Category: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 06. Methods (MET)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Methods (MET) section of the SEI CERT Oracle Secure Coding Standard for Java.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-568 | finalize() Method Without super.finalize() | This vulnerability occurs when a Java class overrides the finalize() method but fails to call super.finalize() within it. |
| CWE-573 | Improper Following of Specification by Caller | This weakness occurs when software fails to properly follow the documented rules, protocols, or requirements of an external component it uses, such as a library, API, framework, or platform. |
| CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | This vulnerability occurs when a Java class defines either the equals() method or the hashCode() method, but not both, breaking a fundamental contract of object equality. |
| CWE-583 | finalize() Method Declared Public | This vulnerability occurs when a Java class declares its finalize() method as public, violating secure coding practices for mobile code. |
| CWE-586 | Explicit Call to Finalize() | This vulnerability occurs when code directly calls an object's finalize() method from outside its designated finalizer context. |
| CWE-589 | Call to Non-ubiquitous API | This vulnerability occurs when software relies on an operating system function that isn't available on all versions of the target platform. This can cause crashes, unexpected behavior, or security failures when the software runs in an environment where the API is missing. |
| CWE-617 | Reachable Assertion | A reachable assertion occurs when an attacker can trigger an assert() statement or similar debugging check, causing the application to crash or behave in a more disruptive way than intended. This turns a helpful development tool into a denial-of-service vulnerability. |
| CWE-697 | Incorrect Comparison | This weakness occurs when a security-critical decision relies on a flawed comparison between two pieces of data. The incorrect logic can create a gap that attackers exploit to bypass checks or trigger unintended behavior. |
| CWE-1133 | Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.