CWE-525 – Use of Web Browser Cache Containing Sensitive Information
Description The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should...
CWE-526 – Exposure of Sensitive Information Through Environmental Variables
Description Environmental variables may contain sensitive information about a remote server. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-497 Consequences...
CWE-483 – Incorrect Block Delimitation
Description The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error. In some languages,...
CWE-484 – Omitted Break Statement in Switch
Description The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems...
CWE-486 – Comparison of Classes by Name
Description The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name. If...
CWE-487 – Reliance on Package-level Scope
Description Java packages are not inherently closed; therefore, relying on them for code security is not a good practice. The purpose of package scope is...
CWE-488 – Exposure of Data Element to Wrong Session
Description The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong...
CWE-489 – Active Debug Code
Description The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information....
CWE-49 – Path Equivalence: ‘filename/’ (Trailing Slash)
Description A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and...
CWE-491 – Public cloneable() Method Without Final (‘Object Hijack’)
Description A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can...