Category: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
Obsolete
Summary
Weaknesses in this category are related to rules in the Methods (MET) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-487 | Reliance on Package-level Scope | This weakness occurs when a Java application mistakenly treats package-level access as a security boundary, assuming it can prevent unauthorized access to code. |
| CWE-568 | finalize() Method Without super.finalize() | This vulnerability occurs when a Java class overrides the finalize() method but fails to call super.finalize() within it. |
| CWE-573 | Improper Following of Specification by Caller | This weakness occurs when software fails to properly follow the documented rules, protocols, or requirements of an external component it uses, such as a library, API, framework, or platform. |
| CWE-581 | Object Model Violation: Just One of Equals and Hashcode Defined | This vulnerability occurs when a Java class defines either the equals() method or the hashCode() method, but not both, breaking a fundamental contract of object equality. |
| CWE-583 | finalize() Method Declared Public | This vulnerability occurs when a Java class declares its finalize() method as public, violating secure coding practices for mobile code. |
| CWE-586 | Explicit Call to Finalize() | This vulnerability occurs when code directly calls an object's finalize() method from outside its designated finalizer context. |
| CWE-589 | Call to Non-ubiquitous API | This vulnerability occurs when software relies on an operating system function that isn't available on all versions of the target platform. This can cause crashes, unexpected behavior, or security failures when the software runs in an environment where the API is missing. |
| CWE-617 | Reachable Assertion | A reachable assertion occurs when an attacker can trigger an assert() statement or similar debugging check, causing the application to crash or behave in a more disruptive way than intended. This turns a helpful development tool into a denial-of-service vulnerability. |
| CWE-844 | Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" published in 2011. This view is considered obsolete as a newer version of the coding standard is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.