CWE-246: J2EE Bad Practices: Direct Use of Sockets

VariantDraft

The J2EE application directly uses sockets instead of using framework method calls.

View on MITRE
Back to CWE Lookup

Extended Description

The J2EE standard permits the use of sockets only for the purpose of communication with legacy systems when no higher-level protocol is available. Authoring your own communication protocol requires wrestling with difficult security issues. Without significant scrutiny by a security expert, chances are good that a custom communication protocol will suffer from security problems. Many of the same issues apply to a custom implementation of a standard protocol. While there are usually more resources available that address security concerns related to implementing a standard protocol, these resources are also available to attackers.

Technical Details

Structure
Simple

Applicable To

Languages
Java
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-246

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references