Read Time:9 Second
Description
The software uses the same control element across multiple
architectural layers.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Category Archives: CWE
CWE-1093 – Excessively Complex Data Representation
Read Time:12 Second
Description
The software uses an unnecessarily complex internal representation for its data structures or interrelationships between those structures.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-1094 – Excessive Index Range Scan for a Data Resource
Read Time:12 Second
Description
The software contains an index range scan for a large data table,
but the scan can cover a large number of rows.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Performance
Potential Mitigations
CVE References
CWE-1095 – Loop Condition Value Update within the Loop
Read Time:13 Second
Description
The software uses a loop with a control flow condition based on
a value that is updated within the body of the loop.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Maintainability
Potential Mitigations
CVE References
CWE-1096 – Singleton Class Instance Creation without Proper Locking or Synchronization
Read Time:15 Second
Description
The software implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1097 – Persistent Storable Data Element without Associated Comparison Control Element
Read Time:14 Second
Description
The software uses a storable data element that does not have
all of the associated functions or methods that are necessary to support
comparison.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1098 – Data Element containing Pointer Item without Proper Copy Control Element
Read Time:12 Second
Description
The code contains a data element with a pointer that does not have an associated copy or constructor method.
Modes of Introduction:
Related Weaknesses
Consequences
Other: Reduce Reliability
Potential Mitigations
CVE References
CWE-1099 – Inconsistent Naming Conventions for Identifiers
Read Time:15 Second
Description
The product’s code, documentation, or other artifacts do not
consistently use the same naming conventions for variables, callables, groups of
related callables, I/O capabilities, data types, file names, or similar types of
elements.
Modes of Introduction:
Related Weaknesses
Consequences
Potential Mitigations
CVE References
CWE-11 – ASP.NET Misconfiguration: Creating Debug Binary
Read Time:51 Second
Description
Debugging messages help attackers learn about the system and plan a form of attack.
ASP .NET applications can be configured to produce debug binaries. These binaries give detailed debugging messages and should not be used in production environments. Debug binaries are meant to be used in a development or testing environment and can pose a security risk if they are deployed to production.
The debug attribute of the tag defines whether compiled binaries should include debugging information. The use of debug binaries causes an application to provide as much information about itself as possible to the user.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Confidentiality: Read Application Data
Attackers can leverage the additional information they gain from debugging output to mount attacks targeted on the framework, database, or other resources used by the application.
Potential Mitigations
Phase: System Configuration
Description:
Avoid releasing debug binaries into the production environment. Change the debug mode to false when the application is deployed into production.
CVE References
CWE-110 – Struts: Validator Without Form Field
Read Time:29 Second
Description
Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date.
Modes of Introduction:
– Implementation
Related Weaknesses
Consequences
Other: Other
It is critically important that validation logic be maintained and kept in sync with the rest of the application. Unchecked input is the root cause of some of today’s worst and most common software security problems. Cross-site scripting, SQL injection, and process control vulnerabilities all stem from incomplete or absent input validation.