SFP Secondary Cluster: Other Exposures
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Summary
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
This category identifies Software Fault Patterns (SFPs) within the Other Exposures cluster.
Weaknesses
The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how ...
The product, by default, initializes an internal variable with an insecure or less secure value than is possible.
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the user agent to send those cookies in plaintext over an HTTP session.
Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers.
The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached.
Concepts
CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).
Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.