7PK - Environment

Debugging messages help attackers learn about the system and plan a form of attack.

An ASP .NET application must enable custom error pages in order to prevent attackers from mining information from the framework's built-in responses.

Storing a plaintext password in a configuration file allows anyone who can read the file access to the password-protected resource making them an easy target for attac...

Sensitive memory is cleared according to the source code, but compiler optimizations leave the memory untouched when it is not read from again, aka "dead store removal."

Information sent over a network can be compromised while in transit. An attacker may be able to read or modify the contents if the data are sent in plaintext or are we...

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to re...

The J2EE application is configured to use an insufficient session ID length.

The default error page of a web application should not display sensitive information about the product.

If elevated access rights are assigned to EJB methods, then an attacker can take advantage of the permissions to exploit the product.

This view (graph) organizes weaknesses using a hierarchical structure that is similar to that used by Seven Pernicious Kingdoms.