Read Time:39 Second

Description

The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-820
CWE-662
CWE-662
CWE-488

 

Consequences

Confidentiality, Integrity, Availability: Read Application Data, Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart

If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly.

 

Potential Mitigations

Phase: Implementation

Description: 

Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables.

CVE References