Category: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 15. Platform Security (SEC)
Stable
Summary
Weaknesses in this category are related to the rules and recommendations in the Platform Security (SEC) section of the SEI CERT Oracle Secure Coding Standard for Java.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-266 | Incorrect Privilege Assignment | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-272 | Least Privilege Violation | The elevated privilege level required to perform operations such as chroot() should be dropped immediately after the operation is performed. |
| CWE-732 | Incorrect Permission Assignment for Critical Resource | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
| CWE-1133 | Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java | CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.