Category-2: 7PK-环境

ID: 2 Status: Draft

Summary

This category represents one of the phyla in the Seven Pernicious Kingdoms vulnerability classification. It includes weaknesses that are typically introduced during unexpected environmental conditions. According to the authors of the Seven Pernicious Kingdoms, "This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms."

Membership

ID	NAME
CWE-11	ASP.NET误配置：创建Debug模式二进制
CWE-12	ASP.NET误配置：缺少定制错误页面
CWE-13	ASP.NET误配置：配置文件中存储口令
CWE-14	编译器移除释放缓冲区的代码
CWE-5	J2EE误配置：未经加密的数据传输
CWE-6	J2EE误配置：会话ID长度不充分
CWE-7	J2EE误配置：缺少定制错误页面
CWE-8	J2EE误配置：实体Bean远程声明
CWE-9	J2EE误配置：EJB方法弱访问权限