CWE-487β€”Reliance on Package-level Scope

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-487
Abstraction:
Base
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Reliance on Package-level Scope

Description

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

Common Consequences

Scope:
Confidentiality
Impact:
Read Application Data
Notes:
Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
Scope:
Integrity
Impact:
Modify Application Data
Notes:
The data in a Java class can be modified by anyone outside of the Java framework if the package is distributed.

Related Weaknesses