Category: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 07. Exceptional Behavior (ERR)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Exceptional Behavior (ERR) section of the SEI CERT Oracle Secure Coding Standard for Java.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-248 | Uncaught Exception | This vulnerability occurs when a function throws an error or exception, but the calling code does not have a proper handler to catch and manage it. |
| CWE-382 | J2EE Bad Practices: Use of System.exit() | This vulnerability occurs when a J2EE application directly calls System.exit(), which forcibly terminates the entire application server process, not just the application itself. |
| CWE-397 | Declaration of Throws for Generic Exception | This vulnerability occurs when a method is declared to throw an overly broad exception type, such as a generic 'Exception' or 'Throwable'. This practice masks the specific error conditions that can occur, making it difficult for calling code to handle failures appropriately. |
| CWE-459 | Incomplete Cleanup | This vulnerability occurs when an application fails to properly remove temporary files, data structures, or system resources after they are no longer needed. |
| CWE-460 | Improper Cleanup on Thrown Exception | This vulnerability occurs when a program fails to properly restore its state or release resources after an exception is thrown, leaving the application in an inconsistent or unexpected condition. |
| CWE-584 | Return Inside Finally Block | This vulnerability occurs when a function places a return statement inside a finally block. This dangerous pattern silently discards any unhandled exceptions thrown earlier in the try block, making errors invisible and undermining application stability. |
| CWE-703 | Improper Check or Handling of Exceptional Conditions | This vulnerability occurs when software fails to properly plan for or manage rare but possible error scenarios, leaving it unprepared for unexpected events that can disrupt normal operation. |
| CWE-705 | Incorrect Control Flow Scoping | This vulnerability occurs when a program fails to return execution to the correct point in the code after finishing a specific operation or handling an error. Instead of resuming normal flow, it may jump to an unintended location, leading to unpredictable behavior or security issues. |
| CWE-754 | Improper Check for Unusual or Exceptional Conditions | This weakness occurs when software fails to properly anticipate and handle rare or unexpected runtime situations that fall outside normal operation. |
| CWE-1133 | Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.