CERT Rule | Related Guidelines |
---|---|
IDS00-J | CWE-116, Improper Encoding or Escaping of Output |
IDS01-J | CWE-289, Authentication bypass by alternate name |
IDS01-J | CWE-180, Incorrect behavior order: Validate before canonicalize |
IDS03-J | CWE-144, Improper neutralization of line delimiters |
IDS03-J | CWE-150, Improper neutralization of escape, meta, or control sequences |
IDS03-J | CWE-117, Improper Output Neutralization for Logs |
IDS04-J | CWE-409, Improper Handling of Highly Compressed Data (Data Amplification) |
IDS06-J | CWE-134, Uncontrolled Format String |
IDS07-J | CWE-78, Improper Neutralization of Special Elements Used in an OS Command ("OS Command Injection") |
IDS11-J | CWE-182, Collapse of Data into Unsafe Value |
IDS16-J | CWE-116, Improper Encoding or Escaping of Output |
IDS17-J | CWE-116, Improper Encoding or Escaping of Output |
EXP00-J | CWE-252, Unchecked Return Value |
EXP01-J | CWE-476, NULL Pointer Dereference |
EXP02-J | CWE-595, Comparison of Object References Instead of Object Contents |
EXP03-J | CWE-595, Comparison of Object References Instead of Object Contents |
EXP03-J | CWE-597, Use of Wrong Operator in String Comparison |
NUM00-J | CWE-682, Incorrect Calculation |
NUM00-J | CWE-190, Integer Overflow or Wraparound |
NUM00-J | CWE-191, Integer Underflow (Wrap or Wraparound) |
NUM02-J | CWE-369, Divide by Zero |
NUM12-J | CWE-681, Incorrect Conversion between Numeric Types |
NUM12-J | CWE-197, Numeric Truncation Error |
STR03-J | CWE-838, Inappropriate Encoding for Output Context |
OBJ01-J | CWE-766, Critical Variable Declared Public |
OBJ04-J | CWE-374, Passing Mutable Objects to an Untrusted Method |
OBJ04-J | CWE-375, Returning a Mutable Object to an Untrusted Caller |
OBJ05-J | CWE-375, Returning a Mutable Object to an Untrusted Caller |
OBJ08-J | CWE-492, Use of Inner Class Containing Sensitive Data |
OBJ09-J | CWE-486, Comparison of Classes by Name |
OBJ10-J | CWE-493, Critical Public Variable without Final Modifier |
OBJ10-J | CWE-500, Public Static Field Not Marked Final |
MET01-J | CWE-617, Reachable Assertion |
MET02-J | CWE-589, Call to Non-ubiquitous API |
MET04-J | CWE-487, Reliance on Package-Level Scope |
MET08-J | CWE-697, Insufficient Comparison |
MET09-J | CWE-581, Object Model Violation: Just One of equals and hashcode Defined |
MET10-J | CWE-573, Improper Following of Specification by Caller |
MET12-J | CWE-586, Explicit call to Finalize() CWE-583, finalize() Method Declared Public |
MET12-J | CWE-568, finalize() Method without super.finalize() |
ERR00-J | CWE-390, Detection of Error Condition without Action |
ERR01-J | CWE-209, Information Exposure through an Error Message |
ERR01-J | CWE-497, Exposure of System Data to an Unauthorized Control Sphere |
ERR01-J | CWE-600, Uncaught Exception in Servlet |
ERR03-J | CWE-460, Improper Cleanup on Thrown Exception |
ERR04-J | CWE-459, Incomplete Cleanup |
ERR04-J | CWE-584, Return Inside finally Block |
ERR05-J | CWE-248, Uncaught Exception CWE-460, Improper Cleanup on Thrown Exception |
ERR05-J | CWE-584, Return inside finally Block |
ERR05-J | CWE-705, Incorrect Control Flow Scoping CWE-754, Improper Check for Unusual or Exceptional Conditions |
ERR06-J | CWE-703, Improper Check or Handling of Exceptional Conditions |
ERR06-J | CWE-248, Uncaught Exception |
ERR07-J | CWE-397, Declaration of Throws for Generic Exception |
ERR09-J | CWE-382, J2EE Bad Practices: Use of System.exit() |
VNA00-J | CWE-413, Improper Resource Locking |
VNA00-J | CWE-567, Unsynchronized Access to Shared Data in a Multithreaded Context |
VNA00-J | CWE-667, Improper Locking |
VNA03-J | CWE-362, Concurrent Execution Using Shared Resource with Improper Synchronization ("Race Condition") |
VNA03-J | CWE-366, Race Condition within a Thread |
VNA03-J | CWE-662, Improper Synchronization |
VNA05-J | CWE-667, Improper Locking |
LCK00-J | CWE-412. Unrestricted externally accessible lock |
LCK05-J | CWE-820, Missing Synchronization |
LCK06-J | CWE-667, Improper Locking |
LCK07-J | CWE-833, Deadlock |
