| Info |
|---|
This page was automatically generated and should not be edited. The information on this page was provided by outside contributors and has not been verified by SEI CERT. |
CERT Rule | Related Guidelines | ||
|---|---|---|---|
| IDS00-J | CWE-116, Improper Encoding or Escaping of Output | ||
| IDS01-J | CWE-289, Authentication bypass by alternate name | ||
| IDS01-J | CWE-180, Incorrect behavior order: Validate before canonicalize | ||
| IDS03-J | CWE-144, Improper neutralization of line delimiters | ||
| IDS03-J | CWE-150, Improper neutralization of escape, meta, or control sequences | ||
| IDS03-J | CWE-117, Improper Output Neutralization for Logs Logs | ||
| IDS04-J | CWE-409, Improper Handling of Highly Compressed Data (Data Amplification) | ||
| IDS06-J | CWE-134, Uncontrolled Format String | ||
| IDS07-J | CWE-78, Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection") | ||
| IDS08-J | CWE-625, Permissive Regular Expression | ||
| IDS11-J | CWE-182, Collapse of Data into Unsafe Value | ||
| IDS16-J | CWE-116, Improper Encoding or Escaping of Output | ||
| IDS17-J | CWE-116, Improper Encoding or Escaping of Output | ||
| DCL00-J | CWE-665, Improper Initialization | ||
| EXP00-J | CWE-252, Unchecked Return Value | ||
| EXP01-J | CWE-476, NULL Pointer Dereference | ||
| EXP02-J | CWE-595, Comparison of Object References Instead of Object Contents | ||
| EXP03-J | CWE-595, Comparison of Object References Instead of Object Contents | ||
| EXP03-J | CWE-597, Use of Wrong Operator in String Comparison | ||
| NUM00-J | CWE-682, Incorrect Calculation | ||
| NUM00-J | CWE-190, Integer Overflow or Wraparound | ||
| NUM00-J | CWE-191, Integer Underflow (Wrap or Wraparound) | ||
| NUM02-J | CWE-369, Divide by Zero | ||
| NUM12-J | CWE-681, Incorrect Conversion between Numeric Types | ||
| NUM12-J | CWE-197, Numeric Truncation Error | ||
| STR03-J | CWE-838, Inappropriate Encoding for Output Context | ||
| OBJ01-J | CWE-766, Critical Variable Declared Public | ||
| OBJ04-J | CWE-374, Passing Mutable Objects to an Untrusted Method | ||
| OBJ04-J | CWE-375, Returning a Mutable Object to an Untrusted Caller | ||
| OBJ05-J | CWE-375, Returning a Mutable Object to an Untrusted Caller | ||
| OBJ07-J | CWE-498, Cloneable Class Containing Sensitive Information | ||
| OBJ07-J | CWE-491, Public cloneable() Method without Final (aka "Object Hijack") | ||
| OBJ08-J | CWE-492, Use of Inner Class Containing Sensitive Data | ||
| OBJ09-J | CWE-486, Comparison of Classes by Name | ||
| OBJ10-J | CWE-493, Critical Public Variable without Final Modifier | ||
| OBJ10-J | CWE-500, Public Static Field Not Marked Final | ||
| OBJ14-J | CWE-416, Use After Free | ||
| MET01-J | CWE-617, Reachable Assertion | ||
| MET02-J | CWE-589, Call to Non-ubiquitous API | ||
| MET04-J | CWE-487, Reliance on Package-Level Scope | ||
| MET08-J | CWE-697, Insufficient Comparison | ||
| MET09-J | CWE-581, Object Model Violation: Just One of equals and hashcode Defined | ||
| MET10-J | CWE-573, Improper Following of Specification by Caller | ||
| MET12-J | CWE-586, Explicit call to Finalize() | ||
