CWE-239 |
The software does not properly handle when a particular element is not completely specified. |
CWE-24 |
The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize "../" sequences that can resolve to a location that is outside of that directory. |
CWE-240 |
The software does not handle or incorrectly handles when two or more structural elements should be consistent, but are not. |
CWE-241 |
The software does not handle or incorrectly handles when a particular element is not the expected type, e.g. it expects a digit (0-9) but is provided with a letter (A-Z). |
CWE-243 |
The program uses the chroot() system call to create a jail, but does not change the working directory afterward. This does not prevent access to files outside of the jail. |
CWE-244 |
Using realloc() to resize buffers that store sensitive information can leave the sensitive information exposed to attack, because it is not removed from memory. |
CWE-245 |
The J2EE application directly manages connections, instead of using the container's connection management facilities. |
CWE-246 |
The J2EE application directly uses sockets instead of using framework method calls. |
CWE-247 |
This entry has been deprecated because it was a duplicate of CWE-350. All content has been transferred to CWE-350. |
CWE-248 |
An exception is thrown from a function, but it is not caught. |