When an application exposes a remote interface for an entity bean, it might also expose methods that get or set the bean's data. These methods could be leveraged to read sensitive information, or to change data in ways that violate the application's expectations, potentially leading to other vulnerabilities.

What are the consequences of CWE-8?

Exploiting CWE-8 can lead to: Read Application Data, Modify Application Data.

CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote

Declare Java beans "local" when possible. When a bean must be remotely accessible, make sure that sensitive information is not exposed, and ensure that the application logic performs appropriate validation of any data that might be modified by an attacker.

CWE-8: J2EE Misconfiguration: Entity Bean Declared Remote

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-8?

How do you prevent CWE-8?

What are the consequences of CWE-8?

References

Stay ahead of CWE-8

Overview

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-8?

How do you prevent CWE-8?

What are the consequences of CWE-8?

References

Stay ahead of CWE-8