Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE CATEGORY:The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
Category ID:859
Vulnerability Mapping:Prohibited
Status:Obsolete
DetailsContent HistoryObserved CVE ExamplesReports
▼Summary

Weaknesses in this category are related to rules in the Platform Security (SEC) chapter of The CERT Oracle Secure Coding Standard for Java (2011).

▼Membership
NatureMappingTypeIDName
MemberOfProhibitedV844Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
HasMemberAllowedV111Direct Use of Unsafe JNI
HasMemberAllowedB266Incorrect Privilege Assignment
HasMemberAllowedB272Least Privilege Violation
HasMemberDiscouragedC300Channel Accessible by Non-Endpoint
HasMemberAllowedB302Authentication Bypass by Assumed-Immutable Data
HasMemberAllowedB319Cleartext Transmission of Sensitive Information
HasMemberAllowedB347Improper Verification of Cryptographic Signature
HasMemberAllowedB470Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
HasMemberAllowedB494Download of Code Without Integrity Check
HasMemberAllowed-with-ReviewC732Incorrect Permission Assignment for Critical Resource
HasMemberAllowedB807Reliance on Untrusted Inputs in a Security Decision
Nature: MemberOf
Mapping: Prohibited
Type: View
ID: 844
Name: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)
Nature: HasMember
Mapping: Allowed
Type: Variant
ID: 111
Name: Direct Use of Unsafe JNI
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 266
Name: Incorrect Privilege Assignment
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 272
Name: Least Privilege Violation
Nature: HasMember
Mapping: Discouraged
Type: Class
ID: 300
Name: Channel Accessible by Non-Endpoint
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 302
Name: Authentication Bypass by Assumed-Immutable Data
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 319
Name: Cleartext Transmission of Sensitive Information
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 347
Name: Improper Verification of Cryptographic Signature
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 470
Name: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 494
Name: Download of Code Without Integrity Check
Nature: HasMember
Mapping: Allowed-with-Review
Type: Class
ID: 732
Name: Incorrect Permission Assignment for Critical Resource
Nature: HasMember
Mapping: Allowed
Type: Base
ID: 807
Name: Reliance on Untrusted Inputs in a Security Decision
▼Vulnerability Mapping Notes
Usage:Prohibited
Reason:
Rationale:

This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.

Comments:

See member weaknesses of this category.

▼Notes
▼Taxonomy Mappings
Taxonomy NameEntry IDFitEntry Name
▼References
Reference ID: REF-813
Title: The CERT Oracle Coding Standard for Java
Version: v4.15
Author: Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Publication:
Publisher:Addison-Wesley Professional
Edition:1st Edition
URL:
URL Date:
Day:18
Month:09
Year:2011
Details not found