1. Home
  2. Weaknesses
  3. CWE-660

CWE-660: Weaknesses in Software Written in Java

ID CWE-660
Type Implicit
Status Draft
Detail Web & Social
This view (slice) covers issues that are found in Java programs that are not common to all languages.

Relationships

Type # ID Name Abstraction Structure Status
Weakness CWE-102 Struts: Duplicate Validation Forms Variant Simple Incomplete
Weakness CWE-103 Struts: Incomplete validate() Method Definition Variant Simple Draft
Weakness CWE-104 Struts: Form Bean Does Not Extend Validation Class Variant Simple Draft
Weakness CWE-105 Struts: Form Field Without Validator Variant Simple Draft
Weakness CWE-106 Struts: Plug-in Framework not in Use Variant Simple Draft
Weakness CWE-107 Struts: Unused Validation Form Variant Simple Draft
Weakness CWE-108 Struts: Unvalidated Action Form Variant Simple Incomplete
Weakness CWE-109 Struts: Validator Turned Off Variant Simple Draft
Weakness CWE-110 Struts: Validator Without Form Field Variant Simple Draft
Weakness CWE-111 Direct Use of Unsafe JNI Variant Simple Draft
Weakness CWE-1235 Incorrect Use of Autoboxing and Unboxing for Performance Critical Operations Base Simple Incomplete
Weakness CWE-1335 Incorrect Bitwise Shift of Integer Base Simple Draft
Weakness CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine Base Simple Incomplete
Weakness CWE-1341 Multiple Releases of Same Resource or Handle Base Simple Incomplete
Weakness CWE-191 Integer Underflow (Wrap or Wraparound) Base Simple Draft
Weakness CWE-192 Integer Coercion Error Variant Simple Incomplete
Weakness CWE-197 Numeric Truncation Error Base Simple Incomplete
Weakness CWE-209 Generation of Error Message Containing Sensitive Information Base Simple Draft
Weakness CWE-245 J2EE Bad Practices: Direct Management of Connections Variant Simple Draft
Weakness CWE-246 J2EE Bad Practices: Direct Use of Sockets Variant Simple Draft
Weakness CWE-248 Uncaught Exception Base Simple Draft
Weakness CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Class Simple Draft
Weakness CWE-366 Race Condition within a Thread Base Simple Draft
Weakness CWE-374 Passing Mutable Objects to an Untrusted Method Base Simple Draft
Weakness CWE-375 Returning a Mutable Object to an Untrusted Caller Base Simple Draft
Weakness CWE-382 J2EE Bad Practices: Use of System.exit() Variant Simple Draft
Weakness CWE-383 J2EE Bad Practices: Direct Use of Threads Variant Simple Draft
Weakness CWE-395 Use of NullPointerException Catch to Detect NULL Pointer Dereference Base Simple Draft
Weakness CWE-396 Declaration of Catch for Generic Exception Base Simple Draft
Weakness CWE-397 Declaration of Throws for Generic Exception Base Simple Draft
Weakness CWE-460 Improper Cleanup on Thrown Exception Base Simple Draft
Weakness CWE-462 Duplicate Key in Associative List (Alist) Variant Simple Incomplete
Weakness CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Base Simple Draft
Weakness CWE-476 NULL Pointer Dereference Base Simple Stable
Weakness CWE-478 Missing Default Case in Multiple Condition Expression Base Simple Draft
Weakness CWE-481 Assigning instead of Comparing Variant Simple Draft
Weakness CWE-484 Omitted Break Statement in Switch Base Simple Draft
Weakness CWE-486 Comparison of Classes by Name Variant Simple Draft
Weakness CWE-487 Reliance on Package-level Scope Base Simple Incomplete
Weakness CWE-491 Public cloneable() Method Without Final ('Object Hijack') Variant Simple Draft
Weakness CWE-492 Use of Inner Class Containing Sensitive Data Variant Simple Draft
Weakness CWE-493 Critical Public Variable Without Final Modifier Variant Simple Draft
Weakness CWE-495 Private Data Structure Returned From A Public Method Variant Simple Draft
Weakness CWE-496 Public Data Assigned to Private Array-Typed Field Variant Simple Incomplete
Weakness CWE-498 Cloneable Class Containing Sensitive Information Variant Simple Draft
Weakness CWE-499 Serializable Class Containing Sensitive Data Variant Simple Draft
Weakness CWE-5 J2EE Misconfiguration: Data Transmission Without Encryption Variant Simple Draft
Weakness CWE-500 Public Static Field Not Marked Final Variant Simple Draft
Weakness CWE-502 Deserialization of Untrusted Data Base Simple Draft
Weakness CWE-537 Java Runtime Error Message Containing Sensitive Information Variant Simple Incomplete
Weakness CWE-543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context Variant Simple Incomplete
Weakness CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context Base Simple Draft
Weakness CWE-568 finalize() Method Without super.finalize() Variant Simple Draft
Weakness CWE-572 Call to Thread run() instead of start() Variant Simple Draft
Weakness CWE-574 EJB Bad Practices: Use of Synchronization Primitives Variant Simple Draft
Weakness CWE-575 EJB Bad Practices: Use of AWT Swing Variant Simple Draft
Weakness CWE-576 EJB Bad Practices: Use of Java I/O Variant Simple Draft
Weakness CWE-577 EJB Bad Practices: Use of Sockets Variant Simple Draft
Weakness CWE-578 EJB Bad Practices: Use of Class Loader Variant Simple Draft
Weakness CWE-579 J2EE Bad Practices: Non-serializable Object Stored in Session Variant Simple Draft
Weakness CWE-580 clone() Method Without super.clone() Variant Simple Draft
Weakness CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined Variant Simple Draft
Weakness CWE-582 Array Declared Public, Final, and Static Variant Simple Draft
Weakness CWE-583 finalize() Method Declared Public Variant Simple Incomplete
Weakness CWE-585 Empty Synchronized Block Variant Simple Draft
Weakness CWE-586 Explicit Call to Finalize() Base Simple Draft
Weakness CWE-594 J2EE Framework: Saving Unserializable Objects to Disk Variant Simple Incomplete
Weakness CWE-595 Comparison of Object References Instead of Object Contents Variant Simple Incomplete
Weakness CWE-6 J2EE Misconfiguration: Insufficient Session-ID Length Variant Simple Incomplete
Weakness CWE-607 Public Static Final Field References Mutable Object Variant Simple Draft
Weakness CWE-608 Struts: Non-private Field in ActionForm Class Variant Simple Draft
Weakness CWE-609 Double-Checked Locking Base Simple Draft
Weakness CWE-7 J2EE Misconfiguration: Missing Custom Error Page Variant Simple Incomplete
Weakness CWE-766 Critical Data Element Declared Public Base Simple Incomplete
Weakness CWE-767 Access to Critical Private Variable via Public Method Base Simple Incomplete
Weakness CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Base Simple Incomplete
Weakness CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Variant Simple Incomplete