CWE-245: J2EE Bad Practices: Direct Management of Connections

VariantDraft

The J2EE application directly manages connections, instead of using the container's connection management facilities.

View on MITRE
Back to CWE Lookup

Extended Description

The J2EE standard forbids the direct management of connections. It requires that applications use the container's resource management facilities to obtain connections to resources. Every major web application container provides pooled database connection management as part of its resource management framework. Duplicating this functionality in an application is difficult and error prone, which is part of the reason it is forbidden under the J2EE standard.

Technical Details

Structure
Simple

Applicable To

Languages
Java
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-245

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references