CWE-487 - Reliance on Package-level Scope
CWE-487 Medium
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Incomplete
- Weakness Name
Reliance on Package-level Scope
- Description
Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.
- Common Consequences
Scope: Confidentiality
Impact: Read Application Data
Notes: Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
Scope: Integrity
Impact: Modify Application Data
Notes: The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed.
- Related Weaknesses
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2023-06-29
Free security scan for your website