Description
The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-820
CWE-662
CWE-662
CWE-488
Consequences
Confidentiality, Integrity, Availability: Read Application Data, Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
If the shared variable contains sensitive data, it may be manipulated or displayed in another user session. If this data is used to control the application, its value can be manipulated to cause the application to crash or perform poorly.
Potential Mitigations
Phase: Implementation
Description:
Remove the use of static variables used between servlets. If this cannot be avoided, use synchronized access for these variables.