CWE-594 |
When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully. |
CWE-595 |
The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects. |
CWE-596 |
This weakness has been deprecated. It was poorly described and difficult to distinguish from other entries. It was also inappropriate to assign a separate ID solely because of domain-specific considerations. Its closest equivalent is CWE-1023. |
CWE-597 |
The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead. |
CWE-598 |
The web application uses the HTTP GET method to process a request and includes sensitive information in the query string of that requests. |
CWE-599 |
The software uses OpenSSL and trusts or uses a certificate without using the SSL_get_verify_result() function to ensure that the certificate satisfies all necessary security requirements. |
CWE-6 |
The J2EE application is configured to use an insufficient session ID length. |
CWE-600 |
The Servlet does not catch all exceptions, which may reveal sensitive debugging information. |
CWE-601 |
A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. |
CWE-602 |
The software is composed of a server that relies on the client to implement a mechanism that is intended to protect the server. |