Working Directory
Description The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access...
CWE-242 – Use of Inherently Dangerous Function
Description The program calls a function that can never be guaranteed to work safely. Certain functions behave in dangerous ways regardless of how they are...
CWE-241 – Improper Handling of Unexpected Data Type
Description The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but...
CWE-240 – Improper Handling of Inconsistent Structural Elements
Description The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. Modes of Introduction: -...
CWE-24 – Path Traversal: ‘../filedir’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences...
CWE-239 – Failure to Handle Incomplete Element
Description The software does not properly handle when a particular element is not completely specified. Modes of Introduction: - Architecture and Design Related...
CWE-238 – Improper Handling of Incomplete Structural Elements
Description The software does not handle or incorrectly handles when a particular structural element is not completely specified. Modes of Introduction: - Architecture and Design...
CWE-237 – Improper Handling of Structural Elements
Description The software does not handle or incorrectly handles inputs that are related to complex structures. Modes of Introduction: Related Weaknesses CWE-228 ...