Category-1018: 管理用户会话

  • A+
所属分类:CWE(弱点枚举)

Category-1018: 管理用户会话

ID: 1018
Status: Draft

Summary

Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.

Membership

ID NAME
CWE-384 会话固定
CWE-488 对错误会话暴露数据元素
CWE-579 J2EE不安全实践:将不可序列化的对象存储在会话中
CWE-6 J2EE误配置:会话ID长度不充分
CWE-613 不充分的会话过期机制
CWE-841 行为工作流的不恰当实施

References

REF-9 A Catalog of Security Architecture Weaknesses.
REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: