Overflow of static internal buffer
From OWASP
This Page has been flagged for review. Please help OWASP and review this Page to FixME.
Comment: No real edits since 2009
Comment: No real edits since 2009
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Last revision (mm/dd/yy): 09/3/2014
Vulnerabilities Table of Contents
Description
A non-final static field can be viewed and edited in dangerous ways.
Consequences
- Integrity: The object could potentially be tampered with.
- Confidentiality: The object could potentially allow the object to be read.
Exposure period
- Design through Implementation: This is a simple logical issue which can be easily remedied through simple protections.
Platform
- Languages: Java, C++
- Operating platforms: Any
Required resources
Any
Severity
Medium
Likelihood of exploit
High
Non-final fields, which are not public can be read and written to by arbitrary Java code.
Risk Factors
- Talk about the factors that make this vulnerability likely or unlikely to actually happen
- Discuss the technical impact of a successful exploit of this vulnerability
- Consider the likely [business impacts] of a successful attack
Examples
In C++:
public int password r = 45;
In Java:
static public String r;
This is a uninitiated static class which can be accessed without a get-accessor and changed without a set-accessor.
Related Attacks
Related Vulnerabilities
Related Controls
- Design through Implementation: Make any static fields private and final.
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
