CWE-484 |
The program omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition. |
CWE-486 |
The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name. |
CWE-488 |
The product does not sufficiently enforce boundaries between the states of different sessions, causing data to be provided to, or used by, the wrong session. |
CWE-489 |
The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information. |
CWE-49 |
A software system that accepts path input in the form of trailing slash ('filedir/') without appropriate validation can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files. |
CWE-491 |
A class has a cloneable() method that is not declared final, which allows an object to be created without calling the constructor. This can cause the object to be in an unexpected state. |
CWE-492 |
Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers. |
CWE-493 |
The product has a critical public variable that is not final, which allows the variable to be modified to contain unexpected values. |
CWE-494 |
The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. |
CWE-495 |
The product has a method that is declared public, but returns a reference to a private data structure, which could then be modified in unexpected ways. |