Category-1018: 管理用户会话
ID: 1018 Status: Draft
Summary
Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.
Membership
| ID | NAME |
|---|---|
| CWE-384 | 会话固定 |
| CWE-488 | 对错误会话暴露数据元素 |
| CWE-579 | J2EE不安全实践:将不可序列化的对象存储在会话中 |
| CWE-6 | J2EE误配置:会话ID长度不充分 |
| CWE-613 | 不充分的会话过期机制 |
| CWE-841 | 行为工作流的不恰当实施 |
References
REF-9 A Catalog of Security Architecture Weaknesses. REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.