CWE-486: Comparison of Classes by Name

VariantDraftExploit Likelihood: High

The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.

View on MITRE

Back to CWE Lookup

Extended Description

If the decision to trust the methods and data of an object is based on the name of a class, it is possible for malicious users to send objects of the same name as trusted classes and thereby gain the trust afforded to known classes and types.

Technical Details

Structure: Simple

Applicable To

Languages

Java

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-486

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references