logo

CWE-487 - Reliance on Package-level Scope

CWE-487 Medium

  • Abstraction:
  • Base
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Reliance on Package-level Scope

Description

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Common Consequences

Scope: Confidentiality

Impact: Read Application Data

Notes: Any data in a Java package can be accessed outside of the Java framework if the package is distributed.

Scope: Integrity

Impact: Modify Application Data

Notes: The data in a Java class can be modified by anyone outside of the Java framework if the packages is distributed.

Related Weaknesses
  • Release Date:
  • 2006-07-19
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website