Category-4: J2EE环境问题
ID: 4 Status: Incomplete
Summary
J2EE framework related environment issues with security implications.
Membership
| ID | NAME |
|---|---|
| CWE-5 | J2EE误配置:未经加密的数据传输 |
| CWE-555 | J2EE误配置:在配置文件中明文存储口令 |
| CWE-6 | J2EE误配置:会话ID长度不充分 |
| CWE-7 | J2EE误配置:缺少定制错误页面 |
| CWE-8 | J2EE误配置:实体Bean远程声明 |
| CWE-9 | J2EE误配置:EJB方法弱访问权限 |
Taxonomy Mappings
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| OWASP Top Ten 2004 | A10 | Insecure Configuration Management |