CWE-581 – Object Model Violation: Just One of Equals and Hashcode Defined
Description The software does not maintain equal hashcodes for equal objects. Java objects are expected to obey a number of invariants related to equality. One...
CWE-582 – Array Declared Public, Final, and Static
Description The program declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified. Because arrays are...
CWE-583 – finalize() Method Declared Public
Description The program violates secure coding principles for mobile code by declaring a finalize() method public. A program should never call finalize explicitly, except to...
CWE-545 – DEPRECATED: Use of Dynamic Class Loading
Description This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into...
CWE-546 – Suspicious Comment
Description The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses. Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2,...
CWE-547 – Use of Hard-coded, Security-relevant Constants
Description The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy...
CWE-548 – Exposure of Information Through Directory Listing
Description A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all...
CWE-549 – Missing Password Field Masking
Description The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. Modes of Introduction: - Implementation ...
CWE-55 – Path Equivalence: ‘/./’ (Single Dot Directory)
Description A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path...
CWE-550 – Server-generated Error Message Containing Sensitive Information
Description Certain conditions, such as network failure, will cause a server error message to be displayed. While error messages in and of themselves are not...