CWE-477: Use of Obsolete Function

BaseDraft

The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained.

View on MITRE
Back to CWE Lookup

Extended Description

As programming languages evolve, functions occasionally become obsolete due to: Advances in the language Improved understanding of how operations should be performed effectively and securely Changes in the conventions that govern certain operations Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-477: Use of Obsolete Function?+

CWE-477: Use of Obsolete Function is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The code uses deprecated or obsolete functions, which suggests that the code has not been actively reviewed or maintained. As programming languages evolve, functions occasionally become obsolete due to: Advances in the language Improved understanding of how operations should be performed effectively and securely Changes in the conventions that govern certain operations Functions that are removed are usually replaced by newer counterparts that perform the same task in some different and hopefully improved way.

What are the security consequences of Use of Obsolete Function?+

If exploited, CWE-477 (Use of Obsolete Function) it can compromise Other, leading to outcomes such as Quality Degradation.

How do you prevent or mitigate Use of Obsolete Function?+

Recommended mitigations for CWE-477 include: Refer to the documentation for the obsolete function in order to determine why it is deprecated or obsolete and to learn about alternative ways to achieve the same functionality. Consider seriously the security implications of using an obsolete function. Consider using alternate functions.

How is Use of Obsolete Function detected?+

CWE-477 can be detected using Automated Static Analysis - Binary or Bytecode, Dynamic Analysis with Manual Results Interpretation, Manual Static Analysis - Source Code, Automated Static Analysis - Source Code, Automated Static Analysis and Architecture or Design Review. Combining automated tooling with manual review typically yields the best coverage.

Which programming languages are affected by Use of Obsolete Function?+

CWE-477 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-477 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More