Category: SFP Secondary Cluster: Other Exposures
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Other Exposures cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-453 | Insecure Default Variable Initialization | The product, by default, initializes an internal variable with an insecure or less secure value than is possible. |
| CWE-487 | Reliance on Package-level Scope | Java packages are not inherently closed; therefore, relying on them for code security is not a good practice. |
| CWE-492 | Use of Inner Class Containing Sensitive Data | Inner classes are translated into classes that are accessible at package scope and may expose code that the programmer intended to keep private to attackers. |
| CWE-525 | Use of Web Browser Cache Containing Sensitive Information | The web application does not use an appropriate caching policy that specifies the extent to which each web page and associated form fields should be cached. |
| CWE-614 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute | The Secure attribute for sensitive cookies in HTTPS sessions is not set. |
| CWE-651 | Exposure of WSDL File Containing Sensitive Information | The Web services architecture may require exposing a Web Service Definition Language (WSDL) file that contains information on the publicly accessible services and how callers of these services should interact with them (e.g. what parameters they expect and what types they return). |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.