...
Wiki Markup |
---|
\[[API 06|AA. Java References#API 06]\] [Class Object| http://java.sun.com/javase/6/docs/api/java/lang/Object.html] \[[Goetz 06b|AA. Java References#Goetz 06b]\] \[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 405|http://cwe.mitre.org/data/definitions/405.html] "Asymmetric Resource Consumption (Amplification)", [CWE ID 404|http://cwe.mitre.org/data/definitions/404.html] "Improper Resource Shutdown or Release", [CWE ID 459 |http://cwe.mitre.org/data/definitions/459.html] "Incomplete Cleanup" |
...
SER32FIO31-J. Do not allow serialization and deserialization to bypass the Security ManagerDefensively copy mutable inputs and mutable internal components 08. Input Output (FIO) FIO33-J. Exclude user input from format strings