Category: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
Obsolete
Summary
Weaknesses in this category are related to rules in the Locking (LCK) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-412 | Unrestricted Externally Accessible Lock | This vulnerability occurs when a system correctly checks for a lock's existence, but an unauthorized external actor can control or influence that lock. |
| CWE-413 | Improper Resource Locking | This vulnerability occurs when an application fails to properly lock a shared resource, such as a file or memory location, before performing operations that require exclusive access. |
| CWE-609 | Double-Checked Locking | Double-checked locking is an insufficient synchronization pattern where a program checks a resource's state, acquires a lock, and checks the state again before initialization, failing to guarantee thread safety across all systems. |
| CWE-667 | Improper Locking | This vulnerability occurs when a program fails to correctly acquire or release a lock on a shared resource, such as a file, database record, or memory location. This improper synchronization allows other processes or threads to interfere, leading to corrupted data, crashes, or unpredictable behavior. |
| CWE-820 | Missing Synchronization | This vulnerability occurs when multiple parts of your application (like threads or processes) use the same resource—such as a variable, file, or data structure—without proper coordination to control who accesses it and when. |
| CWE-833 | Deadlock | Deadlock occurs when two or more threads or processes become permanently stuck, each waiting for the other to release a shared resource like a lock or mutex, preventing any of them from progressing. |
| CWE-844 | Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" published in 2011. This view is considered obsolete as a newer version of the coding standard is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.