J2EE Misconfiguration: Entity Bean Declared Remote

Incomplete Variant

Structure: Simple

Description

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read Application DataModify Application Data

Potential Mitigations 1

Phase: Implementation

Declare Java beans "local" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker.

Demonstrative Examples 1

The following example demonstrates the weakness.

Code Example:Bad
XML
xml

References 1

Seven Pernicious Kingdoms: A Taxonomy of Software Security Errors

Katrina Tsipenyuk, Brian Chess, and Gary McGraw

NIST Workshop on Software Security Assurance Tools Techniques and Metrics • NIST

07-11-2005

https://samate.nist.gov/SSATTM_Content/papers/Seven%20Pernicious%20Kingdoms%20-%20Taxonomy%20of%20Sw%20Security%20Errors%20-%20Tsipenyuk%20-%20Chess%20-%20McGraw.pdf

ID: REF-6

Modes of Introduction

Architecture and Design

Implementation

Related Weaknesses

ChildOf:

Exposure of Resource to Wrong Sphere (CWE-668)

Taxonomy Mapping

7 Pernicious Kingdoms
Software Fault Patterns

Notes

OtherEntity beans that expose a remote interface become part of an application's attack surface. For performance reasons, an application should rarely use remote entity beans, so there is a good chance that a remote entity bean declaration is an error.