Category: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)
Obsolete
Summary
Weaknesses in this category are related to rules in the Miscellaneous (MSC) chapter of The CERT Oracle Secure Coding Standard for Java (2011).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-259 | Use of Hard-coded Password | This vulnerability occurs when an application embeds a password directly into its source code or configuration files. This hard-coded secret is then used either to authenticate incoming users or to connect to external services and databases. |
| CWE-311 | Missing Encryption of Sensitive Data | This vulnerability occurs when an application stores or sends sensitive information without first encrypting it, leaving the data exposed. |
| CWE-330 | Use of Insufficiently Random Values | This vulnerability occurs when an application uses random values that are not sufficiently unpredictable in security-sensitive operations, making them easier for attackers to guess or calculate. |
| CWE-332 | Insufficient Entropy in PRNG | This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) doesn't have enough randomness (entropy) to start with, or isn't using enough during operation. This makes its outputs predictable, undermining both system stability and security. |
| CWE-333 | Improper Handling of Insufficient Entropy in TRNG | This vulnerability occurs when a system fails to properly manage the limited or unpredictable output rate of a true random number generator (TRNG), potentially causing failures, delays, or weakened security. |
| CWE-336 | Same Seed in Pseudo-Random Number Generator (PRNG) | This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) is repeatedly initialized with the same starting seed value. |
| CWE-337 | Predictable Seed in Pseudo-Random Number Generator (PRNG) | This vulnerability occurs when a Pseudo-Random Number Generator (PRNG) uses an easily guessable starting value, like the current system time or a process ID, to begin its sequence. |
| CWE-400 | Uncontrolled Resource Consumption | This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service. |
| CWE-401 | Missing Release of Memory after Effective Lifetime | This vulnerability occurs when a program allocates memory but fails to properly release it after it's no longer needed, causing a gradual accumulation of unused memory that can't be reclaimed by the system. |
| CWE-543 | Use of Singleton Pattern Without Synchronization in a Multithreaded Context | This vulnerability occurs when a singleton pattern is implemented in a multithreaded application without proper synchronization, potentially leading to multiple instances or corrupted state. |
| CWE-770 | Allocation of Resources Without Limits or Throttling | This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of it as a buffet with no rules on how much one person can take, eventually leaving nothing for others and causing the system to fail. |
| CWE-798 | Use of Hard-coded Credentials | This vulnerability occurs when software contains built-in, unchangeable authentication secrets like passwords or encryption keys within its source code or configuration files. |
| CWE-844 | Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011) | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" published in 2011. This view is considered obsolete as a newer version of the coding standard is available. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.