Category: SFP Secondary Cluster: Insecure Session Management
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Insecure Session Management cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-488 | Exposure of Data Element to Wrong Session | This vulnerability occurs when an application fails to properly isolate data between different user sessions, allowing information from one user's session to leak into another's. |
| CWE-524 | Use of Cache Containing Sensitive Information | This vulnerability occurs when an application stores sensitive data in a cache that is accessible to unauthorized users or external systems. |
| CWE-6 | J2EE Misconfiguration: Insufficient Session-ID Length | This vulnerability occurs when a J2EE application uses session identifiers that are too short, making them easier for attackers to predict or capture. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.