| MET12-J | CWE-583, finalize() Method Declared Public | ||
| MET12-J | CWE-568, finalize() Method without super.finalize() | ||
| ERR00-J | CWE-390, Detection of Error Condition without Action | ||
| ERR01-J | CWE-209, Information Exposure through an Error Message | ||
| ERR01-J | CWE-497, Exposure of System Data to an Unauthorized Control Sphere | ||
| ERR01-J | CWE-600, Uncaught Exception in Servlet | ||
| ERR03-J | CWE-460, Improper Cleanup on Thrown Exception | ||
| ERR04-J | CWE-459, Incomplete Cleanup | ||
| ERR04-J | CWE-584, Return Inside finally Block | ||
| ERR05-J | CWE-248, Uncaught Exception | ||
| ERR05-J | CWE-460, Improper Cleanup on Thrown Exception | ||
| ERR05-J | CWE-584, Return inside finally Block | ||
| ERR05-J | CWE-705, Incorrect Control Flow Scoping | ||
| ERR05-J | CWE-754, Improper Check for Unusual or Exceptional Conditions | ||
| ERR06-J | CWE-703, Improper Check or Handling of Exceptional Conditions | ||
| ERR06-J | CWE-248, Uncaught Exception | ||
| ERR07-J | CWE-397, Declaration of Throws for Generic Exception | ||
| ERR09-J | CWE-382, J2EE Bad Practices: Use of System.exit() | ||
| VNA00-J | CWE-413, Improper Resource Locking | ||
| VNA00-J | CWE-567, Unsynchronized Access to Shared Data in a Multithreaded Context | ||
| VNA00-J | CWE-667, Improper Locking | ||
| VNA03-J | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") | ||
| VNA03-J | CWE-366, Race Condition within a Thread | ||
| VNA03-J | CWE-662, Improper Synchronization | ||
| VNA05-J | CWE-667, Improper Locking | ||
| LCK00-J | CWE-412. Unrestricted externally accessible lock | ||
| LCK05-J | CWE-820, Missing Synchronization | ||
| LCK06-J | CWE-667, Improper Locking | ||
| LCK07-J | CWE-833, Deadlock | ||
| LCK08-J | CWE-883, Deadlock | ||
| LCK10-J | CWE-609, Double-checked Locking | ||
| THI00-J | CWE-572, Call to Thread run() instead of start() | ||
| THI05-J | CWE-705, Incorrect Control Flow Scoping | ||
| TPS00-J | CWE-405, Asymmetric Resource Consumption (Amplification) | ||
| TPS00-J | CWE-410, Insufficient Resource Pool | ||
| TPS03-J | CWE-392, Missing Report of Error Condition | ||
| FIO00-J | CWE-67, Improper Handling of Windows Device Names | ||
| FIO01-J | CWE-279, Incorrect Execution-Assigned Permissions | ||
| FIO01-J | CWE-276, Incorrect Default Permissions | ||
| FIO01-J | CWE-732, Incorrect Permission Assignment for Critical Resource | ||
| FIO03-J | CWE-377, Insecure Temporary File | ||
| FIO03-J | CWE-459, Incomplete Cleanup | ||
| FIO04-J | CWE-404, Improper Resource Shutdown or Release | ||
| FIO04-J | CWE-405, Asymmetric Resource Consumption (Amplification) | ||
| FIO04-J | CWE-459, Incomplete Cleanup | ||
| FIO04-J | CWE-770, Allocation of Resources without Limits or Throttling | ||
| FIO09-J | CWE-252, Unchecked Return Value | ||
| FIO10-J | CWE-135, Incorrect Calculation of Multi-byte String Length | ||
| FIO12-J | CWE-198, Use of Incorrect Byte Ordering | ||
| FIO13-J | CWE-359, Privacy Violation | ||
| FIO13-J | CWE-532, Information Exposure through Log Files | ||
| FIO13-J | CWE-533, Information Exposure through Server Log Files | ||
