2021年11月11日20:20:40评论45 views字数 723阅读2分24秒阅读模式

Category-1018: 管理用户会话

ID: 1018
Status: Draft

Summary

Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.

Membership

ID	NAME
CWE-384	会话固定
CWE-488	对错误会话暴露数据元素
CWE-579	J2EE不安全实践：将不可序列化的对象存储在会话中
CWE-6	J2EE误配置：会话ID长度不充分
CWE-613	不充分的会话过期机制
CWE-841	行为工作流的不恰当实施

References

REF-9 A Catalog of Security Architecture Weaknesses.
REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.

文章来源于互联网:scap中文网

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-1018: 管理用户会话

Category-1018: 管理用户会话

Summary

Membership

References

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信