7PK - Environment
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."
Weaknesses
Debugging messages help attackers learn about the system and plan a form of attack.
An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.
Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attac...
Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."
Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are we...
When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to re...
The J2EE application is configured to use an insufficient session ID length.
The default error page of a web application should not display sensitive information about the product.
If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.
Concepts
This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.
See Also
- Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors
NIST Workshop on Software Security Assurance Tools Techniques and Metrics
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.