Read Time:9 Second
Description
The product does not have documentation that represents how it is designed.
Modes of Introduction:
Related Weaknesses
Consequences
CWE-1052 – Excessive Use of Hard-Coded Literals in Initialization
Read Time:12 Second
Description
The software initializes a data element using a hard-coded
literal that is not a simple integer or static constant element.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1051 – Initialization with Hard-Coded Network Resource Configuration Data
Read Time:10 Second
Description
The software initializes data using hard-coded values that act as network resource identifiers.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1050 – Excessive Platform Resource Consumption within a Loop
Read Time:15 Second
Description
The software has a loop body or loop condition that contains a control element that directly or
indirectly consumes platform resources, e.g. messaging, sessions, locks, or file
descriptors.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-105 – Struts: Form Field Without Validator
Read Time:52 Second
Description
The application has a form field that is not validated by a corresponding validation form, which can introduce other weaknesses related to insufficient input validation.
Omitting validation for even a single input field may give attackers the leeway they need to compromise the application. Although J2EE applications are not generally susceptible to memory corruption attacks, if a J2EE application interfaces with native code that does not perform array bounds checking, an attacker may be able to use an input validation mistake in the J2EE application to launch a buffer overflow attack.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity: Unexpected State
Integrity: Bypass Protection Mechanism
If unused fields are not validated, shared business logic in an action may allow attackers to bypass the validation checks that are performed for other uses of the form.
Potential Mitigations
Phase: Implementation
Description:
Validate all form fields. If a field is unused, it is still important to constrain it so that it is empty or undefined.
CVE References
CWE-1049 – Excessive Data Query Operations in a Large Data Table
Read Time:12 Second
Description
The software performs a data query with a large number of joins
and sub-queries on a large data table.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-1048 – Invokable Control Element with Large Number of Outward Calls
Read Time:16 Second
Description
The code contains callable control elements that
contain an excessively large number of references to other
application objects external to the context of the callable,
i.e. a Fan-Out value that is excessively large.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1047 – Modules with Circular Dependencies
Read Time:12 Second
Description
The software contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1046 – Creation of Immutable Text Using String Concatenation
Read Time:9 Second
Description
The software creates an immutable text string using string concatenation operations.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-1045 – Parent Class with a Virtual Destructor and a Child Class without a Virtual Destructor
Read Time:12 Second
Description
A parent class has a virtual destructor method, but the parent has a child class that does not have a virtual destructor.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability