CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Application Data Modify Application Data
潜在缓解措施
阶段: Implementation
描述: Declare Java beans "local" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker.
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| 7 Pernicious Kingdoms | - | J2EE Misconfiguration: Unsafe Bean Declaration | - |
| Software Fault Patterns | SFP23 | Exposed Data | - |