2021年12月4日16:23:42评论57 views字数 873阅读2分54秒阅读模式

Category-2: 7PK-环境

ID: 2
Status: Draft

Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."

Membership

ID	NAME
CWE-11	ASP.NET误配置：创建Debug模式二进制
CWE-12	ASP.NET误配置：缺少定制错误页面
CWE-13	ASP.NET误配置：配置文件中存储口令
CWE-14	编译器移除释放缓冲区的代码
CWE-5	J2EE误配置：未经加密的数据传输
CWE-6	J2EE误配置：会话ID长度不充分
CWE-7	J2EE误配置：缺少定制错误页面
CWE-8	J2EE误配置：实体Bean远程声明
CWE-9	J2EE误配置：EJB方法弱访问权限

文章来源于互联网:scap中文网

相关推荐: CWE-1110 设计文件不完整

CWE-1110 设计文件不完整 Incomplete Design Documentation 结构: Simple Abstraction: Base 状态: Incomplete 被利用可能性: unkown 基本描述 The product's des…

免责声明:文章中涉及的程序(方法)可能带有攻击性，仅供安全研究与教学之用，读者将其信息做其他用途，由读者承担全部法律及连带责任，本站不承担任何法律及连带责任；如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截，联系方式见首页)，望知悉。

左青龙
微信扫一扫

右白虎
微信扫一扫

Category-2: 7PK-环境

Category-2: 7PK-环境

Summary

Membership

View-999: Weaknesses without Software Fault Patterns

View-884: CWE Cross-section

View-868: Weaknesses Addressed by the SEI CERT C++ Coding Standard (2016 Version)

View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

View-809: Weaknesses in OWASP Top Ten (2010)

View-800: Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors

View-750: Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

View-734: Weaknesses Addressed by the CERT C Secure Coding Standard (2008)

View-711: Weaknesses in OWASP Top Ten (2004)

View-709: Named Chains

发表评论

在线咨询

微信