| FIO13-J | CWE-542, Information Exposure through Cleanup Log Files | ||
| FIO14-J | CWE-705, Incorrect Control Flow Scoping | ||
| FIO16-J | CWE-171, Cleansing, Canonicalization, and Comparison Errors | ||
| FIO16-J | CWE-647, Use of Non-canonical URL Paths for Authorization Decisions | ||
| SER00-J | CWE-589, Call to Non-ubiquitous API | ||
| SER01-J | CWE-502, Deserialization of Untrusted Data | ||
| SER02-J | CWE-319, Cleartext Transmission of Sensitive Information | ||
| SER03-J | CWE-499, Serializable Class Containing Sensitive Data | ||
| SER03-J | CWE-502, Deserialization of Untrusted Data | ||
| SER05-J | CWE-499, Serializable Class Containing Sensitive Data | ||
| SER06-J | CWE-502, Deserialization of Untrusted Data | ||
| SER07-J | CWE-502, "Deserialization of Untrusted Data" | ||
| SER08-J | CWE-250, Execution with Unnecessary Privileges | ||
| SER10-J | CWE-400, Uncontrolled Resource Consumption (aka "Resource Exhaustion") | ||
| SER10-J | CWE-770, Allocation of Resources without Limits or Throttling | ||
| SER12-J | CWE-502, Deserialization of Untrusted Data | SER13-J | CWE-502, Deserialization of Untrusted Data |
| SEC00-J | CWE-266, Incorrect Privilege Assignment | ||
| SEC00-J | CWE-272, Least Privilege Violation | ||
| SEC01-J | CWE-266, Incorrect Privilege Assignment | ||
| SEC01-J | CWE-272, Least Privilege Violation | ||
| SEC01-J | CWE-732, Incorrect Permission Assignment for Critical Resource | ||
| SEC02-J | CWE-302, Authentication Bypass by Assumed-Immutable Data | ||
| SEC02-J | CWE-470, Use of Externally-Controlled Input to Select Classes or Code ("Unsafe Reflection") | ||
| SEC06-J | CWE-300, Channel Accessible by Non-endpoint (aka "Man-in-the-Middle") | ||
| SEC06-J | CWE-319, Cleartext Transmission of Sensitive Information | ||
| SEC06-J | CWE-347, Improper Verification of Cryptographic Signature | ||
| SEC06-J | CWE-494, Download of Code without Integrity Check | ||
| ENV01-J | CWE-349, Acceptance of Extraneous Untrusted Data with Trusted Data | ||
| ENV03-J | CWE-732, Incorrect Permission Assignment for Critical Resource | ||
| JNI00-J | CWE-111, Direct Use of Unsafe JNI | ||
| MSC00-J | CWE-311, Failure to Encrypt Sensitive Data | ||
| MSC02-J | CWE-327, Use of a Broken or Risky Cryptographic Algorithm | ||
| MSC02-J | CWE-330, Use of Insufficiently Random Values | ||
| MSC02-J | CWE-332, Insufficient Entropy in PRNG | ||
| MSC02-J | CWE-336, Same Seed in PRNG | ||
| MSC02-J | CWE-337, Predictable Seed in PRNG | ||
| MSC03-J | CWE-259, Use of Hard-Coded Password | ||
| MSC03-J | CWE-798, Use of Hard-Coded Credentials | ||
| MSC04-J | CWE-401, Improper Release of Memory before Removing Last Reference ("Memory Leak") | ||
| MSC05-J | CWE-400, Uncontrolled Resource Consumption ("Resource Exhaustion") | ||
| MSC05-J | CWE-770, Allocation of Resources without Limits or Throttling | ||
| MSC07-J | CWE-543, Use of Singleton Pattern without Synchronization in a Multithreaded Context | ||
| IDS50-J | CWE-116, Improper encoding or escaping of output | ||
| SEC58-J | CWE-502, Deserialization of Untrusted Data | ||
| STR51-J | CWE-838. Inappropriate Encoding for Output Context |