CWE-591 – Sensitive Data Storage in Improperly Locked Memory
Description The application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be...
CWE-592 – DEPRECATED: Authentication Bypass Issues
Description This weakness has been deprecated because it covered redundant concepts already described in CWE-287. Modes of Introduction: Related Weaknesses Consequences ...
CWE-593 – Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
Description The software modifies the SSL context after connection creation has begun. If the program modifies the SSL_CTX object after creating SSL objects from it,...
CWE-594 – J2EE Framework: Saving Unserializable Objects to Disk
Description When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully. In heavy load...
CWE-595 – Comparison of Object References Instead of Object Contents
Description The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects. For example, in Java, comparing...
CWE-596 – DEPRECATED: Incorrect Semantic Object Comparison
Description This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate...
CWE-597 – Use of Wrong Operator in String Comparison
Description The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead. In Java,...
CWE-598 – Use of GET Request Method With Sensitive Query Strings
Description The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that request. The...
CWE-599 – Missing Validation of OpenSSL Certificate
Description The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security...
CWE-6 – J2EE Misconfiguration: Insufficient Session-ID Length
Description The J2EE application is configured to use an insufficient session ID length. If an attacker can guess or steal a session ID, then they...