LCK08-J | CWE-883, Deadlock |
LCK10-J | CWE-609, Double-checked Locking |
THI00-J | CWE-572, Call to Thread run() instead of start() |
THI05-J | CWE-705, Incorrect Control Flow Scoping |
TPS00-J | CWE-405, Asymmetric Resource Consumption (Amplification) |
TPS00-J | CWE-410, Insufficient Resource Pool |
TPS03-J | CWE-392, Missing Report of Error Condition |
FIO00-J | CWE-67, Improper Handling of Windows Device Names |
FIO01-J | CWE-279, Incorrect Execution-Assigned Permissions |
FIO01-J | CWE-276, Incorrect Default Permissions |
FIO01-J | CWE-732, Incorrect Permission Assignment for Critical Resource |
FIO03-J | CWE-377, Insecure Temporary File |
FIO03-J | CWE-459, Incomplete Cleanup |
FIO04-J | CWE-404, Improper Resource Shutdown or Release |
FIO04-J | CWE-405, Asymmetric Resource Consumption (Amplification) |
FIO04-J | CWE-459, Incomplete Cleanup |
FIO04-J | CWE-770, Allocation of Resources without Limits or Throttling |
FIO09-J | CWE-252, Unchecked Return Value |
FIO10-J | CWE-135, Incorrect Calculation of Multi-byte String Length |
FIO12-J | CWE-198, Use of Incorrect Byte Ordering |
FIO13-J | CWE-359, Privacy Violation |
FIO13-J | CWE-532, Information Exposure through Log Files |
FIO13-J | CWE-533, Information Exposure through Server Log Files |
FIO13-J | CWE-542, Information Exposure through Cleanup Log Files |
FIO14-J | CWE-705, Incorrect Control Flow Scoping |
FIO16-J | CWE-171, Cleansing, Canonicalization, and Comparison Errors |
FIO16-J | CWE-647, Use of Non-canonical URL Paths for Authorization Decisions |
SER00-J | CWE-589, Call to Non-ubiquitous API |
SER01-J | CWE-502, Deserialization of Untrusted Data |
SER02-J | CWE-319, Cleartext Transmission of Sensitive Information |
SER03-J | CWE-499, Serializable Class Containing Sensitive Data |
SER03-J | CWE-502, Deserialization of Untrusted Data |
SER05-J | CWE-499, Serializable Class Containing Sensitive Data |
SER06-J | CWE-502, Deserialization of Untrusted Data |
SER07-J | CWE-502, "Deserialization of Untrusted Data" |
SER08-J | CWE-250, Execution with Unnecessary Privileges |
SER10-J | CWE-400, Uncontrolled Resource Consumption (aka "Resource Exhaustion") |
SER10-J | CWE-770, Allocation of Resources without Limits or Throttling |
SER12-J | CWE-502, Deserialization of Untrusted Data |
SEC00-J | CWE-266, Incorrect Privilege Assignment |
SEC00-J | CWE-272, Least Privilege Violation |
SEC01-J | CWE-266, Incorrect Privilege Assignment |
SEC01-J | CWE-272, Least Privilege Violation |
SEC01-J | CWE-732, Incorrect Permission Assignment for Critical Resource |
SEC02-J | CWE-302, Authentication Bypass by Assumed-Immutable Data |
SEC02-J | CWE-470, Use of Externally-Controlled Input to Select Classes or Code ("Unsafe Reflection") |
SEC06-J | CWE-300, Channel Accessible by Non-endpoint (aka "Man-in-the-Middle") |
SEC06-J | CWE-319, Cleartext Transmission of Sensitive Information |
SEC06-J | CWE-347, Improper Verification of Cryptographic Signature |
SEC06-J | CWE-494, Download of Code without Integrity Check |
ENV01-J | CWE-349, Acceptance of Extraneous Untrusted Data with Trusted Data |
ENV03-J | CWE-732, Incorrect Permission Assignment for Critical Resource |
JNI00-J | CWE-111, Direct Use of Unsafe JNI |
MSC00-J | CWE-311, Failure to Encrypt Sensitive Data |
MSC02-J | CWE-327, Use of a Broken or Risky Cryptographic Algorithm |
MSC02-J | CWE-330, Use of Insufficiently Random Values CWE-332, Insufficient Entropy in PRNG CWE-336, Same Seed in PRNG CWE-337, Predictable Seed in PRNG |
MSC03-J | CWE-259, Use of Hard-Coded Password |
MSC03-J | CWE-798, Use of Hard-Coded Credentials |
MSC04-J | CWE-401, Improper Release of Memory before Removing Last Reference ("Memory Leak") |
MSC05-J | CWE-400, Uncontrolled Resource Consumption ("Resource Exhaustion") |
MSC05-J | CWE-770, Allocation of Resources without Limits or Throttling |
IDS50-J | CWE-116, Improper encoding or escaping of output |
SEC58-J | CWE-502, Deserialization of Untrusted Data |
STR51-J | CWE-838. Inappropriate Encoding for Output Context |