Category: SFP Secondary Cluster: Other Exposures
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Other Exposures cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-453 | Insecure Default Variable Initialization | This vulnerability occurs when software sets an internal variable to an insecure or unnecessarily weak default value during initialization, rather than using the most secure option available. |
| CWE-487 | Reliance on Package-level Scope | This weakness occurs when a Java application mistakenly treats package-level access as a security boundary, assuming it can prevent unauthorized access to code. |
| CWE-492 | Use of Inner Class Containing Sensitive Data | Using inner classes to handle sensitive data can unintentionally expose that data because of how Java compiles them. The compiler transforms inner classes into separate, package-visible classes, which can bypass the intended private access restrictions. |
| CWE-525 | Use of Web Browser Cache Containing Sensitive Information | This vulnerability occurs when a web application fails to implement secure caching directives, allowing sensitive user data or pages to be stored in the browser's cache where unauthorized parties could retrieve them. |
| CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | This vulnerability occurs when a web application transmits sensitive cookies over an HTTPS connection but fails to set the 'Secure' attribute on those cookies. |
| CWE-651 | Exposure of WSDL File Containing Sensitive Information | This vulnerability occurs when a Web Service Definition Language (WSDL) file, which acts as a public blueprint for a web service, is exposed in a way that reveals sensitive information about the application's internal structure or functionality. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.