J2EE Framework: Saving Unserializable Objects to Disk| ID: 594 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Variant |
Description
When the J2EE container attempts to write unserializable
objects to disk there is no guarantee that the process will complete
successfully.
Applicable PlatformsLanguage: Java
Time Of Introduction
- Architecture and Design
- Implementation
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Integrity | Modify application
data | Data represented by unserializable objects can be corrupted. |
| Availability | DoS: crash / exit /
restart | Non-serializability of objects can lead to system crash. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Architecture and DesignImplementation | | All objects that become part of session and application scope must
implement the java.io.Serializable interface to ensure serializability
of containing objects. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-594 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following Java example, a Customer Entity JavaBean provides
access to customer information in a database for a business application. The
Customer Entity JavaBean is used as a session scoped object to return
customer information to a Session EJB.
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:None
