CWE-382: J2EE Bad Practices: Use of System.exit()
ID
CWE-382
Abstraction
Variant
Structure
Simple
Status
Draft
A J2EE application uses System.exit(), which also shuts down its container.
It is never a good idea for a web application to attempt to shut down the application container. Access to a function that can shut down the application is an avenue for Denial of Service (DoS) attacks.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | A call to System.exit() is probably part of leftover debug code or code imported from a non-J2EE application. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | Java |
Loading...