CWE-382: J2EE Bad Practices: Use of System.exit()

Architecture and Design

Separation of Privilege

The shutdown function should be a privileged function available only to a properly authorized administrative user

CWE-382: J2EE Bad Practices: Use of System.exit()

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

Included in the doPost() method defined below is a call to System.exit() in the event of a specific exception.

Vulnerable example

java

Public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

CWE-382: J2EE Bad Practices: Use of System.exit()

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-382?

Is CWE-382 part of the OWASP Top 10?

How do you prevent CWE-382?

How is CWE-382 detected?

What are the consequences of CWE-382?

References

Stay ahead of CWE-382

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-382?

Is CWE-382 part of the OWASP Top 10?

How do you prevent CWE-382?

How is CWE-382 detected?

What are the consequences of CWE-382?

References

Stay ahead of CWE-382