CWE-8

J2EE Misconfiguration: Entity Bean Declared Remote

AI Translation Available

When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

Status

incomplete

Abstraction

variant

Affected Platforms

Java

Technical Details

AI Translation

Common Consequences

confidentiality integrity

Impacts

read application data modify application data

Potential Mitigations

Phases:

implementation

Descriptions:

• Declare Java beans "local" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker.

AI Generated Translation

Common Consequences

riservatezza integrità

Impacts

leggere dati applicazione modificare dati applicazione

Potential Mitigations

Phases:

implementazione

Descriptions:

• Dichiara i Java beans come "local" quando possibile. Quando un bean deve essere accessibile da remoto, assicurati che le informazioni sensibili non siano esposte e garantisci che la logica dell'applicazione esegua una validazione appropriata di qualsiasi dato che potrebbe essere modificato da un attaccante.

CWE-8

Common Consequences

Impacts

Potential Mitigations

Common Consequences

Impacts

Potential Mitigations

Iscriviti alla newsletter