CWE-246 – J2EE Bad Practices: Direct Use of Sockets
Description The J2EE application directly uses sockets instead of using framework method calls. Modes of Introduction: - Architecture and Design Related Weaknesses CWE-695...
CWE-247 – DEPRECATED: Reliance on DNS Lookups in a Security Decision
Description This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. Modes of Introduction: ...
CWE-248 – Uncaught Exception
Description An exception is thrown from a function, but it is not caught. When an exception is not caught, it may cause the program to...
CWE-249 – DEPRECATED: Often Misused: Path Manipulation
Description This entry has been deprecated because of name confusion and an accidental combination of multiple weaknesses. Most of its content has been transferred to...
CWE-25 – Path Traversal: ‘/../filedir’
Description The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "/../" sequences...
CWE-250 – Execution with Unnecessary Privileges
Description The software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the...
CWE-252 – Unchecked Return Value
Description The software does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions. Two...
CWE-253 – Incorrect Check of Function Return Value
Description The software incorrectly checks a return value from a function, which prevents the software from detecting errors or exceptional conditions. Important and common functions...
CWE-256 – Plaintext Storage of a Password
Description Storing a password in plaintext may result in a system compromise. Password management issues occur when a password is stored in plaintext in an...
CWE-257 – Storing Passwords in a Recoverable Format
Description The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted...