| CWE-379 |
The software creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file. |
| CWE-38 |
A software system that accepts input in the form of a backslash absolute path ('\absolute\pathname\here') without appropriate validation can allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
| CWE-382 |
A J2EE application uses System.exit(), which also shuts down its container. |
| CWE-383 |
Thread management in a Web application is forbidden in some circumstances and is always highly error prone. |
| CWE-384 |
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions. |
| CWE-385 |
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information. |
| CWE-386 |
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time. |
| CWE-39 |
An attacker can inject a drive letter or Windows volume letter ('C:dirname') into a software system to potentially redirect access to an unintended location or arbitrary file. |
| CWE-390 |
The software detects a specific error, but takes no actions to handle the error. |
| CWE-391 |
[PLANNED FOR DEPRECATION. SEE MAINTENANCE NOTES.] Ignoring exceptions and other error conditions may allow an attacker to induce unexpected behavior unnoticed. |
