Category-1018: 管理用户会话

ID: 1018 Status: Draft


Weaknesses in this category are related to the design and architecture of session managment. Frequently these deal with the information or status about each user and their access rights for the duration of multiple requests. The weaknesses in this category could lead to a degradation of the quality of session managment if they are not addressed when designing or implementing a secure architecture.


CWE-384 会话固定
CWE-488 对错误会话暴露数据元素
CWE-579 J2EE不安全实践:将不可序列化的对象存储在会话中
CWE-6 J2EE误配置:会话ID长度不充分
CWE-613 不充分的会话过期机制
CWE-841 行为工作流的不恰当实施


REF-9 A Catalog of Security Architecture Weaknesses. REF-10 Understanding Software Vulnerabilities Related to Architectural Security Tactics: An Empirical Investigation of Chromium, PHP and Thunderbird.