CWE-582 – Array Declared Public, Final, and Static
Description The program declares an array public, final, and static, which is not sufficient to prevent the array's contents from being modified. Because arrays are...
CWE-583 – finalize() Method Declared Public
Description The program violates secure coding principles for mobile code by declaring a finalize() method public. A program should never call finalize explicitly, except to...
CWE-545 – DEPRECATED: Use of Dynamic Class Loading
Description This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into...
CWE-546 – Suspicious Comment
Description The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses. Many suspicious comments, such as BUG, HACK, FIXME, LATER, LATER2,...
CWE-547 – Use of Hard-coded, Security-relevant Constants
Description The program uses hard-coded constants instead of symbolic names for security-critical values, which increases the likelihood of mistakes during code maintenance or security policy...
CWE-548 – Exposure of Information Through Directory Listing
Description A directory listing is inappropriately exposed, yielding potentially sensitive information to attackers. A directory listing provides an attacker with the complete index of all...
CWE-549 – Missing Password Field Masking
Description The software does not mask passwords during entry, increasing the potential for attackers to observe and capture passwords. Modes of Introduction: - Implementation ...
CWE-55 – Path Equivalence: ‘/./’ (Single Dot Directory)
Description A software system that accepts path input in the form of single dot directory exploit ('/./') without appropriate validation can lead to ambiguous path...
CWE-551 – Incorrect Behavior Order: Authorization Before Parsing and Canonicalization
Description If a web server does not fully parse requested URLs before it examines them for authorization, it may be possible for an attacker to...