CWE-600 – Uncaught Exception in Servlet
Description The Servlet does not catch all exceptions, which may reveal sensitive debugging information. When a Servlet throws an exception, the default error response the...
CWE-601 – URL Redirection to Untrusted Site (‘Open Redirect’)
Description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies...
CWE-565 – Reliance on Cookies without Validation and Integrity Checking
Description The application relies on the existence or values of cookies when performing security-critical operations, but it does not properly ensure that the setting is...
CWE-566 – Authorization Bypass Through User-Controlled SQL Primary Key
Description The software uses a database table that includes records that should not be accessible to an actor, but it executes a SQL statement with...
CWE-567 – Unsynchronized Access to Shared Data in a Multithreaded Context
Description The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes....
CWE-568 – finalize() Method Without super.finalize()
Description The software contains a finalize() method that does not call super.finalize(). The Java Language Specification states that it is a good practice for a...
CWE-57 – Path Equivalence: ‘fakedir/../realdir/filename’
Description The software contains protection mechanisms to restrict access to 'realdir/filename', but it constructs pathnames using external input in the form of 'fakedir/../realdir/filename' that are...
CWE-570 – Expression is Always False
Description The software contains an expression that will always evaluate to false. Modes of Introduction: - Implementation Related Weaknesses CWE-710 CWE-561 Consequences...
CWE-571 – Expression is Always True
Description The software contains an expression that will always evaluate to true. Modes of Introduction: - Implementation Related Weaknesses CWE-710 CWE-561 Consequences...
CWE-572 – Call to Thread run() instead of start()
Description The program calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead...