CWE-464 Addition of Data Structure Sentinel 0 Base High Details The accidental addition of a data-structure sentinel can cause serious programming logic problems.
CWE-481 Assigning instead of Comparing 0 Variant Low Details The code uses an operator for assignment when the intention was to perform a comparison.
CWE-483 Incorrect Block Delimitation 0 Base Low Details The code does not explicitly delimit a block that is intended to contain 2 or more statements, creating a logic error.
CWE-486 Comparison of Classes by Name 0 Variant High Details The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.
CWE-487 Reliance on Package-level Scope 0 Base Medium Details Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
CWE-492 Use of Inner Class Containing Sensitive Data 0 Variant Medium Details Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.
CWE-493 Critical Public Variable Without Final Modifier 0 Variant High Details The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values.
CWE-496 Public Data Assigned to Private Array-Typed Field 0 Variant - Details Assigning public data to a private array is equivalent to giving public access to the array.
CWE-498 Cloneable Class Containing Sensitive Information 0 Variant Medium Details The code contains a class with sensitive data, but the class is cloneable. The data can then be accessed by cloning the class.
CWE-500 Public Static Field Not Marked Final 0 Variant High Details An object contains a public static field that is not marked final, which might allow it to be modified in unexpected ways.
CWE-510 Trapdoor 0 Base - Details A trapdoor is a hidden piece of code that responds to a special input, allowing its user access to resources without passing through the normal security enforcement mechanism.
CWE-512 Spyware 0 Base - Details The product collects personally identifiable information about a human user or the user's activities, but the product accesses this information using other resources besides itself, and it does not require that user's explicit approval or direct input into the product.
CWE-516 DEPRECATED: Covert Timing Channel 0 Base - Details This weakness can be found at CWE-385.
CWE-536 Servlet Runtime Error Message Containing Sensitive Information 0 Variant - Details A servlet error message indicates that there exists an unhandled exception in your web application code and may provide useful information to an attacker.
CWE-537 Java Runtime Error Message Containing Sensitive Information 0 Variant - Details In many cases, an attacker can leverage the conditions that cause unhandled exception errors in order to gain unauthorized access to the system.
CWE-542 DEPRECATED: Information Exposure Through Cleanup Log Files 0 Variant - Details This entry has been deprecated because its abstraction was too low-level. See CWE-532.
CWE-543 Use of Singleton Pattern Without Synchronization in a Multithreaded Context 0 Variant - Details The product uses the singleton pattern when creating a resource within a multithreaded environment.
CWE-545 DEPRECATED: Use of Dynamic Class Loading 0 Variant - Details This weakness has been deprecated because it partially overlaps CWE-470, it describes legitimate programmer behavior, and other portions will need to be integrated into other entries.
CWE-546 Suspicious Comment 0 Variant - Details The code contains comments that suggest the presence of bugs, incomplete functionality, or weaknesses.
CWE-554 ASP.NET Misconfiguration: Not Using Input Validation Framework 0 Variant - Details The ASP.NET application does not use an input validation framework.
CWE-558 Use of getlogin() in Multithreaded Application 0 Variant - Details The product uses the getlogin() function in a multithreaded context, potentially causing it to return incorrect values.
CWE-560 Use of umask() with chmod-style Argument 0 Variant - Details The product calls umask() with an incorrect argument that is specified as if it is an argument to chmod().
CWE-568 finalize() Method Without super.finalize() 0 Variant - Details The product contains a finalize() method that does not call super.finalize().
CWE-572 Call to Thread run() instead of start() 0 Variant - Details The product calls a thread's run() method instead of calling start(), which causes the code to run in the thread of the caller instead of the callee.
CWE-574 EJB Bad Practices: Use of Synchronization Primitives 0 Variant - Details The product violates the Enterprise JavaBeans (EJB) specification by using thread synchronization primitives.