Use of Low-Level Functionality |
Weakness ID: 695 (Weakness Base) | Status: Incomplete |
Description Summary
The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.
Extended Description
The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.
Run the application with limited privileges. |
Harden the OS to enforce the least privilege principle. |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 573 | Failure to Follow Specification | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 111 | Direct Use of Unsafe JNI | Research Concepts (primary)1000 |
ParentOf | ![]() | 245 | J2EE Bad Practices: Direct Management of Connections | Research Concepts (primary)1000 |
ParentOf | ![]() | 246 | J2EE Bad Practices: Direct Use of Sockets | Research Concepts (primary)1000 |
ParentOf | ![]() | 383 | J2EE Bad Practices: Direct Use of Threads | Research Concepts (primary)1000 |
ParentOf | ![]() | 574 | EJB Bad Practices: Use of Synchronization Primitives | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 575 | EJB Bad Practices: Use of AWT Swing | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | ![]() | 576 | EJB Bad Practices: Use of Java I/O | Development Concepts (primary)699 Research Concepts (primary)1000 |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
36 | Using Unpublished Web Service APIs |