CWE-245 – J2EE Bad Practices: Direct Management of Connections

Read Time:30 Second

Description

The J2EE application directly manages connections, instead of using the container’s connection management facilities.

The J2EE standard forbids the direct management of connections. It requires that applications use the container’s resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-695

 

Consequences

Other: Quality Degradation

 

Potential Mitigations

CVE References

CWE-244 – Improper Clearing of Heap Memory Before Release (‘Heap Inspection’)

Read Time:58 Second

Description

Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory.

When sensitive data such as a password or an encryption key is not removed from memory, it could be exposed to an attacker using a “heap inspection” attack that reads the sensitive data using memory dumps or other methods. The realloc() function is commonly used to increase the size of a block of allocated memory. This operation often requires copying the contents of the old memory block into a new and larger block. This operation leaves the contents of the original block intact but inaccessible to the program, preventing the program from being able to scrub sensitive data from memory. If an attacker can later examine the contents of a memory dump, the sensitive data could be exposed.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-226
CWE-669

 

Consequences

Confidentiality, Other: Read Memory, Other

Be careful using vfork() and fork() in security sensitive code. The process state will not be cleaned up and will contain traces of data from past use.

 

Potential Mitigations

CVE References

CWE-243 – Creation of chroot Jail Without Changing Working Directory

Read Time:1 Minute, 2 Second

Description

The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail.

Improper use of chroot() may allow attackers to escape from the chroot jail. The chroot() function call does not change the process’s current working directory, so relative paths may still refer to file system resources outside of the chroot jail after chroot() has been called.

The chroot() system call allows a process to change its perception of the root directory of the file system. After properly invoking chroot(), a process cannot access any files outside the directory tree defined by the new root directory. Such an environment is called a chroot jail and is commonly used to prevent the possibility that a processes could be subverted and used to access unauthorized files. For instance, many FTP servers run in chroot jails to prevent an attacker who discovers a new vulnerability in the server from being able to download the password file or other sensitive files on the system.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-573
CWE-669

 

Consequences

Confidentiality: Read Files or Directories

 

Potential Mitigations

CVE References

CWE-242 – Use of Inherently Dangerous Function

Read Time:51 Second

Description

The program calls a function that can never be guaranteed to work safely.

Certain functions behave in dangerous ways regardless of how they are used. Functions in this category were often implemented without taking security concerns into account. The gets() function is unsafe because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to gets() and overflow the destination buffer. Similarly, the >> operator is unsafe to use when reading into a statically-allocated character array because it does not perform bounds checking on the size of its input. An attacker can easily send arbitrarily-sized input to the >> operator and overflow the destination buffer.

Modes of Introduction:

– Implementation

 

Likelihood of Exploit: High

 

Related Weaknesses

CWE-1177

 

Consequences

Other: Varies by Context

 

Potential Mitigations

Phase: Implementation, Requirements

Description: 

Ban the use of dangerous functions. Use their safe equivalent.

Phase: Testing

Description: 

Use grep or static analysis tools to spot usage of dangerous functions.

CVE References

CWE-241 – Improper Handling of Unexpected Data Type

Read Time:43 Second

Description

The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z).

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-228

 

Consequences

Integrity, Other: Varies by Context, Unexpected State

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

  • CVE-1999-1156
    • FTP server crash via PORT command with non-numeric character.
  • CVE-2004-0270
    • Anti-virus product has assert error when line length is non-numeric.

CWE-240 – Improper Handling of Inconsistent Structural Elements

Read Time:15 Second

Description

The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-237
CWE-707

 

Consequences

Integrity, Other: Varies by Context, Unexpected State

 

Potential Mitigations

CVE References

CWE-24 – Path Traversal: ‘../filedir’

Read Time:36 Second

Description

The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize “../” sequences that can resolve to a location that is outside of that directory.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-23

 

Consequences

Confidentiality, Integrity: Read Files or Directories, Modify Files or Directories

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Implementation

Description: 

Inputs should be decoded and canonicalized to the application’s current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.

CVE References

CWE-239 – Failure to Handle Incomplete Element

Read Time:31 Second

Description

The software does not properly handle when a particular element is not completely specified.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-237
CWE-404

 

Consequences

Integrity, Other: Varies by Context, Unexpected State

 

Potential Mitigations

CVE References

  • CVE-2002-1532
    • HTTP GET without rnrn CRLF sequences causes product to wait indefinitely and prevents other users from accessing it.
  • CVE-2005-2526
    • MFV. CPU exhaustion in printer via partial printing request then early termination of connection.
  • CVE-2002-1906
    • CPU consumption by sending incomplete HTTP requests and leaving the connections open.