Read Time:11 Second
Description
The code contains a class instance that calls the method or function to delete or destroy itself.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
All posts by rocco
CWE-1083 – Data Access from Outside Expected Data Manager Component
Read Time:16 Second
Description
The software is intended to manage data access through a particular data manager component such as a relational or non-SQL database, but it contains code that performs data access operations without using that component.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1084 – Invokable Control Element with Excessive File or Data Access Operations
Read Time:11 Second
Description
A function or method contains too many
operations that utilize a data manager or file resource.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1048 – Invokable Control Element with Large Number of Outward Calls
Read Time:16 Second
Description
The code contains callable control elements that
contain an excessively large number of references to other
application objects external to the context of the callable,
i.e. a Fan-Out value that is excessively large.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1049 – Excessive Data Query Operations in a Large Data Table
Read Time:12 Second
Description
The software performs a data query with a large number of joins
and sub-queries on a large data table.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-105 – Struts: Form Field Without Validator
Read Time:52 Second
Description
The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity: Unexpected State
Integrity: Bypass Protection Mechanism
If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form.
Potential Mitigations
Phase: Implementation
Description:
Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined.
CVE References
CWE-1050 – Excessive Platform Resource Consumption within a Loop
Read Time:15 Second
Description
The software has a loop body or loop condition that contains a control element that directly or
indirectly consumes platform resources, e.g. messaging, sessions, locks, or file
descriptors.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-1051 – Initialization with Hard-Coded Network Resource Configuration Data
Read Time:10 Second
Description
The software initializes data using hard-coded values that act as network resource identifiers.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1052 – Excessive Use of Hard-Coded Literals in Initialization
Read Time:12 Second
Description
The software initializes a data element using a hard-coded
literal that is not a simple integer or static constant element.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1053 – Missing Documentation for Design
Read Time:9 Second
Description
The product does not have documentation that represents how it is designed.
Modes of Introduction:
Related Weaknesses
Consequences