CWE-487 - Reliance on Package-level Scope

CWE-487 Medium

Abstraction:
Base

Structure:
Simple

Status:
Incomplete

Weakness Name: Reliance on Package-level Scope

Description: Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.
The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Common Consequences: Scope: Confidentiality
Impact: Read Application Data
Notes: Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
Scope: Integrity
Impact: Modify Application Data
Notes: The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed.

Related Weaknesses: CWE-664Improper Control of a Resource Through its Lifetime

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard