Read Time:9 Second
Description
The code uses too many unconditional branches (such as
“goto”).
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Category Archives: CWE
CWE-112 – Missing XML Validation
Read Time:26 Second
Description
The software accepts XML from an untrusted source but does not validate the XML against the proper schema.
Most successful attacks begin with a violation of the programmer’s assumptions. By accepting an XML document without validating it against a DTD or XML schema, the programmer leaves a door open for attackers to provide unexpected, unreasonable, or malicious input.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Integrity: Unexpected State
Potential Mitigations
Phase: Architecture and Design
Description:
CVE References
CWE-1085 – Invokable Control Element with Excessive Volume of Commented-out Code
Read Time:12 Second
Description
A function, method, procedure, etc. contains an excessive amount of code that has been
commented out within its body.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1086 – Class with Excessive Number of Child Classes
Read Time:9 Second
Description
A class contains an unnecessarily large number of
children.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1087 – Class with Virtual Method without a Virtual Destructor
Read Time:11 Second
Description
A class contains a virtual method, but the method does not have an associated virtual destructor.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1088 – Synchronous Access of Remote Resource without Timeout
Read Time:13 Second
Description
The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1089 – Large Data Table with Excessive Number of Indices
Read Time:10 Second
Description
The software uses a large data table that contains an excessively large number of
indices.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-109 – Struts: Validator Turned Off
Read Time:22 Second
Description
Automatic filtering via a Struts bean has been turned off, which disables the Struts Validator and custom validation logic. This exposes the application to other weaknesses related to insufficient input validation.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Access Control: Bypass Protection Mechanism
Potential Mitigations
Phase: Implementation
Description:
Ensure that an action form mapping enables validation. Set the validate field to true.
CVE References
CWE-1090 – Method Containing Access of a Member Element from Another Class
Read Time:11 Second
Description
A method for a class performs an operation that directly
accesses a member element from another class.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1091 – Use of Object without Invoking Destructor Method
Read Time:12 Second
Description
The software contains a method that accesses an object but does not later invoke
the element’s associated finalize/destructor method.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance