CWE

J2EE Bad Practices: Direct Use of Sockets

ID: 246		Date: (C)2012-05-14   (M)2022-10-10
Type: weakness		Status: DRAFT
Abstraction Type: Variant

Description

The J2EE application directly uses sockets instead of using framework method calls.

Applicable Platforms
Language: Java

Time Of Introduction

• Architecture and Design
• Implementation

Common Consequences

Scope	Technical Impact	Notes
Other	Quality degradation

Detection Methods
None

Potential Mitigations

Phase	Strategy	Description	Effectiveness	Notes
Architecture and Design		Use framework method calls instead of using sockets directly.

Relationships

Related CWE	Type	View	Chain
CWE-246 ChildOf CWE-887	Category	CWE-888

Demonstrative Examples   (Details)

1. In the following example, a Socket object is created directly from within the body of a doGet() method in a Java servlet.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
7 Pernicious Kingdoms		J2EE Bad Practices: Sockets

References:
None