Thread management in a Web application is forbidden in some circumstances and is always highly error prone.
View on MITREThread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.
For EJB, use framework approaches for parallel execution, instead of using threads.
No detection method information available for this CWE.
In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.
No relationship information available for this CWE.
CWE-383: J2EE Bad Practices: Direct Use of Threads is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Thread management in a Web application is forbidden in some circumstances and is always highly error prone. Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.
If exploited, CWE-383 (J2EE Bad Practices: Direct Use of Threads) it can compromise Other, leading to outcomes such as Quality Degradation.
Recommended mitigations for CWE-383 include: For EJB, use framework approaches for parallel execution, instead of using threads.
CWE-383 commonly affects Java. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-383 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.