...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
CWE-266 "Incorrect Privilege Assignment" |
...
| CWE-272 "Least Privilege Violation" |
|
...
...
-732 "Incorrect Permission Assignment for Critical Resource" |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup |
...
" ac:schema-version="1" ac:macro-id="a53a623c-1642-41db-b60e-bd8c9dfc3899"><ac:plain-text-body><![CDATA[ | [[API |
...
2006 |
...
AA. |
...
Bibliography#API |
...
06] |
...
] |
...
[method |
...
doPrivileged() |
...
http://java.sun.com/javase/6/docs/api/java/security/AccessController.html#doPrivileged(java.security.PrivilegedAction)] |
...
]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="59f0c6e3-f418-472b-ac4b-76573fe64999"><ac:plain-text-body><![CDATA[ | [[Gong |
...
2003 |
...
AA. |
...
Bibliography#Gong |
...
03] |
...
] |
...
Sections |
...
6.4, |
...
"AccessController" |
...
]]></ac:plain-text-body></ac:structured-macro> | |
| 9.5 |
...
"Privileged |
...
Code" | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="09f8a7f6-3e89-4f76-93a7-306f0bc53b22"><ac:plain-text-body><![CDATA[ | [[Jovanovic |
...
2006 |
...
AA. |
...
Bibliography#Jovanovic |
...
06] |
...
] |
...
"Pixy: |
...
A |
...
Static |
...
Analysis |
...
Tool |
...
for |
...
Detecting |
...
Web |
...
Application |
...
Vulnerabilities" | ]]></ac:plain-text-body></ac:structured-macro> |
...
SEC02-J. Do not allow doPrivileged() blocks to leak sensitive information outside a trust boundary 14. Platform Security (SEC) SEC04-J. Do not expose standard APIs that bypass Security Manager checks to untrusted code