Category-858: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)

ID: 858 Status: Obsolete

Summary

Weaknesses in this category are related to rules in the Serialization (SER) chapter of The CERT Oracle Secure Coding Standard for Java (2011).

Membership

ID NAME
CWE-250 带着不必要的权限执行
CWE-319 敏感数据的明文传输
CWE-400 未加控制的资源消耗(资源穷尽)
CWE-499 可序列化的类中包含敏感信息
CWE-502 可信数据的反序列化
CWE-589 对非普适API的调用
CWE-770 不加限制或调节的资源分配

References

REF-813 The CERT Oracle Coding Standard for Java