2021年12月4日16:23:42评论53 views字数 873阅读2分54秒阅读模式

Category-2: 7PK-环境

ID: 2
Status: Draft

Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."

Membership

ID	NAME
CWE-11	ASP.NET误配置：创建Debug模式二进制
CWE-12	ASP.NET误配置：缺少定制错误页面
CWE-13	ASP.NET误配置：配置文件中存储口令
CWE-14	编译器移除释放缓冲区的代码
CWE-5	J2EE误配置：未经加密的数据传输
CWE-6	J2EE误配置：会话ID长度不充分
CWE-7	J2EE误配置：缺少定制错误页面
CWE-8	J2EE误配置：实体Bean远程声明
CWE-9	J2EE误配置：EJB方法弱访问权限

文章来源于互联网:scap中文网

相关推荐: CWE-1110 设计文件不完整

CWE-1110 设计文件不完整 Incomplete Design Documentation 结构: Simple Abstraction: Base 状态: Incomplete 被利用可能性: unkown 基本描述 The product's des…

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-2: 7PK-环境

Category-2: 7PK-环境

Summary

Membership

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信