Use of Low-Level Functionality
Weakness ID: 695 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.

Extended Description

The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Potential Mitigations

Run the application with limited privileges.

Harden the OS to enforce the least privilege principle.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class573Failure to Follow Specification
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base111Direct Use of Unsafe JNI
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant245J2EE Bad Practices: Direct Management of Connections
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant246J2EE Bad Practices: Direct Use of Sockets
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant383J2EE Bad Practices: Direct Use of Threads
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant574EJB Bad Practices: Use of Synchronization Primitives
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant575EJB Bad Practices: Use of AWT Swing
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant576EJB Bad Practices: Use of Java I/O
Development Concepts (primary)699
Research Concepts (primary)1000
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
36Using Unpublished Web Service APIs
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2009-03-10CWE Content TeamMITREInternal
updated Related Attack Patterns