CWE-487Reliance on Package-level Scope

PUBLISHEDweakness recordMedium
released 2006-07-19 · last modified 2025-12-11

Metadata

CWE ID:
CWE-487
摘要:
Base
结构:
Simple
状态:
Incomplete
发布日期:
2006-07-19
更新日期:
2025-12-11

名称

Reliance on Package-level Scope

描述

Java packages are not inherently closed; therefore, relying on them for code security is not a good practice.

The purpose of package scope is to prevent accidental access by other parts of a program. This is an ease-of-software-development feature but not a security feature.

常见后果

范围:
Confidentiality
影响:
Read Application Data
注释:
Any data in a Java package can be accessed outside of the Java framework if the package is distributed.
范围:
Integrity
影响:
Modify Application Data
注释:
The data in a Java class can be modified by anyone outside of the Java framework if the package is distributed.

相关 CWE